Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Not sure what is going on...

This is a discussion on Not sure what is going on... within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I was recommended here through the following post in this forum: https://www.techsupportforum.com/foru...ll-568442.html THANK YOU FOR YOUR HELP! DDS.TXT Results: .


 
 
Thread Tools Search this Thread
Old 05-04-2011, 05:54 PM   #1
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



I was recommended here through the following post in this forum:

https://www.techsupportforum.com/foru...ll-568442.html

THANK YOU FOR YOUR HELP!

DDS.TXT Results:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 17:24:25.05 on Wed 05/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.579 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Palm\PDK\tcprelay.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\PROGRA~1\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\FileVault\FileVault.exe
C:\ProWin10\32bit\TaskSch.exe
C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(3).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTZDetec.exe] "c:\program files\creative\creative media lite\CTZDetec.exe"
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [SansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [RCHotKey] "c:\progra~1\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCUI] "c:\progra~1\ringcentral\ringcentral call controller\RCUI.exe"
uRun: [FileVault.exe] c:\program files\filevault\FileVault.exe
uRun: [TaskScheduler] c:\prowin10\32bit\TaskSch.exe
uRun: [F.lux] "c:\documents and settings\owner\local settings\apps\f.lux\flux.exe" /noshow
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [CHotkey] zHotkey.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\software\SaiMfd.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{b94428f6-e93c-4d1d-8580-46d70fa07a9d}\setup\hpzstub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickbooks update agent.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\maura\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\community
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\rr4gzfox.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\palm\packageinstaller\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 12\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Virtus Search Opt-in: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\owner\application data\Move Networks
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-11 13496]
R2 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R2 Palm_TCP_Relay;Palm TCP Relay;c:\program files\palm\pdk\tcprelay.exe [2010-6-16 11776]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickbooks 2008\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickbooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-4-28 1723840]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys --> c:\windows\system32\drivers\nis\1205000.07d\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys --> c:\windows\system32\drivers\nis\1205000.07d\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110309.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys --> c:\windows\system32\drivers\nis\1205000.07d\Ironx86.SYS [?]
S2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\all users\application data\norton\Norton2009Reset.exe [2009-2-1 281625]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 135664]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-4-27 130000]
S2 NOF;Norton Online;"c:\program files\norton online\engine\2.1.0.23\ccsvchst.exe" /s "nof" /m "c:\program files\norton online\engine\2.1.0.23\dimaster.dll" /prefetch:1 --> c:\program files\norton online\engine\2.1.0.23\ccSvcHst.exe [?]
S3 5ED66B0B;5ED66B0B;c:\windows\system32\5ed66b0b.exe --> c:\windows\system32\5ED66B0B.exe [?]
S3 A3EE9A94;A3EE9A94;c:\windows\system32\a3ee9a94.exe --> c:\windows\system32\A3EE9A94.exe [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110411.001\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110411.001\IDSxpx86.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\drivers\libusb0.sys [2010-3-15 21120]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110411.038\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110411.038\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110411.038\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110411.038\NAVEX15.SYS [?]
S3 Normandy;Normandy SR2;c:\windows\system32\drivers\Normandy.sys [2010-10-27 34560]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; [x]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-1-18 182528]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0201000.034\symrdr.sys --> c:\windows\system32\drivers\nsm\0201000.034\SymRdr.SYS [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-6-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-4-10 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-4-10 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-4-10 170368]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickbooks 2010\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickbooks 2010\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
=============== Created Last 30 ================
.
2011-04-30 21:58:01 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{ec1df970-d2b9-4ca9-9794-192a6330e964}\mpengine.dll
2011-04-30 21:52:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-29 16:55:53 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-29 16:55:52 -------- d-----w- c:\program files\HP
2011-04-29 16:53:11 286208 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
2011-04-29 16:53:09 36864 ----a-w- c:\windows\system32\HPPASNM0.DLL
2011-04-29 16:53:08 45056 ----a-w- c:\windows\system32\HPPAPTS0.DLL
2011-04-29 16:53:08 36864 ----a-w- c:\windows\system32\HPPAPML0.DLL
2011-04-29 16:53:08 36864 ----a-w- c:\windows\system32\HPPADT40.DLL
2011-04-29 16:53:08 32768 ----a-w- c:\windows\system32\HPPAMON0.DLL
2011-04-29 16:52:10 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-04-29 16:52:10 8704 ----a-w- c:\windows\system32\drivers\Dot4Scan.sys
2011-04-29 16:32:24 -------- d-----w- C:\bc6d5e15306a0532fd2eba3d9e
2011-04-29 16:12:08 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\BitTorrentBar
2011-04-28 23:43:11 -------- d--h--r- c:\docume~1\alluse~1\applic~1\Atheros
2011-04-28 23:22:30 1723840 ----a-w- c:\windows\system32\drivers\athuw.sys
2011-04-25 16:33:35 -------- d--h--w- c:\program files\WindowsUpdate
2011-04-23 03:35:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 19:22:23 -------- d-----w- c:\program files\Norton Internet Security
2011-04-19 18:53:25 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-04-19 18:53:25 -------- d-----w- c:\program files\VISTA_8139
2011-04-19 18:53:24 368640 ----a-w- c:\program files\common files\installshield\updateservice\_ispmres.dll
2011-04-19 18:53:24 249856 ----a-w- c:\program files\common files\installshield\updateservice\ISUSPM.exe
2011-04-16 20:12:15 -------- d-----w- C:\00000082
2011-04-16 19:16:37 -------- d-----w- c:\windows\LMI1B5.tmp
2011-04-13 21:31:14 726528 ----a-w- c:\windows\system32\SET10B2.tmp
2011-04-13 21:31:14 726528 ------w- c:\windows\system32\SETB78.tmp
2011-04-13 21:31:14 726528 ------w- c:\windows\system32\SET43D.tmp
2011-04-11 15:48:22 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-11 15:48:22 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-04-08 21:01:14 -------- d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
2011-04-08 20:58:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2011-04-08 20:58:33 -------- d-----w- c:\program files\Pando Networks
.
==================== Find3M ====================
.
2011-03-28 18:26:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-08 0230 37376 ----a-w- c:\windows\system32\libusb0.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\SET1186.tmp
2011-03-07 05:33:50 692736 ------w- c:\windows\system32\SETB86.tmp
2011-03-07 05:33:50 692736 ------w- c:\windows\system32\SET45C.tmp
2011-03-07 05:33:50 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 2329 916480 ----a-w- c:\windows\system32\SET127E.tmp
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\SET113F.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 17:26:00.66 ===============
Attached Files
File Type: rar Attach.rar (6.9 KB, 42 views)
File Type: txt Ark.txt (845 Bytes, 51 views)
crazydiamond is offline  
Sponsored Links
Advertisement
 
