Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log: sirefef / zeroaccess


  • This topic is locked This topic is locked
18 replies to this topic

#1 Homer T Nacho Cheese

Homer T Nacho Cheese

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 01 August 2012 - 09:11 PM

Sorry, I broke bleepingcomputer.com's protocols on this. I ran combofix without advice from those at this site. This is where I was directed to run this tool: http://malwaretips.com/Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide

Anyways, I am well aware I could brick my parent's computer using this tool, which was an acceptable risk, as plan B was to just load Windows onto a clean new hard disk and restore "important" files from backup.

I understand that there is a good deal of secrecy trying to be kept around results interpretation, and even though I have been in IT for 15 years, I cannot be too sure how to interpret these results. Just trying to find any information on interpretation was impossible, and apparently for good reason. I was curious about the Find3M Report section, but perhaps that is need-to-know, and I am not in the need-to-know anyways.

Hopefully someone can be of help in interpretation. Parents were only running MS Security Essentials, which was broken, likely from the malware. Uninstalled and reinstalled, no reboot needed. Then I was able to determine which malware was running. From the website that I posted in the first paragraph, I performed step 1 (some ESET tools), then skipped steps 2 (combofix) and 3 (hitman), and proceeded with step 4 (malwarebytes). Few days later when I had time I ran combofix (results attached), then hitman, then malwarebytes again. 2nd run of malwarebytes found 0 malicious items.

Judging by subsequent scans after combofix coming up with nothing, I am 95% confident that all is well, but this is a rootkit, and I just need to be sure.

Attached File  combofix results.txt   9.06KB   3 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 06 August 2012 - 09:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463492 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 AM

Posted 08 August 2012 - 08:01 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 AM

Posted 11 August 2012 - 12:33 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 13 August 2012 - 07:31 AM

I have not been able to continue, yet. My parents failed to leave their computer on, so I have been unable to remote in to continue. They should be back by today, so I will see if I can get on...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 AM

Posted 13 August 2012 - 12:52 PM

OK no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 AM

Posted 16 August 2012 - 07:42 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:04 AM

I am going through the steps on the parent's 'puter now...

#9 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:10 AM

Here are the contents of the Security Check's log:


Results of screen317's Security Check version 0.99.44
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#10 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:23 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Scheele at 9:12:11 on 2012-08-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1284 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\Documents and Settings\Scheele\Local Settings\Temporary Internet Files\Content.IE5\HI1A6VCG\Defogger[1].exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.digtriad.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\scheele\startm~1\programs\startup\_unins~1.lnk - c:\documents and settings\scheele\local settings\temp\_uninst_20966211.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288268130375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288268200015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{ACEDA28C-94FB-4625-ABA0-F446F056CB44} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 00622521;00622521;c:\windows\system32\drivers\00622521.sys [2012-8-1 133208]
R0 20966211;20966211;c:\windows\system32\drivers\20966211.sys [2012-8-1 133208]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl495f02b3;MpKsl495f02b3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c732bc4d-0e7b-4bfe-b203-ac767d30d927}\MpKsl495f02b3.sys [2012-8-16 29904]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-25 2673064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
.
=============== Created Last 30 ================
.
2012-08-16 06:00:26 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c732bc4d-0e7b-4bfe-b203-ac767d30d927}\offreg.dll
2012-08-16 06:00:26 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c732bc4d-0e7b-4bfe-b203-ac767d30d927}\MpKsl495f02b3.sys
2012-08-16 05:47:02 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c732bc4d-0e7b-4bfe-b203-ac767d30d927}\mpengine.dll
2012-08-15 18:50:46 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-02 20:14:16 9728 ------w- c:\windows\system32\rwnh.dll
2012-08-02 20:14:16 10752 ------w- c:\windows\system32\smtpapi.dll
2012-08-02 20:12:15 19569 ----a-w- c:\windows\000001_.tmp
2012-08-02 19:25:07 -------- d-----w- C:\Reg_Backup
2012-08-02 19:08:31 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-08-02 19:08:30 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-08-02 19:08:29 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-08-02 19:08:28 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-08-02 19:08:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-08-02 19:08:09 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-08-02 19:08:07 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-08-02 19:08:06 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-08-02 19:08:01 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-08-02 19:06:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2012-08-02 19:05:59 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-08-02 19:04:57 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2012-08-02 18:58:37 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-08-02 18:57:53 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-08-02 18:56:59 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-08-02 18:55:55 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-08-02 18:54:54 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-08-02 18:53:59 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-08-02 18:53:58 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-08-02 18:53:56 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-08-02 18:53:41 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-08-02 18:53:39 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-08-02 18:53:36 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-08-02 18:53:28 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-08-02 18:53:26 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-08-02 18:53:15 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-08-02 18:53:14 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-08-02 18:53:11 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-08-02 18:53:03 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-08-02 18:51:59 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-08-02 18:51:56 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-08-02 18:51:55 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-08-02 18:51:54 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-08-02 18:51:47 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-08-02 18:51:42 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-08-02 18:51:40 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-08-02 18:51:25 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-08-02 18:51:24 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-08-02 18:51:05 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-08-02 18:51:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-08-02 18:51:04 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-08-02 18:51:03 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-08-02 18:49:59 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-08-02 18:48:59 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-08-02 18:43:56 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-08-02 18:42:54 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-08-02 18:41:59 80896 -c--a-w- c:\windows\system32\dllcache\dc210usd.dll
2012-08-02 18:40:59 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-08-02 18:39:42 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-08-02 18:38:54 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2012-08-02 18:24:37 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-08-02 18:23:38 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-08-02 18:09:56 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-02 18:09:52 -------- d-----w- c:\program files\MagicDisc
2012-08-02 16:51:34 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-02 16:51:13 -------- d-----w- c:\program files\Tweaking.com
2012-08-02 03:04:36 133208 ----a-w- c:\windows\system32\drivers\00622521.sys
2012-08-02 02:48:22 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-08-02 02:48:12 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0d2d3cb0-4ff5-410a-9a67-894b77b7ebf0}\mpengine.dll
2012-08-02 02:23:52 133208 ----a-w- c:\windows\system32\drivers\20966211.sys
2012-08-02 00:13:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-02 00:06:41 -------- d-----w- c:\program files\HitmanPro
2012-08-02 00:06:16 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-01 23:30:01 -------- d-sha-r- C:\cmdcons
2012-08-01 23:27:13 98816 ----a-w- c:\windows\sed.exe
2012-08-01 23:27:13 518144 ----a-w- c:\windows\SWREG.exe
2012-08-01 23:27:13 256000 ----a-w- c:\windows\PEV.exe
2012-08-01 23:27:13 208896 ----a-w- c:\windows\MBR.exe
2012-07-25 23:04:31 -------- d-----w- c:\documents and settings\scheele\application data\Malwarebytes
2012-07-25 23:03:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-25 23:03:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 23:03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 01:21:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-25 00:49:43 -------- d-----w- c:\documents and settings\scheele\application data\QuickScan
2012-07-25 00:28:45 -------- d-----w- c:\documents and settings\scheele\temp
.
==================== Find3M ====================
.
2012-07-12 11:27:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:27:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:13:35.15 ===============


