Jump to content


Photo

browser hijack?


  • Please log in to reply
22 replies to this topic

#1 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 29 September 2011 - 03:50 AM

I can do a search on Google, but when I click the links, I see the correct web-page for an instant. But then I get sent to a different page.
I scaned with addaware.

Here is OTL.txt
OTL logfile created on: 9/28/2011 7:21:10 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 72.02% Memory free
3.78 Gb Paging File | 3.28 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.25 Gb Free Space | 82.19% Space Free | Partition Type: NTFS

Computer Name: BUB | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)
PRC - C:\Program Files\Internet Content Filter\UpdateService.exe (InternetSafety.com, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\kmw_run.exe (Kensington Technology Group)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System8ffa4d388d5f007869aa7651c458e7c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()


========== Win32 Services (SafeList) ==========

SRV - (IS360service) -- File not found
SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (seUpdateSvc) -- C:\Program Files\Internet Content Filter\UpdateService.exe (InternetSafety.com, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atiide) -- C:\WINDOWS\system32\DRIVERS\atiide.sys (ATI Technologies Inc.)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33921

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"
FF - prefs.js..browser.startup.homepage: "https://www.clear.co...unt/signin.php"
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: toolbar@spamratings.com:0.935
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
FF - prefs.js..keyword.URL: "http://search.yahoo....type=380920&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 22:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/16 20:46:47 | 000,000,000 | ---D | M]

[2010/08/18 19:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2011/09/27 21:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions
[2011/09/18 18:28:41 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/18 18:34:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/18 18:34:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/09/18 18:34:52 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/26 22:02:05 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/09/18 18:34:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\DeviceDetection@logitech.com
[2010/10/26 22:20:21 | 000,000,000 | ---D | M] (Spam Ratings) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\extensions\toolbar@spamratings.com
[2011/08/20 22:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/03 09:13:40 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\SEToolbar.dll (InternetSafety.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)
O4 - HKLM..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart File not found
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries00000000008 - %SystemRoot%\System32\mswsock.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC64D14-6DC7-4A4A-9F6B-0A5B7D6A1221}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 22:47:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 21:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Browser Hijack Blaster
[2011/09/27 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Browser Hijack Blaster
[2011/09/25 21:31:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[2011/09/25 09:03:12 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/09/25 09:03:12 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/09/25 08:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/25 08:39:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/25 08:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/28 19:00:53 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/09/28 19:00:52 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/09/28 19:00:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/09/28 19:00:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/09/28 18:46:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/28 18:46:32 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/28 18:46:09 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\Wpqisigicw.job
[2011/09/28 18:46:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 21:25:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011/09/26 20:36:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/25 21:27:09 | 000,004,842 | ---- | M] () -- C:\Documents and Settings\John\My Documents\cc_20110925_212659.reg
[2011/09/25 21:21:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/09/25 07:45:59 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/24 20:48:02 | 000,057,630 | ---- | M] () -- C:\crash.dmp
[2011/09/24 07:54:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/20 21:36:30 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/20 21:35:14 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/09/20 21:35:13 | 000,021,592 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/09/18 09:37:15 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Document.rtf
[2011/09/18 08:42:45 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/18 08:42:45 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/17 20:57:33 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/17 20:56:07 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 20:36:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/25 21:27:03 | 000,004,842 | ---- | C] () -- C:\Documents and Settings\John\My Documents\cc_20110925_212659.reg
[2011/09/24 20:33:32 | 000,057,630 | ---- | C] () -- C:\crash.dmp
[2011/09/20 21:38:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/20 21:38:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/17 20:56:07 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/16 22:58:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/08/16 22:58:44 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/08/16 22:58:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/10/06 21:14:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/03 21:17:43 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/03 23:12:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/08/28 21:55:59 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2010/08/23 23:51:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2010/08/20 19:56:48 | 000,055,296 | RHS- | C] () -- C:\WINDOWS\System32\bcm1xsup7.dll
[2010/08/19 07:18:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/08/19 07:11:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/08/19 07:11:31 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/18 20:30:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/18 19:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/03 23:09:27 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/03 22:50:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 22:43:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/27 13:12:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/27 13:10:53 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/25 21:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/08/19 07:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/16 22:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/10/06 20:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/10/03 10:49:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/19 18:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Auslogics
[2011/09/25 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IObit
[2010/08/19 07:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\iolo
[2010/08/23 23:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Kensington
[2010/10/26 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\QuickScan
[2010/08/21 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sammsoft
[2011/09/28 19:00:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/09/28 19:00:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/09/28 19:00:52 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/09/28 19:00:53 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/08/21 02:10:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2011/09/28 18:46:09 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Wpqisigicw.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:587EB586
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


And here is Extras.txt

OTL Extras logfile created on: 9/28/2011 7:21:10 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 72.02% Memory free
3.78 Gb Paging File | 3.28 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.25 Gb Free Space | 82.19% Space Free | Partition Type: NTFS

Computer Name: BUB | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\John\Local Settings\Temp\{1A82FDCA-53BA-4A2B-992D-36625FF28A0A}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe" = C:\Documents and Settings\John\Local Settings\Temp\{1A82FDCA-53BA-4A2B-992D-36625FF28A0A}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web.


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AA962FC9-780E-4362-B439-0F7BD6B978CD}" = Identity Finder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}" = Safe Eyes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browser Hijack Blaster_is1" = Browser Hijack Blaster v1.0
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lavasoft Registry Tuner_is1" = Lavasoft Registry Tuner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2011 11:55:11 PM | Computer Name = BUB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/26/2011 11:55:11 PM | Computer Name = BUB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/26/2011 11:55:12 PM | Computer Name = BUB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 9/26/2011 11:55:13 PM | Computer Name = BUB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/26/2011 11:55:13 PM | Computer Name = BUB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/27/2011 11:57:02 PM | Computer Name = BUB | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 9/27/2011 11:58:52 PM | Computer Name = BUB | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/28/2011 12:34:48 AM | Computer Name = BUB | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 9/28/2011 9:46:55 PM | Computer Name = BUB | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/28/2011 9:47:32 PM | Computer Name = BUB | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

[ System Events ]
Error - 9/28/2011 12:32:36 AM | Computer Name = BUB | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%2

Error - 9/28/2011 12:32:36 AM | Computer Name = BUB | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 9/28/2011 12:32:45 AM | Computer Name = BUB | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/28/2011 12:32:45 AM | Computer Name = BUB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/28/2011 12:36:10 AM | Computer Name = BUB | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 9/28/2011 9:46:20 PM | Computer Name = BUB | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%2