Old 05-06-2011, 07:34 AM   #2
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.
Quote:
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
Please let me know what problem persists.
__________________
nasdaq is offline  
Old 05-06-2011, 09:58 AM   #3
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



Ran combofix....combofix.txt attached.

The following is STILL occuring after combofix:
  1. Adobe Acrobat update window pops up at startup asking to restart computer
  2. MSE still won't start
  3. Microsoft update still wants to install 3 files previously mentioned
  4. All USB connected devices lose settings or try to install drivers
  5. Windows firewall is turned off

Thanks!
Attached Files
File Type: txt ComboFix.txt (70.8 KB, 50 views)
crazydiamond is offline  
Sponsored Links
Advertisement
 
Old 05-06-2011, 10:54 AM   #4
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Lets go slowly. Just do the following for not.


Please download OTM by OldTimer. https://oldtimer.geekstogo.com/OTM.exe
Save it to your desktop.
Please click OTM and then click >> Run.
Copy all the blue lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Processes
explorer.exe
:Files
c:\windows\SYSTEM32\SET*.tmp 
:services
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C(or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

===

Remove your version of the Reader using the Add/Remove Programs applet.

Will reinstall it when this computer is clean.

++++++

Download https://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. ( Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please let me know what problem persists.
__________________
nasdaq is offline  
Old 05-06-2011, 01:07 PM   #5
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



All the same conditions as previously listed. I forgot to list one. Upon restart, or shutdown, the computer will not complete the process and I have to manually power down.

I actually have Adobe Acrobat Professional 8. I use this program often for work and I do not want to remove at this time. I will do that as a final step. I hope this will not thwart our efforts.

OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\SYSTEM32\SET10B2.tmp moved successfully.
c:\windows\SYSTEM32\SET10B9.tmp moved successfully.
c:\windows\SYSTEM32\SET10BA.tmp moved successfully.
c:\windows\SYSTEM32\SET10BB.tmp moved successfully.
c:\windows\SYSTEM32\SET113F.tmp moved successfully.
c:\windows\SYSTEM32\SET1145.tmp moved successfully.
c:\windows\SYSTEM32\SET1186.tmp moved successfully.
c:\windows\SYSTEM32\SET120.tmp moved successfully.
c:\windows\SYSTEM32\SET125.tmp moved successfully.
c:\windows\SYSTEM32\SET127E.tmp moved successfully.
c:\windows\SYSTEM32\SET127F.tmp moved successfully.
c:\windows\SYSTEM32\SET128.tmp moved successfully.
c:\windows\SYSTEM32\SET1283.tmp moved successfully.
c:\windows\SYSTEM32\SET1284.tmp moved successfully.
c:\windows\SYSTEM32\SET1285.tmp moved successfully.
c:\windows\SYSTEM32\SET1287.tmp moved successfully.
c:\windows\SYSTEM32\SET1289.tmp moved successfully.
c:\windows\SYSTEM32\SET128A.tmp moved successfully.
c:\windows\SYSTEM32\SET128B.tmp moved successfully.
c:\windows\SYSTEM32\SET129.tmp moved successfully.
c:\windows\SYSTEM32\SET12A.tmp moved successfully.
c:\windows\SYSTEM32\SET12E.tmp moved successfully.
c:\windows\SYSTEM32\SET132.tmp moved successfully.
c:\windows\SYSTEM32\SET133.tmp moved successfully.
c:\windows\SYSTEM32\SET134.tmp moved successfully.
c:\windows\SYSTEM32\SET137.tmp moved successfully.
c:\windows\SYSTEM32\SET138.tmp moved successfully.
c:\windows\SYSTEM32\SET139.tmp moved successfully.
c:\windows\SYSTEM32\SET13A.tmp moved successfully.
c:\windows\SYSTEM32\SET13B.tmp moved successfully.
c:\windows\SYSTEM32\SET13C.tmp moved successfully.
c:\windows\SYSTEM32\SET13D.tmp moved successfully.
c:\windows\SYSTEM32\SET13E.tmp moved successfully.
c:\windows\SYSTEM32\SET141.tmp moved successfully.
c:\windows\SYSTEM32\SET142.tmp moved successfully.
c:\windows\SYSTEM32\SET143.tmp moved successfully.
c:\windows\SYSTEM32\SET144.tmp moved successfully.
c:\windows\SYSTEM32\SET145.tmp moved successfully.
c:\windows\SYSTEM32\SET146.tmp moved successfully.
c:\windows\SYSTEM32\SET147.tmp moved successfully.
c:\windows\SYSTEM32\SET157.tmp moved successfully.
c:\windows\SYSTEM32\SET158.tmp moved successfully.
c:\windows\SYSTEM32\SET159.tmp moved successfully.
c:\windows\SYSTEM32\SET15D.tmp moved successfully.
c:\windows\SYSTEM32\SET161.tmp moved successfully.
c:\windows\SYSTEM32\SET162.tmp moved successfully.
c:\windows\SYSTEM32\SET163.tmp moved successfully.
c:\windows\SYSTEM32\SET164.tmp moved successfully.
c:\windows\SYSTEM32\SET165.tmp moved successfully.
c:\windows\SYSTEM32\SET166.tmp moved successfully.
c:\windows\SYSTEM32\SET167.tmp moved successfully.
c:\windows\SYSTEM32\SET20A.tmp moved successfully.
c:\windows\SYSTEM32\SET20B.tmp moved successfully.
c:\windows\SYSTEM32\SET20C.tmp moved successfully.
c:\windows\SYSTEM32\SET210.tmp moved successfully.
c:\windows\SYSTEM32\SET215.tmp moved successfully.
c:\windows\SYSTEM32\SET216.tmp moved successfully.
c:\windows\SYSTEM32\SET217.tmp moved successfully.
c:\windows\SYSTEM32\SET218.tmp moved successfully.
c:\windows\SYSTEM32\SET219.tmp moved successfully.
c:\windows\SYSTEM32\SET21A.tmp moved successfully.
c:\windows\SYSTEM32\SET21B.tmp moved successfully.
c:\windows\SYSTEM32\SET21C.tmp moved successfully.
c:\windows\SYSTEM32\SET21D.tmp moved successfully.
c:\windows\SYSTEM32\SET21E.tmp moved successfully.
c:\windows\SYSTEM32\SET21F.tmp moved successfully.
c:\windows\SYSTEM32\SET220.tmp moved successfully.
c:\windows\SYSTEM32\SET221.tmp moved successfully.
c:\windows\SYSTEM32\SET222.tmp moved successfully.
c:\windows\SYSTEM32\SET223.tmp moved successfully.
c:\windows\SYSTEM32\SET224.tmp moved successfully.
c:\windows\SYSTEM32\SET225.tmp moved successfully.
c:\windows\SYSTEM32\SET226.tmp moved successfully.
c:\windows\SYSTEM32\SET269.tmp moved successfully.
c:\windows\SYSTEM32\SET26A.tmp moved successfully.
c:\windows\SYSTEM32\SET26B.tmp moved successfully.
c:\windows\SYSTEM32\SET26F.tmp moved successfully.
c:\windows\SYSTEM32\SET273.tmp moved successfully.
c:\windows\SYSTEM32\SET274.tmp moved successfully.
c:\windows\SYSTEM32\SET275.tmp moved successfully.
c:\windows\SYSTEM32\SET276.tmp moved successfully.
c:\windows\SYSTEM32\SET277.tmp moved successfully.
c:\windows\SYSTEM32\SET278.tmp moved successfully.
c:\windows\SYSTEM32\SET279.tmp moved successfully.
c:\windows\SYSTEM32\SET34.tmp moved successfully.
c:\windows\SYSTEM32\SET38.tmp moved successfully.
c:\windows\SYSTEM32\SET39.tmp moved successfully.
c:\windows\SYSTEM32\SET3A.tmp moved successfully.
c:\windows\SYSTEM32\SET3A9.tmp moved successfully.
c:\windows\SYSTEM32\SET3AA.tmp moved successfully.
c:\windows\SYSTEM32\SET3AB.tmp moved successfully.
c:\windows\SYSTEM32\SET3AF.tmp moved successfully.
c:\windows\SYSTEM32\SET3B.tmp moved successfully.
c:\windows\SYSTEM32\SET3B4.tmp moved successfully.
c:\windows\SYSTEM32\SET3B5.tmp moved successfully.
c:\windows\SYSTEM32\SET3B6.tmp moved successfully.