Attached File  attach.txt   17.48KB   1 downloads

#11 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:25 AM

Thanks for the help on this. Sorry I have been slow at progressing on this one.

#12 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:29 AM

Updating Java, and running a defrag. Keeping Adobe Reader updated automatically is not something I am a fan of because of the crapware they try to install from time to time. Maybe automatic updates don't add toolbars and virus scanners like manual updates give as a default selection.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 AM

Posted 16 August 2012 - 08:42 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:51 AM

I won't be able to run combofix right now, unless there is a way to run it unattended. I am using a remote connection through TeamViewer to do this work - my parents are 7 hours away and are not at home at the moment.

Is there an unattended method of running this? Without the parent's intervention, I would need it to run everything and reboot on its own.

Also, I did run this before, but I can understand if there would be a need to run it multiple times.

So far, the computer has been working well from the time of my first post in this thread.

#15 Homer T Nacho Cheese

Homer T Nacho Cheese
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 August 2012 - 08:56 AM

Sorry, I missed the big blue obvious message to copy and paste reports into the topic, and not to attach. Here is attach.txt:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2010 7:13:25 AM
System Uptime: 8/2/2012 2:38:27 PM (331 hours ago)
.
Motherboard: Compaq | | 07E8h
Processor: Intel® Pentium® 4 CPU 2.00GHz | XU1 PROCESSOR | 1994/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 26.416 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 32.822 GiB free.
E: is CDROM ()
F: is CDROM ()
W: is Removable
X: is Removable
Y: is Removable
Z: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP668: 7/1/2012 6:02:29 PM - Software Distribution Service 3.0
RP669: 7/2/2012 6:14:37 PM - System Checkpoint
RP670: 7/3/2012 2:12:48 AM - Software Distribution Service 3.0
RP671: 7/3/2012 5:52:47 PM - Software Distribution Service 3.0
RP672: 7/4/2012 6:24:57 PM - System Checkpoint
RP673: 7/5/2012 2:05:21 AM - Software Distribution Service 3.0
RP674: 7/5/2012 5:35:34 PM - Software Distribution Service 3.0
RP675: 7/6/2012 5:35:35 PM - Software Distribution Service 3.0
RP676: 7/7/2012 5:35:44 PM - Software Distribution Service 3.0
RP677: 7/8/2012 2:24:48 AM - Software Distribution Service 3.0
RP678: 7/8/2012 5:35:53 PM - Software Distribution Service 3.0
RP679: 7/9/2012 5:35:35 PM - Software Distribution Service 3.0
RP680: 7/10/2012 5:35:42 PM - Software Distribution Service 3.0
RP681: 7/11/2012 5:36:11 PM - Software Distribution Service 3.0
RP682: 7/12/2012 3:00:17 AM - Software Distribution Service 3.0
RP683: 7/13/2012 3:49:58 AM - System Checkpoint
RP684: 7/14/2012 4:50:05 AM - System Checkpoint
RP685: 7/15/2012 5:49:57 AM - System Checkpoint
RP686: 7/16/2012 6:43:39 AM - System Checkpoint
RP687: 7/17/2012 7:43:40 AM - System Checkpoint
RP688: 7/18/2012 12:38:54 PM - System Checkpoint
RP689: 7/19/2012 12:51:15 PM - System Checkpoint
RP690: 7/20/2012 12:58:31 PM - System Checkpoint
RP691: 7/21/2012 1:19:48 PM - System Checkpoint
RP692: 7/25/2012 11:23:47 PM - Software Distribution Service 3.0
RP693: 7/26/2012 2:25:19 AM - Software Distribution Service 3.0
RP694: 8/1/2012 7:16:01 PM - Software Distribution Service 3.0
RP695: 8/1/2012 10:45:01 PM - Installed Windows Defender
RP696: 8/1/2012 10:48:06 PM - Software Distribution Service 3.0
RP697: 8/2/2012 3:24:52 PM - Tweaking.com - Windows Repair
RP698: 8/2/2012 4:12:31 PM - Installed Windows XP Service Pack 3.