Error - 9/28/2011 9:46:20 PM | Computer Name = BUB | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 9/28/2011 9:46:27 PM | Computer Name = BUB | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/28/2011 9:46:27 PM | Computer Name = BUB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/28/2011 9:49:27 PM | Computer Name = BUB | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >


I'm stuck.
john

#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 29 September 2011 - 01:44 PM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 30 September 2011 - 06:32 AM

Thanks, I've been dinking with this problem for at least 6 months.
I deleted the drivers for the internal modem before my first post.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2010 10:49:59 PM
System Uptime: 9/29/2011 9:52:09 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: AMD Turion™ 64 Mobile Technology MK-36 | Socket M2/S1G1 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 61.256 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Parport
Device ID: ROOT\LEGACY_PARPORT000
Manufacturer:
Name: Parport
PNP Device ID: ROOT\LEGACY_PARPORT000
Service: Parport
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL000
Service: Serial
.
==== System Restore Points ===================
.
RP62: 8/17/2011 1:52:35 PM - Software Distribution Service 3.0
RP63: 8/20/2011 7:55:59 PM - System Checkpoint
RP64: 9/18/2011 6:29:38 PM - Software Distribution Service 3.0
RP65: 9/27/2011 9:34:22 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Display Driver
Broadcom 440x 10/100 Integrated Controller
Browser Hijack Blaster v1.0
CCleaner
Dell Wireless WLAN Card
ESET Online Scanner v3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Identity Finder
Kensington MouseWorks
Lavasoft Registry Tuner
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.11)
MSXML 6 Service Pack 2 (KB973686)
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safe Eyes
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic CinePlayer Decoder Pack
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB839210
.
==== Event Viewer Messages From Past Week ========
.
9/28/2011 7:53:27 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/27/2011 8:55:53 PM, error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The system cannot find the file specified.
9/25/2011 9:35:01 AM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
9/25/2011 9:27:27 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
9/25/2011 9:26:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).
9/25/2011 9:24:01 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/25/2011 9:21:13 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/25/2011 9:08:46 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/25/2011 8:46:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/25/2011 8:38:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/25/2011 8:16:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor
9/25/2011 8:13:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/25/2011 7:44:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/25/2011 10:23:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/24/2011 8:58:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sbaphd
9/24/2011 8:24:58 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
9/24/2011 8:24:51 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/24/2011 8:24:51 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/24/2011 8:23:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/24/2011 8:04:53 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/24/2011 7:57:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/24/2011 7:54:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sbaphd Tcpip WS2IFSL
9/24/2011 7:54:35 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/24/2011 7:54:35 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/24/2011 7:54:35 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/24/2011 7:54:35 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by John at 22:00:15 on 2011-09-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2686.2150 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:33921
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [kmw_run.exe] kmw_run.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
dRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: ICF.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDC64D14-6DC7-4A4A-9F6B-0A5B7D6A1221} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\o446vx04.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.clear.com/my_account/signin.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\o446vx04.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\o446vx04.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Spam Ratings: toolbar@spamratings.com - %profile%\extensions\toolbar@spamratings.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2010-8-19 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-3 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-9-25 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-8-18 101720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2151640]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-25 74968]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-9-26 233472]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe --> c:\program files\iobit\iobit security 360\IS360srv.exe [?]
S3 ASTDriver;ASTDriver;\??\c:\program files\wondershare\spyware removal\astdriver.sys --> c:\program files\wondershare\spyware removal\ASTDriver.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
.
=============== Created Last 30 ================
.
2011-09-28 04:45:14 -------- d-----w- c:\program files\Browser Hijack Blaster
2011-09-25 16:03:12 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-09-25 16:03:12 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-09-25 15:39:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-25 15:39:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-28 04:25:16 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-25 14:45:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-21 04:36:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC7KP -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A959EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89c02872; SUB DWORD [EBP-0x4], 0x89c0212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EE136] -> \Device\Harddisk0\DR0[0x8A950AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EE136] -> [0x8AA0FB98]
[0x8AA20D28] -> IRP_MJ_CREATE -> 0x8A959EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC7KP#5&24cbc6ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A959AEA
user & kernel MBR OK
sectors 156301486 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:01:34.81 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-29 22:15:40
Windows 5.1.2600 Service Pack 2
Running: lkjb7kxx.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xAD4D34D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xAD4D3520]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atiide.sys entry point in ".rsrc" section [0xBA672894]
? C:\WINDOWS\system32\drivers\atiide.sys suspicious PE modification
? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A959AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A959AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A959AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A959AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-12 8A959AEA
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC7KP#5&24cbc6ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atiide.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 September 2011 - 08:34 AM

Hi,

I've been dinking with this problem for at least 6 months.

Hopefully we can tackle the issue then :)


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 01 October 2011 - 04:27 AM

Ok, what a pain.
I downloaded combofix, and it wouldn't run. So I changed the name, and it worked.
I was saving the log file and moved the laptop to change the name, and unplugged it!
So I started over.
Here it is.

ComboFix 11-09-30.05 - John 09/30/2011 17:42:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2686.2263 [GMT -7:00]
Running from: c:\documents and settings\John\Desktop\1954john.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-09-25 16:03 . 2011-09-21 04:35 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-09-25 16:03 . 2011-09-21 04:35 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-09-25 15:39 . 2011-09-30 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 04:25 . 2010-09-04 06:12 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-25 14:45 . 2010-10-04 04:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-21 04:36 . 2010-08-19 03:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-07-28 1589480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
2006-08-03 19:47 106496 ----a-w- c:\windows\system32\kmw_run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [8/19/2010 6:48 AM 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/3/2010 11:09 AM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/25/2011 9:03 AM 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/18/2010 8:11 PM 101720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 2151640]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/25/2011 9:03 AM 74968]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [9/26/2010 7:29 AM 233472]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S3 ASTDriver;ASTDriver;\??\c:\program files\Wondershare\Spyware Removal\ASTDriver.sys --> c:\program files\Wondershare\Spyware Removal\ASTDriver.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15232]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:33921
uInternet Settings,ProxyOverride = <local>
LSP: ICF.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.clear.com/my_account/signin.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Spam Ratings: toolbar@spamratings.com - %profile%\extensions\toolbar@spamratings.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 18:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC7KP -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A95AEC5]<<
c:\docume~1\John\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89c02872; SUB DWORD [EBP-0x4], 0x89c0212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EE136] -> \Device\Harddisk0\DR0[0x8A94FAB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EE136] -> [0x8A94D648]
[0x8A9F5C90] -> IRP_MJ_CREATE -> 0x8A95AEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC7KP#5&24cbc6ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A95AAEA
user & kernel MBR OK
sectors 156301486 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-30 18:44:37
ComboFix-quarantined-files.txt 2011-10-01 01:43
ComboFix2.txt 2011-10-01 00:32
.
Pre-Run: 65,555,288,064 bytes free
Post-Run: 65,535,262,720 bytes free
.
- - End Of File - - 2E9C5E631394964D00E8D88E7264B1BA