c:\windows\SYSTEM32\SET3B7.tmp moved successfully.
c:\windows\SYSTEM32\SET3B8.tmp moved successfully.
c:\windows\SYSTEM32\SET3B9.tmp moved successfully.
c:\windows\SYSTEM32\SET3BA.tmp moved successfully.
c:\windows\SYSTEM32\SET3C.tmp moved successfully.
c:\windows\SYSTEM32\SET3CB.tmp moved successfully.
c:\windows\SYSTEM32\SET3CC.tmp moved successfully.
c:\windows\SYSTEM32\SET3CD.tmp moved successfully.
c:\windows\SYSTEM32\SET3D.tmp moved successfully.
c:\windows\SYSTEM32\SET3D1.tmp moved successfully.
c:\windows\SYSTEM32\SET3D6.tmp moved successfully.
c:\windows\SYSTEM32\SET3D7.tmp moved successfully.
c:\windows\SYSTEM32\SET3D8.tmp moved successfully.
c:\windows\SYSTEM32\SET3D9.tmp moved successfully.
c:\windows\SYSTEM32\SET3DA.tmp moved successfully.
c:\windows\SYSTEM32\SET3DB.tmp moved successfully.
c:\windows\SYSTEM32\SET3DC.tmp moved successfully.
c:\windows\SYSTEM32\SET3DD.tmp moved successfully.
c:\windows\SYSTEM32\SET3DE.tmp moved successfully.
c:\windows\SYSTEM32\SET3DF.tmp moved successfully.
c:\windows\SYSTEM32\SET3E.tmp moved successfully.
c:\windows\SYSTEM32\SET3E0.tmp moved successfully.
c:\windows\SYSTEM32\SET3E3.tmp moved successfully.
c:\windows\SYSTEM32\SET3E4.tmp moved successfully.
c:\windows\SYSTEM32\SET3E5.tmp moved successfully.
c:\windows\SYSTEM32\SET3E6.tmp moved successfully.
c:\windows\SYSTEM32\SET3E7.tmp moved successfully.
c:\windows\SYSTEM32\SET3E8.tmp moved successfully.
c:\windows\SYSTEM32\SET3E9.tmp moved successfully.
c:\windows\SYSTEM32\SET3F.tmp moved successfully.
c:\windows\SYSTEM32\SET40.tmp moved successfully.
c:\windows\SYSTEM32\SET400.tmp moved successfully.
c:\windows\SYSTEM32\SET401.tmp moved successfully.
c:\windows\SYSTEM32\SET402.tmp moved successfully.
c:\windows\SYSTEM32\SET407.tmp moved successfully.
c:\windows\SYSTEM32\SET40B.tmp moved successfully.
c:\windows\SYSTEM32\SET40C.tmp moved successfully.
c:\windows\SYSTEM32\SET40D.tmp moved successfully.
c:\windows\SYSTEM32\SET40E.tmp moved successfully.
c:\windows\SYSTEM32\SET40F.tmp moved successfully.
c:\windows\SYSTEM32\SET41.tmp moved successfully.
c:\windows\SYSTEM32\SET410.tmp moved successfully.
c:\windows\SYSTEM32\SET411.tmp moved successfully.
c:\windows\SYSTEM32\SET42.tmp moved successfully.
c:\windows\SYSTEM32\SET429.tmp moved successfully.
c:\windows\SYSTEM32\SET42A.tmp moved successfully.
c:\windows\SYSTEM32\SET42B.tmp moved successfully.
c:\windows\SYSTEM32\SET43.tmp moved successfully.
c:\windows\SYSTEM32\SET430.tmp moved successfully.
c:\windows\SYSTEM32\SET434.tmp moved successfully.
c:\windows\SYSTEM32\SET435.tmp moved successfully.
c:\windows\SYSTEM32\SET436.tmp moved successfully.
c:\windows\SYSTEM32\SET437.tmp moved successfully.
c:\windows\SYSTEM32\SET438.tmp moved successfully.
c:\windows\SYSTEM32\SET439.tmp moved successfully.
c:\windows\SYSTEM32\SET43A.tmp moved successfully.
c:\windows\SYSTEM32\SET43D.tmp moved successfully.
c:\windows\SYSTEM32\SET44.tmp moved successfully.
c:\windows\SYSTEM32\SET441.tmp moved successfully.
c:\windows\SYSTEM32\SET442.tmp moved successfully.
c:\windows\SYSTEM32\SET443.tmp moved successfully.
c:\windows\SYSTEM32\SET45.tmp moved successfully.
c:\windows\SYSTEM32\SET458.tmp moved successfully.
c:\windows\SYSTEM32\SET45C.tmp moved successfully.
c:\windows\SYSTEM32\SET46.tmp moved successfully.
c:\windows\SYSTEM32\SET460.tmp moved successfully.
c:\windows\SYSTEM32\SET461.tmp moved successfully.
c:\windows\SYSTEM32\SET462.tmp moved successfully.
c:\windows\SYSTEM32\SET463.tmp moved successfully.
c:\windows\SYSTEM32\SET464.tmp moved successfully.
c:\windows\SYSTEM32\SET465.tmp moved successfully.
c:\windows\SYSTEM32\SET466.tmp moved successfully.
c:\windows\SYSTEM32\SET468.tmp moved successfully.
c:\windows\SYSTEM32\SET47.tmp moved successfully.
c:\windows\SYSTEM32\SET47F.tmp moved successfully.
c:\windows\SYSTEM32\SET48.tmp moved successfully.
c:\windows\SYSTEM32\SET480.tmp moved successfully.
c:\windows\SYSTEM32\SET481.tmp moved successfully.
c:\windows\SYSTEM32\SET482.tmp moved successfully.
c:\windows\SYSTEM32\SET483.tmp moved successfully.
c:\windows\SYSTEM32\SET484.tmp moved successfully.
c:\windows\SYSTEM32\SET486.tmp moved successfully.
c:\windows\SYSTEM32\SET488.tmp moved successfully.
c:\windows\SYSTEM32\SET48A.tmp moved successfully.
c:\windows\SYSTEM32\SET48B.tmp moved successfully.
c:\windows\SYSTEM32\SET48C.tmp moved successfully.
c:\windows\SYSTEM32\SET48D.tmp moved successfully.
c:\windows\SYSTEM32\SET48E.tmp moved successfully.
c:\windows\SYSTEM32\SET48F.tmp moved successfully.
c:\windows\SYSTEM32\SET49.tmp moved successfully.
c:\windows\SYSTEM32\SET490.tmp moved successfully.
c:\windows\SYSTEM32\SET491.tmp moved successfully.
c:\windows\SYSTEM32\SET492.tmp moved successfully.
c:\windows\SYSTEM32\SET493.tmp moved successfully.
c:\windows\SYSTEM32\SET494.tmp moved successfully.
c:\windows\SYSTEM32\SET495.tmp moved successfully.
c:\windows\SYSTEM32\SET496.tmp moved successfully.