RP699: 8/3/2012 1:45:52 AM - Software Distribution Service 3.0
RP700: 8/4/2012 1:46:03 AM - Software Distribution Service 3.0
RP701: 8/4/2012 3:00:18 AM - Software Distribution Service 3.0
RP702: 8/4/2012 3:43:57 PM - Software Distribution Service 3.0
RP703: 8/5/2012 1:45:55 AM - Software Distribution Service 3.0
RP704: 8/5/2012 3:00:17 AM - Software Distribution Service 3.0
RP705: 8/6/2012 1:45:48 AM - Software Distribution Service 3.0
RP706: 8/6/2012 3:00:18 AM - Software Distribution Service 3.0
RP707: 8/6/2012 3:22:32 PM - Software Distribution Service 3.0
RP708: 8/7/2012 1:45:52 AM - Software Distribution Service 3.0
RP709: 8/7/2012 3:00:18 AM - Software Distribution Service 3.0
RP710: 8/7/2012 3:22:19 PM - Software Distribution Service 3.0
RP711: 8/8/2012 1:46:21 AM - Software Distribution Service 3.0
RP712: 8/8/2012 3:00:18 AM - Software Distribution Service 3.0
RP713: 8/8/2012 3:20:16 PM - Software Distribution Service 3.0
RP714: 8/9/2012 1:46:54 AM - Software Distribution Service 3.0
RP715: 8/9/2012 3:00:18 AM - Software Distribution Service 3.0
RP716: 8/9/2012 3:21:23 PM - Software Distribution Service 3.0
RP717: 8/10/2012 1:46:22 AM - Software Distribution Service 3.0
RP718: 8/10/2012 3:00:18 AM - Software Distribution Service 3.0
RP719: 8/10/2012 3:20:16 PM - Software Distribution Service 3.0
RP720: 8/11/2012 1:46:24 AM - Software Distribution Service 3.0
RP721: 8/11/2012 3:00:18 AM - Software Distribution Service 3.0
RP722: 8/12/2012 1:45:51 AM - Software Distribution Service 3.0
RP723: 8/12/2012 3:00:18 AM - Software Distribution Service 3.0
RP724: 8/12/2012 2:50:06 PM - Software Distribution Service 3.0
RP725: 8/13/2012 1:46:20 AM - Software Distribution Service 3.0
RP726: 8/13/2012 3:00:18 AM - Software Distribution Service 3.0
RP727: 8/13/2012 2:50:22 PM - Software Distribution Service 3.0
RP728: 8/14/2012 1:46:10 AM - Software Distribution Service 3.0
RP729: 8/14/2012 3:00:18 AM - Software Distribution Service 3.0
RP730: 8/14/2012 2:50:40 PM - Software Distribution Service 3.0
RP731: 8/15/2012 1:45:59 AM - Software Distribution Service 3.0
RP732: 8/15/2012 3:00:19 AM - Software Distribution Service 3.0
RP733: 8/15/2012 2:50:42 PM - Software Distribution Service 3.0
RP734: 8/16/2012 1:46:57 AM - Software Distribution Service 3.0
RP735: 8/16/2012 3:00:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
BufferChm
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
F4200
F4200_Help
FileZilla Client 3.3.5.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
Intel® Extreme Graphics Driver
Intel® PRO Network Connections Drivers
Java Auto Updater
Java™ 6 Update 29
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 97, Professional Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
PSSWCORE
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Status
TeamViewer 7
Toolbox
TrayApp
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 3:00:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB946648).
8/9/2012 3:00:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB2719985).
8/9/2012 3:00:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Cumulative

Security Update for Internet Explorer 8 for Windows XP (KB2699988).
8/16/2012 3:00:49 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB2712808).
8/16/2012 3:00:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB2731847).
8/16/2012 3:00:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB2723135).
8/16/2012 3:00:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Security Update

for Windows XP (KB2705219).
8/16/2012 3:00:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Cumulative

Security Update for Internet Explorer 8 for Windows XP (KB2722913).
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users