#6 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 01 October 2011 - 04:31 AM

I forgot to say I disabled the spooler whatever. it was using 99% of the cpu.
john

#7 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 01 October 2011 - 04:22 PM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#8 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 02 October 2011 - 07:55 AM

OK,I had to re-install safeeys. It was blocking the internet :0P

23:29:35.0546 2400 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
23:29:36.0515 2400 ============================================================
23:29:36.0515 2400 Current date / time: 2011/10/01 23:29:36.0515
23:29:36.0515 2400 SystemInfo:
23:29:36.0515 2400
23:29:36.0515 2400 OS Version: 5.1.2600 ServicePack: 2.0
23:29:36.0515 2400 Product type: Workstation
23:29:36.0515 2400 ComputerName: BUB
23:29:36.0515 2400 UserName: John
23:29:36.0515 2400 Windows directory: C:\WINDOWS
23:29:36.0515 2400 System windows directory: C:\WINDOWS
23:29:36.0515 2400 Processor architecture: Intel x86
23:29:36.0515 2400 Number of processors: 1
23:29:36.0515 2400 Page size: 0x1000
23:29:36.0515 2400 Boot type: Normal boot
23:29:36.0515 2400 ============================================================
23:29:38.0234 2400 Initialize success
23:29:42.0203 2748 ============================================================
23:29:42.0203 2748 Scan started
23:29:42.0203 2748 Mode: Manual;
23:29:42.0203 2748 ============================================================
23:29:43.0718 2748 Abiosdsk - ok
23:29:43.0843 2748 abp480n5 - ok
23:29:43.0890 2748 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:29:43.0890 2748 ACPI - ok
23:29:43.0937 2748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:29:43.0937 2748 ACPIEC - ok
23:29:43.0937 2748 adpu160m - ok
23:29:44.0000 2748 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:29:44.0000 2748 aec - ok
23:29:44.0062 2748 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:29:44.0062 2748 AegisP - ok
23:29:44.0093 2748 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:29:44.0093 2748 AFD - ok
23:29:44.0187 2748 Aha154x - ok
23:29:44.0203 2748 aic78u2 - ok
23:29:44.0218 2748 aic78xx - ok
23:29:44.0234 2748 AliIde - ok
23:29:44.0265 2748 AmdK8 - ok
23:29:44.0281 2748 amsint - ok
23:29:44.0296 2748 asc - ok
23:29:44.0312 2748 asc3350p - ok
23:29:44.0328 2748 asc3550 - ok
23:29:44.0406 2748 ASTDriver - ok
23:29:44.0437 2748 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:29:44.0437 2748 AsyncMac - ok
23:29:44.0546 2748 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:29:44.0546 2748 atapi - ok
23:29:44.0562 2748 Atdisk - ok
23:29:44.0703 2748 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:29:44.0703 2748 ati2mtag - ok
23:29:44.0843 2748 atiide (fced020f5d9df6c058939497349fc50c) C:\WINDOWS\system32\DRIVERS\atiide.sys
23:29:44.0843 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atiide.sys. Real md5: fced020f5d9df6c058939497349fc50c, Fake md5: 1842b56b3d3f195c36f62708d266b95e
23:29:44.0843 2748 atiide ( Rootkit.Win32.TDSS.tdl3 ) - infected
23:29:44.0843 2748 atiide - detected Rootkit.Win32.TDSS.tdl3 (0)
23:29:44.0890 2748 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:29:44.0890 2748 Atmarpc - ok
23:29:44.0953 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:29:44.0953 2748 audstub - ok
23:29:45.0000 2748 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:29:45.0000 2748 b57w2k - ok
23:29:45.0078 2748 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:29:45.0093 2748 BCM43XX - ok
23:29:45.0218 2748 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:29:45.0218 2748 bcm4sbxp - ok
23:29:45.0296 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:29:45.0296 2748 Beep - ok
23:29:45.0343 2748 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
23:29:45.0359 2748 BVRPMPR5 - ok
23:29:45.0468 2748 catchme - ok
23:29:45.0500 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:29:45.0500 2748 cbidf2k - ok
23:29:45.0609 2748 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:29:45.0609 2748 CCDECODE - ok
23:29:45.0625 2748 cd20xrnt - ok
23:29:45.0687 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:29:45.0703 2748 Cdaudio - ok
23:29:45.0750 2748 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:29:45.0750 2748 Cdfs - ok
23:29:45.0781 2748 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:29:45.0781 2748 Cdrom - ok
23:29:45.0828 2748 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
23:29:45.0843 2748 cercsr6 - ok
23:29:45.0859 2748 Changer - ok
23:29:45.0906 2748 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:29:45.0906 2748 CmBatt - ok
23:29:45.0984 2748 CmdIde - ok
23:29:46.0062 2748 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:29:46.0062 2748 Compbatt - ok
23:29:46.0078 2748 Cpqarray - ok
23:29:46.0109 2748 dac2w2k - ok
23:29:46.0125 2748 dac960nt - ok
23:29:46.0140 2748 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:29:46.0140 2748 Disk - ok
23:29:46.0187 2748 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
23:29:46.0187 2748 DLABMFSM - ok
23:29:46.0203 2748 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
23:29:46.0203 2748 DLABOIOM - ok
23:29:46.0203 2748 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:29:46.0203 2748 DLACDBHM - ok
23:29:46.0234 2748 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
23:29:46.0234 2748 DLADResM - ok
23:29:46.0250 2748 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
23:29:46.0250 2748 DLAIFS_M - ok
23:29:46.0265 2748 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
23:29:46.0265 2748 DLAOPIOM - ok
23:29:46.0281 2748 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
23:29:46.0281 2748 DLAPoolM - ok
23:29:46.0296 2748 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
23:29:46.0296 2748 DLARTL_M - ok
23:29:46.0343 2748 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
23:29:46.0343 2748 DLAUDFAM - ok
23:29:46.0375 2748 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
23:29:46.0375 2748 DLAUDF_M - ok
23:29:46.0437 2748 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:29:46.0453 2748 dmboot - ok
23:29:46.0593 2748 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:29:46.0593 2748 dmio - ok
23:29:46.0640 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:29:46.0656 2748 dmload - ok
23:29:46.0703 2748 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:29:46.0703 2748 DMusic - ok
23:29:46.0718 2748 dpti2o - ok
23:29:46.0750 2748 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:29:46.0750 2748 drmkaud - ok
23:29:46.0796 2748 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:29:46.0796 2748 DRVMCDB - ok
23:29:46.0828 2748 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:29:46.0828 2748 DRVNDDM - ok
23:29:46.0890 2748 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:29:46.0890 2748 Fastfat - ok