c:\windows\SYSTEM32\SET498.tmp moved successfully.
c:\windows\SYSTEM32\SET499.tmp moved successfully.
c:\windows\SYSTEM32\SET49A.tmp moved successfully.
c:\windows\SYSTEM32\SET49B.tmp moved successfully.
c:\windows\SYSTEM32\SET49E.tmp moved successfully.
c:\windows\SYSTEM32\SET4A.tmp moved successfully.
c:\windows\SYSTEM32\SET4A2.tmp moved successfully.
c:\windows\SYSTEM32\SET4A3.tmp moved successfully.
c:\windows\SYSTEM32\SET4A4.tmp moved successfully.
c:\windows\SYSTEM32\SET4A5.tmp moved successfully.
c:\windows\SYSTEM32\SET4A6.tmp moved successfully.
c:\windows\SYSTEM32\SET4A7.tmp moved successfully.
c:\windows\SYSTEM32\SET4A8.tmp moved successfully.
c:\windows\SYSTEM32\SET4B.tmp moved successfully.
c:\windows\SYSTEM32\SET4C.tmp moved successfully.
c:\windows\SYSTEM32\SET4D.tmp moved successfully.
c:\windows\SYSTEM32\SET4E.tmp moved successfully.
c:\windows\SYSTEM32\SET4F.tmp moved successfully.
c:\windows\SYSTEM32\SET50.tmp moved successfully.
c:\windows\SYSTEM32\SET51.tmp moved successfully.
c:\windows\SYSTEM32\SET52.tmp moved successfully.
c:\windows\SYSTEM32\SET53.tmp moved successfully.
c:\windows\SYSTEM32\SET54.tmp moved successfully.
c:\windows\SYSTEM32\SET545.tmp moved successfully.
c:\windows\SYSTEM32\SET546.tmp moved successfully.
c:\windows\SYSTEM32\SET547.tmp moved successfully.
c:\windows\SYSTEM32\SET54B.tmp moved successfully.
c:\windows\SYSTEM32\SET54F.tmp moved successfully.
c:\windows\SYSTEM32\SET55.tmp moved successfully.
c:\windows\SYSTEM32\SET550.tmp moved successfully.
c:\windows\SYSTEM32\SET551.tmp moved successfully.
c:\windows\SYSTEM32\SET552.tmp moved successfully.
c:\windows\SYSTEM32\SET553.tmp moved successfully.
c:\windows\SYSTEM32\SET554.tmp moved successfully.
c:\windows\SYSTEM32\SET555.tmp moved successfully.
c:\windows\SYSTEM32\SET556.tmp moved successfully.
c:\windows\SYSTEM32\SET557.tmp moved successfully.
c:\windows\SYSTEM32\SET558.tmp moved successfully.
c:\windows\SYSTEM32\SET55C.tmp moved successfully.
c:\windows\SYSTEM32\SET56.tmp moved successfully.
c:\windows\SYSTEM32\SET560.tmp moved successfully.
c:\windows\SYSTEM32\SET561.tmp moved successfully.
c:\windows\SYSTEM32\SET562.tmp moved successfully.
c:\windows\SYSTEM32\SET563.tmp moved successfully.
c:\windows\SYSTEM32\SET564.tmp moved successfully.
c:\windows\SYSTEM32\SET565.tmp moved successfully.
c:\windows\SYSTEM32\SET566.tmp moved successfully.
c:\windows\SYSTEM32\SET57.tmp moved successfully.
c:\windows\SYSTEM32\SET58.tmp moved successfully.
c:\windows\SYSTEM32\SET59.tmp moved successfully.
c:\windows\SYSTEM32\SET5A.tmp moved successfully.
c:\windows\SYSTEM32\SET5B.tmp moved successfully.
c:\windows\SYSTEM32\SET5C.tmp moved successfully.
c:\windows\SYSTEM32\SET5D.tmp moved successfully.
c:\windows\SYSTEM32\SET5E.tmp moved successfully.
c:\windows\SYSTEM32\SET5F.tmp moved successfully.
c:\windows\SYSTEM32\SET60.tmp moved successfully.
c:\windows\SYSTEM32\SET61.tmp moved successfully.
c:\windows\SYSTEM32\SET62.tmp moved successfully.
c:\windows\SYSTEM32\SET63.tmp moved successfully.
c:\windows\SYSTEM32\SET64.tmp moved successfully.
c:\windows\SYSTEM32\SET65.tmp moved successfully.
c:\windows\SYSTEM32\SET66.tmp moved successfully.
c:\windows\SYSTEM32\SET67.tmp moved successfully.
c:\windows\SYSTEM32\SET68.tmp moved successfully.
c:\windows\SYSTEM32\SET69.tmp moved successfully.
c:\windows\SYSTEM32\SET6A.tmp moved successfully.
c:\windows\SYSTEM32\SET6B.tmp moved successfully.
c:\windows\SYSTEM32\SET6C.tmp moved successfully.
c:\windows\SYSTEM32\SET6D.tmp moved successfully.
c:\windows\SYSTEM32\SET6E.tmp moved successfully.
c:\windows\SYSTEM32\SET6F.tmp moved successfully.
c:\windows\SYSTEM32\SET70.tmp moved successfully.
c:\windows\SYSTEM32\SET71.tmp moved successfully.
c:\windows\SYSTEM32\SET72.tmp moved successfully.
c:\windows\SYSTEM32\SET73.tmp moved successfully.
c:\windows\SYSTEM32\SET74.tmp moved successfully.
c:\windows\SYSTEM32\SET75.tmp moved successfully.
c:\windows\SYSTEM32\SET76.tmp moved successfully.
c:\windows\SYSTEM32\SET77.tmp moved successfully.
c:\windows\SYSTEM32\SET78.tmp moved successfully.
c:\windows\SYSTEM32\SET79.tmp moved successfully.
c:\windows\SYSTEM32\SET7A.tmp moved successfully.
c:\windows\SYSTEM32\SET7B.tmp moved successfully.
c:\windows\SYSTEM32\SET7C.tmp moved successfully.
c:\windows\SYSTEM32\SET7D.tmp moved successfully.
c:\windows\SYSTEM32\SET7E.tmp moved successfully.
c:\windows\SYSTEM32\SET7F.tmp moved successfully.
c:\windows\SYSTEM32\SET80.tmp moved successfully.
c:\windows\SYSTEM32\SET81.tmp moved successfully.
c:\windows\SYSTEM32\SET82.tmp moved successfully.
c:\windows\SYSTEM32\SET83.tmp moved successfully.
c:\windows\SYSTEM32\SET84.tmp moved successfully.
c:\windows\SYSTEM32\SET85.tmp moved successfully.
c:\windows\SYSTEM32\SET86.tmp moved successfully.
c:\windows\SYSTEM32\SET87.tmp moved successfully.
c:\windows\SYSTEM32\SET88.tmp moved successfully.
c:\windows\SYSTEM32\SET89.tmp moved successfully.