23:29:47.0031 2748 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:29:47.0046 2748 Fdc - ok
23:29:47.0062 2748 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:29:47.0062 2748 Fips - ok
23:29:47.0078 2748 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:29:47.0078 2748 Flpydisk - ok
23:29:47.0109 2748 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:29:47.0109 2748 FltMgr - ok
23:29:47.0140 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:29:47.0156 2748 Fs_Rec - ok
23:29:47.0171 2748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:29:47.0171 2748 Ftdisk - ok
23:29:47.0218 2748 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:29:47.0218 2748 Gpc - ok
23:29:47.0359 2748 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:29:47.0359 2748 HDAudBus - ok
23:29:47.0390 2748 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:29:47.0390 2748 HidUsb - ok
23:29:47.0421 2748 hpn - ok
23:29:47.0484 2748 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
23:29:47.0484 2748 HSF_DPV - ok
23:29:47.0609 2748 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
23:29:47.0609 2748 HSXHWAZL - ok
23:29:47.0671 2748 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:29:47.0687 2748 HTTP - ok
23:29:47.0703 2748 i2omgmt - ok
23:29:47.0718 2748 i2omp - ok
23:29:47.0765 2748 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:29:47.0765 2748 i8042prt - ok
23:29:47.0796 2748 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:29:47.0796 2748 Imapi - ok
23:29:47.0828 2748 ini910u - ok
23:29:47.0843 2748 IntelIde - ok
23:29:47.0875 2748 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:29:47.0890 2748 Ip6Fw - ok
23:29:47.0921 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:29:47.0921 2748 IpFilterDriver - ok
23:29:48.0046 2748 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:29:48.0046 2748 IpInIp - ok
23:29:48.0093 2748 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:29:48.0093 2748 IpNat - ok
23:29:48.0109 2748 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:29:48.0109 2748 IPSec - ok
23:29:48.0171 2748 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:29:48.0171 2748 IRENUM - ok
23:29:48.0218 2748 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:29:48.0218 2748 isapnp - ok
23:29:48.0250 2748 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:29:48.0250 2748 Kbdclass - ok
23:29:48.0406 2748 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:29:48.0406 2748 kmixer - ok
23:29:48.0437 2748 KMW_KBD (56c128e5a723f41fc254cdc01e31cf8e) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
23:29:48.0437 2748 KMW_KBD - ok
23:29:48.0500 2748 KMW_SYS (56ab6419f4a49b91964c5c6ded4b0fbe) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
23:29:48.0500 2748 KMW_SYS - ok
23:29:48.0531 2748 KMW_USB (ef593601f3a79bf852fdade89df41223) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
23:29:48.0531 2748 KMW_USB - ok
23:29:48.0562 2748 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
23:29:48.0562 2748 KSecDD - ok
23:29:48.0734 2748 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:29:48.0734 2748 Lavasoft Kernexplorer - ok
23:29:48.0859 2748 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:29:48.0859 2748 Lbd - ok
23:29:48.0875 2748 lbrtfdc - ok
23:29:48.0937 2748 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:29:48.0937 2748 mdmxsdk - ok
23:29:48.0984 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:29:48.0984 2748 mnmdd - ok
23:29:49.0062 2748 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:29:49.0062 2748 Modem - ok
23:29:49.0093 2748 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:29:49.0093 2748 Mouclass - ok
23:29:49.0218 2748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:29:49.0218 2748 mouhid - ok
23:29:49.0281 2748 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:29:49.0281 2748 MountMgr - ok
23:29:49.0296 2748 mraid35x - ok
23:29:49.0312 2748 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:29:49.0312 2748 MRxDAV - ok
23:29:49.0343 2748 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:29:49.0359 2748 MRxSmb - ok
23:29:49.0468 2748 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:29:49.0468 2748 Msfs - ok
23:29:49.0500 2748 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:29:49.0500 2748 MSKSSRV - ok
23:29:49.0531 2748 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:29:49.0531 2748 MSPCLOCK - ok
23:29:49.0546 2748 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:29:49.0546 2748 MSPQM - ok
23:29:49.0593 2748 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:29:49.0593 2748 mssmbios - ok
23:29:49.0625 2748 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:29:49.0625 2748 MSTEE - ok
23:29:49.0656 2748 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:29:49.0656 2748 Mup - ok
23:29:49.0718 2748 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:29:49.0718 2748 NABTSFEC - ok
23:29:49.0796 2748 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:29:49.0812 2748 NDIS - ok
23:29:49.0812 2748 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:29:49.0828 2748 NdisIP - ok
23:29:49.0859 2748 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:29:49.0859 2748 NdisTapi - ok
23:29:49.0875 2748 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:29:49.0875 2748 Ndisuio - ok
23:29:49.0906 2748 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:29:49.0906 2748 NdisWan - ok
23:29:49.0921 2748 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:29:49.0921 2748 NDProxy - ok
23:29:49.0937 2748 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:29:49.0937 2748 NetBIOS - ok
23:29:49.0968 2748 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:29:49.0968 2748 NetBT - ok
23:29:50.0015 2748 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:29:50.0015 2748 Npfs - ok
23:29:50.0062 2748 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:29:50.0078 2748 Ntfs - ok
23:29:50.0203 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:29:50.0203 2748 Null - ok
23:29:50.0265 2748 NWADI (6f1455b88a1bf5dadac344d647208a81) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
23:29:50.0265 2748 NWADI - ok
23:29:50.0312 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:29:50.0312 2748 NwlnkFlt - ok
23:29:50.0328 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:29:50.0328 2748 NwlnkFwd - ok
23:29:50.0343 2748 PAC207 - ok
23:29:50.0390 2748 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
23:29:50.0390 2748 Parport - ok
23:29:50.0437 2748 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:29:50.0437 2748 PartMgr - ok
23:29:50.0468 2748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:29:50.0468 2748 ParVdm - ok
23:29:50.0546 2748 PCASp50 - ok
23:29:50.0593 2748 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:29:50.0609 2748 PCI - ok
23:29:50.0625 2748 PCIDump - ok
23:29:50.0656 2748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:29:50.0656 2748 PCIIde - ok
23:29:50.0687 2748 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:29:50.0687 2748 Pcmcia - ok
23:29:50.0703 2748 PDCOMP - ok
23:29:50.0718 2748 PDFRAME - ok
23:29:50.0734 2748 PDRELI - ok
23:29:50.0750 2748 PDRFRAME - ok
23:29:50.0765 2748 perc2 - ok
23:29:50.0796 2748 perc2hib - ok
23:29:50.0859 2748 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:29:50.0859 2748 PptpMiniport - ok
23:29:50.0890 2748 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
23:29:50.0890 2748 Processor - ok
23:29:50.0906 2748 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:29:50.0906 2748 PSched - ok
23:29:50.0953 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:29:50.0953 2748 Ptilink - ok
23:29:51.0062 2748 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:29:51.0062 2748 PxHelp20 - ok
23:29:51.0078 2748 ql1080 - ok
23:29:51.0093 2748 Ql10wnt - ok
23:29:51.0109 2748 ql12160 - ok
23:29:51.0125 2748 ql1240 - ok
23:29:51.0140 2748 ql1280 - ok
23:29:51.0171 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:29:51.0171 2748 RasAcd - ok
23:29:51.0234 2748 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:29:51.0250 2748 Rasl2tp - ok
23:29:51.0265 2748 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:29:51.0265 2748 RasPppoe - ok
23:29:51.0281 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:29:51.0281 2748 Raspti - ok
23:29:51.0312 2748 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:29:51.0328 2748 Rdbss - ok
23:29:51.0359 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:29:51.0359 2748 RDPCDD - ok
23:29:51.0375 2748 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:29:51.0390 2748 rdpdr - ok
23:29:51.0421 2748 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:29:51.0421 2748 RDPWD - ok
23:29:51.0546 2748 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:29:51.0546 2748 redbook - ok
23:29:51.0640 2748 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:29:51.0640 2748 rimmptsk - ok
23:29:51.0671 2748 RTLWUSB - ok
23:29:51.0734 2748 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
23:29:51.0734 2748 sbaphd - ok
23:29:51.0765 2748 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
23:29:51.0765 2748 sbapifs - ok
23:29:51.0828 2748 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
23:29:51.0828 2748 SBRE - ok
23:29:51.0859 2748 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:29:51.0859 2748 sdbus - ok
23:29:51.0890 2748 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:29:51.0890 2748 Secdrv - ok
23:29:52.0015 2748 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
23:29:52.0015 2748 Serial - ok
23:29:52.0078 2748 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:29:52.0078 2748 Sfloppy - ok
23:29:52.0109 2748 Simbad - ok
23:29:52.0140 2748 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:29:52.0140 2748 SLIP - ok
23:29:52.0156 2748 Sparrow - ok
23:29:52.0187 2748 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:29:52.0187 2748 splitter - ok
23:29:52.0218 2748 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:29:52.0218 2748 sr - ok
23:29:52.0250 2748 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:29:52.0250 2748 Srv - ok
23:29:52.0484 2748 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
23:29:52.0500 2748 STHDA - ok
23:29:52.0609 2748 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:29:52.0609 2748 streamip - ok
23:29:52.0640 2748 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:29:52.0640 2748 swenum - ok
23:29:52.0687 2748 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:29:52.0687 2748 swmidi - ok
23:29:52.0703 2748 symc810 - ok
23:29:52.0718 2748 symc8xx - ok
23:29:52.0734 2748 sym_hi - ok
23:29:52.0750 2748 sym_u3 - ok
23:29:52.0796 2748 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:29:52.0796 2748 sysaudio - ok
23:29:52.0843 2748 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:29:52.0859 2748 Tcpip - ok
23:29:52.0984 2748 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:29:53.0000 2748 TDPIPE - ok
23:29:53.0015 2748 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:29:53.0015 2748 TDTCP - ok
23:29:53.0062 2748 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:29:53.0062 2748 TermDD - ok
23:29:53.0093 2748 TosIde - ok
23:29:53.0156 2748 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:29:53.0156 2748 Udfs - ok
23:29:53.0171 2748 UIUSys - ok
23:29:53.0187 2748 ultra - ok
23:29:53.0203 2748 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:29:53.0203 2748 Update - ok
23:29:53.0265 2748 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:29:53.0265 2748 usbehci - ok
23:29:53.0265 2748 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:29:53.0281 2748 usbhub - ok
23:29:53.0296 2748 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:29:53.0296 2748 usbohci - ok
23:29:53.0421 2748 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:29:53.0421 2748 USBSTOR - ok
23:29:53.0453 2748 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:29:53.0453 2748 VgaSave - ok
23:29:53.0484 2748 ViaIde - ok
23:29:53.0515 2748 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:29:53.0515 2748 VolSnap - ok
23:29:53.0562 2748 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:29:53.0562 2748 Wanarp - ok
23:29:53.0578 2748 WDICA - ok
23:29:53.0625 2748 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:29:53.0625 2748 wdmaud - ok
23:29:53.0703 2748 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
23:29:53.0703 2748 winachsf - ok
23:29:53.0859 2748 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:29:53.0859 2748 WmiAcpi - ok
23:29:53.0937 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:29:53.0937 2748 WS2IFSL - ok
23:29:53.0968 2748 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:29:53.0968 2748 WSTCODEC - ok
23:29:54.0015 2748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:29:54.0015 2748 WudfPf - ok
23:29:54.0031 2748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:29:54.0031 2748 WudfRd - ok
23:29:54.0078 2748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:29:54.0234 2748 \Device\Harddisk0\DR0 - ok
23:29:54.0234 2748 Boot (0x1200) (6c9fa05b627172a1ad81c3ae33635d31) \Device\Harddisk0\DR0\Partition0
23:29:54.0234 2748 \Device\Harddisk0\DR0\Partition0 - ok
23:29:54.0234 2748 ============================================================
23:29:54.0234 2748 Scan finished
23:29:54.0234 2748 ============================================================
23:29:54.0250 1576 Detected object count: 1
23:29:54.0250 1576 Actual detected object count: 1
23:30:14.0296 1576 Backup copy found, using it..
23:30:14.0312 1576 C:\WINDOWS\system32\DRIVERS\atiide.sys - will be cured on reboot
23:30:14.0312 1576 atiide ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
23:30:20.0750 2384 Deinitialize success