c:\windows\SYSTEM32\SET8A.tmp moved successfully.
c:\windows\SYSTEM32\SET8B.tmp moved successfully.
c:\windows\SYSTEM32\SET8C.tmp moved successfully.
c:\windows\SYSTEM32\SET8D.tmp moved successfully.
c:\windows\SYSTEM32\SET8E.tmp moved successfully.
c:\windows\SYSTEM32\SET8F.tmp moved successfully.
c:\windows\SYSTEM32\SET90.tmp moved successfully.
c:\windows\SYSTEM32\SET91.tmp moved successfully.
c:\windows\SYSTEM32\SET92.tmp moved successfully.
c:\windows\SYSTEM32\SET93.tmp moved successfully.
c:\windows\SYSTEM32\SET94.tmp moved successfully.
c:\windows\SYSTEM32\SET95.tmp moved successfully.
c:\windows\SYSTEM32\SET96.tmp moved successfully.
c:\windows\SYSTEM32\SET97.tmp moved successfully.
c:\windows\SYSTEM32\SET98.tmp moved successfully.
c:\windows\SYSTEM32\SET99.tmp moved successfully.
c:\windows\SYSTEM32\SET9A.tmp moved successfully.
c:\windows\SYSTEM32\SET9B.tmp moved successfully.
c:\windows\SYSTEM32\SET9C.tmp moved successfully.
c:\windows\SYSTEM32\SET9D.tmp moved successfully.
c:\windows\SYSTEM32\SET9E.tmp moved successfully.
c:\windows\SYSTEM32\SET9F.tmp moved successfully.
c:\windows\SYSTEM32\SETA0.tmp moved successfully.
c:\windows\SYSTEM32\SETA1.tmp moved successfully.
c:\windows\SYSTEM32\SETA2.tmp moved successfully.
c:\windows\SYSTEM32\SETA3.tmp moved successfully.
c:\windows\SYSTEM32\SETA4.tmp moved successfully.
c:\windows\SYSTEM32\SETA5.tmp moved successfully.
c:\windows\SYSTEM32\SETA6.tmp moved successfully.
c:\windows\SYSTEM32\SETA7.tmp moved successfully.
c:\windows\SYSTEM32\SETA8.tmp moved successfully.
c:\windows\SYSTEM32\SETA9.tmp moved successfully.
c:\windows\SYSTEM32\SETAA.tmp moved successfully.
c:\windows\SYSTEM32\SETAB.tmp moved successfully.
c:\windows\SYSTEM32\SETAC.tmp moved successfully.
c:\windows\SYSTEM32\SETAD.tmp moved successfully.
c:\windows\SYSTEM32\SETAE.tmp moved successfully.
c:\windows\SYSTEM32\SETAF.tmp moved successfully.
c:\windows\SYSTEM32\SETB0.tmp moved successfully.
c:\windows\SYSTEM32\SETB1.tmp moved successfully.
c:\windows\SYSTEM32\SETB2.tmp moved successfully.
c:\windows\SYSTEM32\SETB3.tmp moved successfully.
c:\windows\SYSTEM32\SETB4.tmp moved successfully.
c:\windows\SYSTEM32\SETB5.tmp moved successfully.
c:\windows\SYSTEM32\SETB6.tmp moved successfully.
c:\windows\SYSTEM32\SETB78.tmp moved successfully.
c:\windows\SYSTEM32\SETB7C.tmp moved successfully.
c:\windows\SYSTEM32\SETB7D.tmp moved successfully.
c:\windows\SYSTEM32\SETB7E.tmp moved successfully.
c:\windows\SYSTEM32\SETB82.tmp moved successfully.
c:\windows\SYSTEM32\SETB86.tmp moved successfully.
c:\windows\SYSTEM32\SETB8B.tmp moved successfully.
c:\windows\SYSTEM32\SETB8C.tmp moved successfully.
c:\windows\SYSTEM32\SETB8D.tmp moved successfully.
c:\windows\SYSTEM32\SETB8E.tmp moved successfully.
c:\windows\SYSTEM32\SETB8F.tmp moved successfully.
c:\windows\SYSTEM32\SETB90.tmp moved successfully.
c:\windows\SYSTEM32\SETB91.tmp moved successfully.
c:\windows\SYSTEM32\SETB92.tmp moved successfully.
c:\windows\SYSTEM32\SETBB.tmp moved successfully.
c:\windows\SYSTEM32\SETBC.tmp moved successfully.
c:\windows\SYSTEM32\SETBD.tmp moved successfully.
c:\windows\SYSTEM32\SETBE.tmp moved successfully.
c:\windows\SYSTEM32\SETBF.tmp moved successfully.
c:\windows\SYSTEM32\SETC0.tmp moved successfully.
c:\windows\SYSTEM32\SETC1.tmp moved successfully.
c:\windows\SYSTEM32\SETC2.tmp moved successfully.
c:\windows\SYSTEM32\SETC3.tmp moved successfully.
c:\windows\SYSTEM32\SETC4.tmp moved successfully.
c:\windows\SYSTEM32\SETC5.tmp moved successfully.
c:\windows\SYSTEM32\SETC6.tmp moved successfully.
c:\windows\SYSTEM32\SETC7.tmp moved successfully.
c:\windows\SYSTEM32\SETC8.tmp moved successfully.
c:\windows\SYSTEM32\SETC9.tmp moved successfully.
c:\windows\SYSTEM32\SETCA.tmp moved successfully.
c:\windows\SYSTEM32\SETCB.tmp moved successfully.
c:\windows\SYSTEM32\SETCC.tmp moved successfully.
c:\windows\SYSTEM32\SETCD.tmp moved successfully.
c:\windows\SYSTEM32\SETCE.tmp moved successfully.
c:\windows\SYSTEM32\SETCF.tmp moved successfully.
c:\windows\SYSTEM32\SETD1.tmp moved successfully.
c:\windows\SYSTEM32\SETD3.tmp moved successfully.
c:\windows\SYSTEM32\SETD4.tmp moved successfully.
c:\windows\SYSTEM32\SETD5.tmp moved successfully.
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.DELGADOFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2630886 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Charlie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43311 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44843828 bytes
->Flash cache emptied: 45722 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 101281 bytes
->Flash cache emptied: 83 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 95710 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mackenzie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1063016 bytes
->FireFox cache emptied: 25678865 bytes
->Flash cache emptied: 13846 bytes