#9 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 02 October 2011 - 08:18 AM

Hi,

Please run ComboFix again (let it update itself if prompted) and post back its log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#10 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 02 October 2011 - 04:47 PM

Hi,

Please run ComboFix again (let it update itself if prompted) and post back its log.


OK.

ComboFix 11-10-02.01 - John 10/02/2011 8:36.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2686.2280 [GMT -7:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-01 05:35 . 2011-10-01 05:35 -------- d-----w- c:\program files\CONEXANT
2011-09-25 16:03 . 2011-09-21 04:35 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-09-25 16:03 . 2011-09-21 04:35 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-09-25 15:39 . 2011-09-30 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 06:30 . 2010-08-19 13:48 3456 ----a-w- c:\windows\system32\drivers\atiide.sys
2011-09-28 04:25 . 2010-09-04 06:12 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-25 14:45 . 2010-10-04 04:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-21 04:36 . 2010-08-19 03:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-07-28 1589480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
2006-08-03 19:47 106496 ----a-w- c:\windows\system32\kmw_run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [8/19/2010 6:48 AM 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/3/2010 11:09 AM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/25/2011 9:03 AM 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/18/2010 8:11 PM 101720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 2151640]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/25/2011 9:03 AM 74968]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [9/26/2010 7:29 AM 233472]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S3 ASTDriver;ASTDriver;\??\c:\program files\Wondershare\Spyware Removal\ASTDriver.sys --> c:\program files\Wondershare\Spyware Removal\ASTDriver.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15232]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:33921
uInternet Settings,ProxyOverride = <local>
LSP: ICF.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.clear.com/my_account/signin.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Spam Ratings: toolbar@spamratings.com - %profile%\extensions\toolbar@spamratings.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-47666787.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 08:40
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-02 08:42:03
ComboFix-quarantined-files.txt 2011-10-02 15:42
ComboFix2.txt 2011-10-01 01:45
ComboFix3.txt 2011-10-01 00:32
.
Pre-Run: 65,383,002,112 bytes free
Post-Run: 65,372,348,416 bytes free
.
- - End Of File - - 68EBFD78839C0AF8267C6DE5F1973631

#11 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 02 October 2011 - 06:44 PM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

DDS&#58;&#58;
uInternet Settings,ProxyServer = http=127.0.0.1&#58;33921
uInternet Settings,ProxyOverride = <local>


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Run a scan with ESET online scanner. Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#12 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 04 October 2011 - 05:33 AM

combofix

ComboFix 11-10-02.03 - John 10/02/2011 21:18:34.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2686.2263 [GMT -7:00]
Running from: c:\documents and settings\John\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\John\My Documents\Downloads\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 04:09 . 2011-10-03 04:09 -------- d-----w- c:\program files\Foxit Software
2011-10-01 05:35 . 2011-10-01 05:35 -------- d-----w- c:\program files\CONEXANT
2011-09-25 16:03 . 2011-09-21 04:35 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-09-25 16:03 . 2011-09-21 04:35 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-09-25 15:39 . 2011-09-30 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 06:30 . 2010-08-19 13:48 3456 ----a-w- c:\windows\system32\drivers\atiide.sys
2011-09-28 04:25 . 2010-09-04 06:12 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-25 14:45 . 2010-10-04 04:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-21 04:36 . 2010-08-19 03:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-07-28 1589480]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
2006-08-03 19:47 106496 ----a-w- c:\windows\system32\kmw_run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [8/19/2010 6:48 AM 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/3/2010 11:09 AM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/25/2011 9:03 AM 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/18/2010 8:11 PM 101720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 2151640]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/25/2011 9:03 AM 74968]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [9/26/2010 7:29 AM 233472]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S3 ASTDriver;ASTDriver;\??\c:\program files\Wondershare\Spyware Removal\ASTDriver.sys --> c:\program files\Wondershare\Spyware Removal\ASTDriver.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15232]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
.
------- Supplementary Scan -------
.
LSP: ICF.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\o446vx04.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.clear.com/my_account/signin.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Spam Ratings: toolbar@spamratings.com - %profile%\extensions\toolbar@spamratings.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 21:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-02 21:23:31
ComboFix-quarantined-files.txt 2011-10-03 04:23
ComboFix2.txt 2011-10-02 15:42
ComboFix3.txt 2011-10-01 01:45
ComboFix4.txt 2011-10-01 00:32
.
Pre-Run: 65,441,214,464 bytes free
Post-Run: 65,429,221,376 bytes free
.
- - End Of File - - 961BAD297B6DFCBD749B145704305611


eset

C:\System Volume Information\_restore{E99129E5-AA46-4C25-9187-CD37788FB7D0}\RP63\A0026430.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E99129E5-AA46-4C25-9187-CD37788FB7D0}\RP63\A0026432.rbf probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E99129E5-AA46-4C25-9187-CD37788FB7D0}\RP63\A0026544.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E99129E5-AA46-4C25-9187-CD37788FB7D0}\RP66\A0030444.exe a variant of Win32/InstallCore.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E99129E5-AA46-4C25-9187-CD37788FB7D0}\RP66\A0030445.exe a variant of Win32/InstallCore.C application cleaned by deleting - quarantined

Thanks, the computer is running better. It was giving the following error message when it was starting.
Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the in....
So that's good to not see that.
john

#13 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 04 October 2011 - 05:51 AM

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#14 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 07 October 2011 - 05:07 AM

Well, everything seems to be working now.
:D Thank you verry much. :D
The only thing is, when I'm shutting my computer, I always get a program not responding window. It does give me the option to end task. The program is .NET-BROADCASTEVENTWINDOW.
It was doing that before you started helping me.
What's that?

john

#15 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 October 2011 - 05:20 AM

You're welcome :D

This is an old topic but problem seems to be the same.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#16 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 October 2011 - 03:58 AM

You're welcome :)

This is an old topic but problem seems to be the same.


I messed with it most of the day. I finely removed ATI controll center and it stoped.

Icame upwith another problem.
windoseautomatic updates wants to install .NET Framework 3.5 service pack 1, and it fails every time.

A web serch shows .NET Framework 2 may be corupted. Uninstall then re install it.
But I cant unistall or remove it.
john :angry:

#17 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 October 2011 - 10:03 AM

Hi,

See if you're able to install the update after a reboot. If it still fails post back the KB number back here.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#18 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 October 2011 - 07:14 PM

Hi,

See if you're able to install the update after a reboot. If it still fails post back the KB number back here.



Rebooting doesn't help. According to Microsoft update it's faild 14 times.
Anyway (KB963707).
Thanks
john

#19 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 October 2011 - 07:26 PM

Hi,

You may try this direct download link (NDP35SP1-KB963707-x86.exe).
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#20 johnsn

johnsn

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 October 2011 - 07:40 PM

Hi,

You may try this direct download link (NDP35SP1-KB963707-x86.exe).


No worky.
The installation log :
error

Action: Install patches...
[10/9/2011, 18:33:24] Entering Function: HotIron::Main::Run...
[10/9/2011, 18:33:24] (HotIron::Main::Run) new session
[10/9/2011, 18:33:24] Entering Function: HotIron::MetaData::CreateMetaData...
[10/9/2011, 18:33:24] (HotIron::Patches::Patches) patch NDP35SP1-KB963707.msp added
[10/9/2011, 18:33:24] (HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - LCIDHint
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) exiting function/method
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) succeeded
[10/9/2011, 18:33:25] (HotIron::Main::CreateUi) Full UI Mode
[10/9/2011, 18:33:40] Entering Function: HotIron::CompositeInstaller::Install...
[10/9/2011, 18:33:40] (HotIron::CompositeInstaller::InstallSinglePatch) about to install 1 patch
[10/9/2011, 18:33:41] (HotIron::CompositeInstaller::InstallSinglePatch) installing patch: "NDP35SP1-KB963707.msp"
[10/9/2011, 18:33:41] Entering Function: HotIron::CBaseMspInstaller::Install...
[10/9/2011, 18:33:41] Entering Function: HotIron::MspInstallerT > > > >::PerformMsiOperation...
[10/9/2011, 18:33:41] Action: Install patch (NDP35SP1-KB963707.msp) to Microsoft .NET Framework 3.5 SP1...
[10/9/2011, 18:33:41] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Calling MspApplyMultiplePatches to apply patch {NDP35SP1-KB963707.msp} to product {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.
[10/9/2011, 18:33:41] (HotIron::CBaseMspInstaller::SetMsiLoggingParameters) Successfully called MsiEnableLog with log file set to C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: INSTALL. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SetRTM_ProductName_x86_enu. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: AppSearch. Searching for installed applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SystemFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: LaunchConditions. Evaluating launch conditions]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: FindRelatedProducts. Searching for related applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: ValidateProductID. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AdminToolsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonAppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_DesktopFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder2_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_StartMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System16Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System64Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_TempFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsVolume_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.policy_9_0_Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CostInitialize. Computing space requirements]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ReserveNativeImageCost_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: FileCost. Computing space requirements]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: CostFinalize. Computing space requirements]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallValidate. Validating install]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallInitialize. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SxsInstallCA. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: GenerateScript. Generating script operations for action:]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_ROLLBACK_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiUnpublishAssemblies. Unpublishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: UnpublishFeatures. Unpublishing Product Features]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfUnregModules. Unregistering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFiles. Removing files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFolders. Removing folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CreateFolders. Creating folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: InstallFiles. Copying new files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SchedXmlConfig. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: BindImage. Binding executables]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfRegModules. Registering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterUser. Registering user]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterProduct. Registering product]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_InstallNativeImage_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishProduct. Publishing product information]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallExecute. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CreateFolders. Creating folders]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallFiles. Copying new files]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: RegisterProduct. Registering product]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishProduct. Publishing product information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:48] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:48: Rollback. Rolling back action:]
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Patch (NDP35SP1-KB963707.msp) install failed on product (Microsoft .NET Framework 3.5 SP1). Msi Log: Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) MsiApplyMultiplePatches returned 0x643
[10/9/2011, 18:33:49] Entering Function: HotIron::MspInstallerT > > > >::Rollback...
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback)
[10/9/2011, 18:33:49] Action complete. Log File: C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) failed and rolled back
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Composite Installer is reporting 0x80070643 - Fatal error during installation.
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Fatal error during installation.

Date time:
[10/9/2011, 18:33:24] Action: Install patches...
[10/9/2011, 18:33:24] Entering Function: HotIron::Main::Run...
[10/9/2011, 18:33:24] (HotIron::Main::Run) new session
[10/9/2011, 18:33:24] Entering Function: HotIron::MetaData::CreateMetaData...
[10/9/2011, 18:33:24] (HotIron::Patches::Patches) patch NDP35SP1-KB963707.msp added
[10/9/2011, 18:33:24] (HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - LCIDHint
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) exiting function/method
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) succeeded
[10/9/2011, 18:33:25] (HotIron::Main::CreateUi) Full UI Mode
[10/9/2011, 18:33:40] Entering Function: HotIron::CompositeInstaller::Install...
[10/9/2011, 18:33:40] (HotIron::CompositeInstaller::InstallSinglePatch) about to install 1 patch
[10/9/2011, 18:33:41] (HotIron::CompositeInstaller::InstallSinglePatch) installing patch: "NDP35SP1-KB963707.msp"
[10/9/2011, 18:33:41] Entering Function: HotIron::CBaseMspInstaller::Install...
[10/9/2011, 18:33:41] Entering Function: HotIron::MspInstallerT > > > >::PerformMsiOperation...
[10/9/2011, 18:33:41] Action: Install patch (NDP35SP1-KB963707.msp) to Microsoft .NET Framework 3.5 SP1...
[10/9/2011, 18:33:41] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Calling MspApplyMultiplePatches to apply patch {NDP35SP1-KB963707.msp} to product {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.
[10/9/2011, 18:33:41] (HotIron::CBaseMspInstaller::SetMsiLoggingParameters) Successfully called MsiEnableLog with log file set to C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: INSTALL. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SetRTM_ProductName_x86_enu. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: AppSearch. Searching for installed applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SystemFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: LaunchConditions. Evaluating launch conditions]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: FindRelatedProducts. Searching for related applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: ValidateProductID. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AdminToolsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonAppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_DesktopFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder2_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_StartMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System16Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System64Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_TempFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsVolume_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.policy_9_0_Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CostInitialize. Computing space requirements]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ReserveNativeImageCost_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: FileCost. Computing space requirements]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: CostFinalize. Computing space requirements]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallValidate. Validating install]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallInitialize. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SxsInstallCA. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: GenerateScript. Generating script operations for action:]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_ROLLBACK_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiUnpublishAssemblies. Unpublishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: UnpublishFeatures. Unpublishing Product Features]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfUnregModules. Unregistering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFiles. Removing files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFolders. Removing folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CreateFolders. Creating folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: InstallFiles. Copying new files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SchedXmlConfig. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: BindImage. Binding executables]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfRegModules. Registering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterUser. Registering user]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterProduct. Registering product]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_InstallNativeImage_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishProduct. Publishing product information]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallExecute. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CreateFolders. Creating folders]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallFiles. Copying new files]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: RegisterProduct. Registering product]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishProduct. Publishing product information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:48] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:48: Rollback. Rolling back action:]
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Patch (NDP35SP1-KB963707.msp) install failed on product (Microsoft .NET Framework 3.5 SP1). Msi Log: Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) MsiApplyMultiplePatches returned 0x643
[10/9/2011, 18:33:49] Entering Function: HotIron::MspInstallerT > > > >::Rollback...
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback)
[10/9/2011, 18:33:49] Action complete. Log File: C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) failed and rolled back
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Composite Installer is reporting 0x80070643 - Fatal error during installation.
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Fatal error during installation.