User: Marcella
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 954206 bytes
->Java cache emptied: 13 bytes
->FireFox cache emptied: 51981352 bytes
->Google Chrome cache emptied: 252904834 bytes
->Flash cache emptied: 117906 bytes

User: Maura
->Temp folder emptied: 1565424964 bytes
->Temporary Internet Files folder emptied: 324718672 bytes
->Java cache emptied: 6013513 bytes
->FireFox cache emptied: 37842873 bytes
->Flash cache emptied: 262981 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 3507 bytes
->Temporary Internet Files folder emptied: 26105619 bytes
->Java cache emptied: 21644561 bytes
->FireFox cache emptied: 102186254 bytes
->Google Chrome cache emptied: 241083222 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 6474194 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: QBDataServiceUser20
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9378690 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 282359 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35466 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,596.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 05062011_120217

Files moved on Reboot...
File C:\Documents and Settings\Owner\Local Settings\Temp\meagain2.jpg not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\yellow.jpg not found!
C:\WINDOWS\temp\services.log moved successfully.

Registry entries deleted on Reboot...


aswmbr

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-06 12:51:34
-----------------------------
12:51:34.578 OS Version: Windows 5.1.2600 Service Pack 3
12:51:34.578 Number of processors: 2 586 0x401
12:51:34.578 ComputerName: DELGADOFAMILY UserName: Owner
12:51:35.937 Initialize success
12:52:02.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
12:52:02.328 Disk 0 Vendor: WDC_WD3200AAKS-00SBA0 12.01B01 Size: 305245MB BusType: 3
12:52:04.343 Disk 0 MBR read successfully
12:52:04.343 Disk 0 MBR scan
12:52:04.343 Disk 0 unknown MBR code
12:52:06.343 Disk 0 scanning sectors +625137345
12:52:06.375 Disk 0 scanning C:\WINDOWS\system32\drivers
12:52:17.812 Service scanning
12:52:31.968 Disk 0 trace - called modules:
12:52:31.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:52:31.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7c2ab8]
12:52:31.968 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a7a4b00]
12:52:31.984 Scan finished successfully
12:55:53.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
12:55:53.031 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Attached Files
File Type: rar MBR.rar (541 Bytes, 35 views)
crazydiamond is offline  
Old 05-07-2011, 05:34 AM   #6
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Well that was a good cleanup.

Post the last 75 lines from the WindowsUpdate.log.

To open this log, go to Start > Run and type

%windir%\WindowsUpdate.log

and press OK.
__________________
nasdaq is offline  
Old 05-09-2011, 09:37 AM   #7
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



I am now getting a warning "Your computer has not been restarted since your last installed update" It clearly has. The update files as previously mentioned are not showing up as uninstalled though.

MSE still won't start.

Windows firewall is still off when starting up...but no warning.

Windowsupdate.log (last 75 lines)