Messages:
[10/9/2011, 18:33:24] Action: Install patches...
[10/9/2011, 18:33:24] Entering Function: HotIron::Main::Run...
[10/9/2011, 18:33:24] (HotIron::Main::Run) new session
[10/9/2011, 18:33:24] Entering Function: HotIron::MetaData::CreateMetaData...
[10/9/2011, 18:33:24] (HotIron::Patches::Patches) patch NDP35SP1-KB963707.msp added
[10/9/2011, 18:33:24] (HotIron::ElementUtils::GetOptionalAttributeByName) Optional attribute was not specified - LCIDHint
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::LocalizedResources::LocalizedResources) Resource added
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) exiting function/method
[10/9/2011, 18:33:24] (HotIron::MetaData::CreateMetaData) succeeded
[10/9/2011, 18:33:25] (HotIron::Main::CreateUi) Full UI Mode
[10/9/2011, 18:33:40] Entering Function: HotIron::CompositeInstaller::Install...
[10/9/2011, 18:33:40] (HotIron::CompositeInstaller::InstallSinglePatch) about to install 1 patch
[10/9/2011, 18:33:41] (HotIron::CompositeInstaller::InstallSinglePatch) installing patch: "NDP35SP1-KB963707.msp"
[10/9/2011, 18:33:41] Entering Function: HotIron::CBaseMspInstaller::Install...
[10/9/2011, 18:33:41] Entering Function: HotIron::MspInstallerT > > > >::PerformMsiOperation...
[10/9/2011, 18:33:41] Action: Install patch (NDP35SP1-KB963707.msp) to Microsoft .NET Framework 3.5 SP1...
[10/9/2011, 18:33:41] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Calling MspApplyMultiplePatches to apply patch {NDP35SP1-KB963707.msp} to product {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.
[10/9/2011, 18:33:41] (HotIron::CBaseMspInstaller::SetMsiLoggingParameters) Successfully called MsiEnableLog with log file set to C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::OnCommonData) langId = 0; codePage = 1252
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: INSTALL. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SetRTM_ProductName_x86_enu. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: AppSearch. Searching for installed applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_SystemFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: LaunchConditions. Evaluating launch conditions]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: FindRelatedProducts. Searching for related applications]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: ValidateProductID. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AdminToolsFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_AppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonAppDataFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_CommonFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_DesktopFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramFilesFolder2_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ProgramMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_StartMenuFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System16Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_System64Folder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_TempFolder_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_WindowsVolume_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: WindowsFolder.21022.08.policy_9_0_Microsoft_VC90_CRT_x86.RTM. ]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CostInitialize. Computing space requirements]
[10/9/2011, 18:33:41] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:41: CA_ReserveNativeImageCost_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: FileCost. Computing space requirements]
[10/9/2011, 18:33:42] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:42: CostFinalize. Computing space requirements]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallValidate. Validating install]
[10/9/2011, 18:33:43] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:43: InstallInitialize. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SxsInstallCA. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: GenerateScript. Generating script operations for action:]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_ROLLBACK_CMD_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiUnpublishAssemblies. Unpublishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: UnpublishFeatures. Unpublishing Product Features]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfUnregModules. Unregistering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFiles. Removing files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RemoveFolders. Removing folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CreateFolders. Creating folders]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: InstallFiles. Copying new files]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SchedXmlConfig. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: BindImage. Binding executables]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: SelfRegModules. Registering modules]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterUser. Registering user]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: RegisterProduct. Registering product]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:45] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:45: CA_InstallNativeImage_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: PublishProduct. Publishing product information]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallExecute. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: ProcessComponents. Updating component registration]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: RemoveRegistryValues. Removing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CreateFolders. Creating folders]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: InstallFiles. Copying new files]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: WriteRegistryValues. Writing system registry values]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_INSTALL_RB_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:46] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:46: CA_CSD_GREEN_MOF_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: RegisterProduct. Registering product]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: MsiPublishAssemblies. Publishing assembly information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_ConfigureNativeImageCommit_x86.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishFeatures. Publishing Product Features]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: PublishProduct. Publishing product information]
[10/9/2011, 18:33:47] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:47: CA_CSD_GREEN_INSTALL_x86_enu.3643236F_FC70_11D3_A536_0090278A1BB8. ]
[10/9/2011, 18:33:48] (HotIron::CMspExternalUiHandler::UiHandler) Returning IDOK. INSTALLMESSAGE_ACTIONSTART [Action 11:33:48: Rollback. Rolling back action:]
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) Patch (NDP35SP1-KB963707.msp) install failed on product (Microsoft .NET Framework 3.5 SP1). Msi Log: Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) MsiApplyMultiplePatches returned 0x643
[10/9/2011, 18:33:49] Entering Function: HotIron::MspInstallerT > > > >::Rollback...
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::Rollback)
[10/9/2011, 18:33:49] Action complete. Log File: C:\DOCUME~1\John\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB963707_20111009_183325640-Msi0.txt
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) exiting function/method
[10/9/2011, 18:33:49] (HotIron::MspInstallerT<class ATL::CPathT<class ATL::CStringT<unsigned short,class ATL::StrTraitATL<unsigned short,class ATL::ChTraitsCRT<unsigned short> > > > >::PerformMsiOperation) failed and rolled back
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CBaseMspInstaller::Install) PerformMsiOperation returned 0x643
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Composite Installer is reporting 0x80070643 - Fatal error during installation.
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) exiting function/method
[10/9/2011, 18:33:49] (HotIron::CompositeInstaller::Install) Fatal error during installation.

John :angry:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users