2011-05-09 09:12:57:250 1364 f30 COMAPI WARNING: Operation failed due to earlier error, hr=8024402C
2011-05-09 09:12:57:250 1364 f30 COMAPI FATAL: Unable to complete asynchronous search. (hr=8024402C)
2011-05-09 09:13:20:703 1080 550 AU Network connection established, AU can do detection now
2011-05-09 09:13:20:703 1080 550 AU #############
2011-05-09 09:13:20:703 1080 550 AU ## START ## AU: Search for updates
2011-05-09 09:13:20:703 1080 550 AU #########
2011-05-09 09:13:20:718 1080 550 AU <<## SUBMITTED ## AU: Search for updates [CallId = {4BA30440-34F9-4EFD-88DD-0548FEC84874}]
2011-05-09 09:13:20:718 1080 2ac Agent *************
2011-05-09 09:13:20:718 1080 2ac Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2011-05-09 09:13:20:718 1080 2ac Agent *********
2011-05-09 09:13:20:718 1080 2ac Agent * Online = Yes; Ignore download priority = No
2011-05-09 09:13:20:718 1080 2ac Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2011-05-09 09:13:20:718 1080 2ac Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2011-05-09 09:13:20:718 1080 2ac Agent * Search Scope = {Machine}
2011-05-09 09:13:20:859 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:13:20:906 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:27:265 2024 a64 Handler Install completed with 0x80070bc2.
2011-05-09 09:13:27:296 2024 f58 Handler : Install completed: result type = 0x1, installer error = False, error = 0x80070bc2, disabled until reboot = No, reboot required = Yes
2011-05-09 09:13:27:296 2024 f58 Handler :::::::::
2011-05-09 09:13:27:296 2024 f58 Handler :: END :: Handler: Windows Patch Install
2011-05-09 09:13:27:296 2024 f58 Handler :::::::::::::
2011-05-09 09:13:27:343 1080 c84 AU >>## RESUMED ## AU: Installing update [UpdateId = {D53DC918-BAE4-4B71-8F2E-BC4E5749B387}, succeeded]
2011-05-09 09:13:27:609 1080 b28 DnldMgr Preparing update for install, updateId = {2C15EDA9-8D79-4EE3-BCF6-6A1D4802BE29}.103.
2011-05-09 09:13:27:625 2024 ac8 Handler :::::::::::::
2011-05-09 09:13:27:625 2024 ac8 Handler :: START :: Handler: Windows Patch Install
2011-05-09 09:13:27:625 2024 ac8 Handler :::::::::
2011-05-09 09:13:27:625 2024 ac8 Handler : Updates to install = 1
2011-05-09 09:13:27:625 2024 ac8 Handler : Installing update {2C15EDA9-8D79-4EE3-BCF6-6A1D4802BE29}.103
2011-05-09 09:13:27:625 2024 828 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858.
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: Send failed with hr = 80072ee7.
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: WinHttp: SendRequestUsingProxy failed for <https://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2011-05-09 09:13:38:765 1080 2ac Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2011-05-09 09:13:44:279 2024 828 Handler Install completed with 0x80070bc2.
2011-05-09 09:13:44:279 2024 ac8 Handler : Install completed: result type = 0x1, installer error = False, error = 0x80070bc2, disabled until reboot = No, reboot required = Yes
2011-05-09 09:13:44:279 2024 ac8 Handler :::::::::
2011-05-09 09:13:44:279 2024 ac8 Handler :: END :: Handler: Windows Patch Install
2011-05-09 09:13:44:279 2024 ac8 Handler :::::::::::::
2011-05-09 09:13:44:295 1080 c84 AU >>## RESUMED ## AU: Installing update [UpdateId = {A6708B58-ACFA-4D44-B7C2-87AA935C6575}, succeeded]
2011-05-09 09:13:44:311 1080 b28 DnldMgr Preparing update for install, updateId = {E0B14365-7BAA-464B-916E-4842C50653F1}.105.
2011-05-09 09:13:44:326 2024 1c0 Handler :::::::::::::
2011-05-09 09:13:44:326 2024 1c0 Handler :: START :: Handler: Windows Patch Install
2011-05-09 09:13:44:326 2024 1c0 Handler :::::::::
2011-05-09 09:13:44:326 2024 1c0 Handler : Updates to install = 1
2011-05-09 09:13:44:342 2024 1c0 Handler : Installing update {E0B14365-7BAA-464B-916E-4842C50653F1}.105
2011-05-09 09:13:44:342 2024 ee0 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\4a68e5ecf881bfdf9f622e39f79b4af0.
2011-05-09 09:13:57:355 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:13:57:370 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:57:480 1080 2ac Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at https://download.windowsupdate.com/v9...dir/muauth.cab
2011-05-09 09:13:57:495 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2011-05-09 09:13:57:495 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:57:620 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2011-05-09 09:13:57:636 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:57:636 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:13:57:636 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:57:776 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:13:57:792 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:13:57:823 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2011-05-09 09:13:57:886 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:00:573 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2011-05-09 09:14:00:573 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:01:276 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2011-05-09 09:14:01:291 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:01:432 1080 2ac Setup *********** Setup: Checking whether self-update is required ***********
2011-05-09 09:14:01:463 1080 2ac Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2011-05-09 09:14:01:604 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:651 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:713 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:713 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:713 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:776 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:776 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:854 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:854 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:01:947 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:02:026 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:02:119 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:02:276 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:02:322 1080 2ac Setup * IsUpdateRequired = No
2011-05-09 09:14:02:322 1080 2ac Setup Found non-managed non-WU Service registered with AU
2011-05-09 09:14:02:588 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:14:02:604 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:02:729 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:14:02:744 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:02:744 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.cab:
2011-05-09 09:14:02:791 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:02:947 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.cab:
2011-05-09 09:14:02:963 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:03:307 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab:
2011-05-09 09:14:03:322 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:03:478 1080 2ac Setup *********** Setup: Checking whether self-update is required ***********
2011-05-09 09:14:03:478 1080 2ac Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.inf
2011-05-09 09:14:03:869 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\mucltui.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:03:916 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\mucltui.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:04:041 1080 2ac Setup Update NOT required for C:\WINDOWS\system32\muweb.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2011-05-09 09:14:04:041 1080 2ac Setup * IsUpdateRequired = No
2011-05-09 09:14:26:864 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:14:26:880 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:27:130 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:14:27:145 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:14:27:161 1080 2ac PT +++++++++++ PT: Synchronizing server updates +++++++++++
2011-05-09 09:14:27:176 1080 2ac PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
2011-05-09 09:14:27:176 1080 2ac PT WARNING: Cached cookie has expired or new PID is available
2011-05-09 09:15:02:060 2024 ee0 Handler Install completed with 0x80070bc2.
2011-05-09 09:15:02:060 2024 1c0 Handler : Install completed: result type = 0x1, installer error = False, error = 0x80070bc2, disabled until reboot = No, reboot required = Yes
2011-05-09 09:15:02:060 2024 1c0 Handler :::::::::
2011-05-09 09:15:02:060 2024 1c0 Handler :: END :: Handler: Windows Patch Install
2011-05-09 09:15:02:075 2024 1c0 Handler :::::::::::::
2011-05-09 09:15:02:075 1080 c84 AU >>## RESUMED ## AU: Installing update [UpdateId = {BE57677A-B3B1-40F0-9D51-811058A4822D}, succeeded]
2011-05-09 09:15:02:200 1080 b28 Agent *********
2011-05-09 09:15:02:200 1080 c84 AU Install call completed.
2011-05-09 09:15:02:200 1080 b28 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2011-05-09 09:15:02:200 1080 c84 AU # WARNING: Install call completed, reboot required = Yes, error = 0x00000000
2011-05-09 09:15:02:200 1080 c84 AU #########
2011-05-09 09:15:02:200 1080 b28 Agent *************
2011-05-09 09:15:02:200 1080 c84 AU ## END ## AU: Installing updates [CallId = {9AE245A5-330D-4F6C-8430-68F32F2E9E89}]
2011-05-09 09:15:02:200 1080 c84 AU #############
2011-05-09 09:15:02:200 1080 c84 AU Install complete for all calls, reboot needed
2011-05-09 09:15:02:263 1080 c84 AU Setting AU scheduled install time to 2011-05-10 10:00:00
2011-05-09 09:15:02:278 1080 c84 AU AU setting pending client directive to 'Reboot Warning'
2011-05-09 09:15:02:278 1080 c84 AU Piggybacking on an AU detection already in progress
2011-05-09 09:15:14:526 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:15:14:526 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:15:14:854 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:15:14:870 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:15:14:885 1080 2ac PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2011-05-09 09:15:14:885 1080 2ac PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
2011-05-09 09:15:17:275 1080 550 Misc WARNING: IsSessionNonstandardUI: WTSQuerySessionInformation(WinStationInitialProgram) failed for session 0, GetLastError=0
2011-05-09 09:15:17:291 1080 550 AU Launched new AU client for directive 'Reboot Warning', session id = 0x0
2011-05-09 09:15:17:338 456 6c4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0700) ===========
2011-05-09 09:15:17:338 456 6c4 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2011-05-09 09:15:17:338 456 6c4 AUClnt Launched Client UI process
2011-05-09 09:15:17:713 456 6c4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0700) ===========
2011-05-09 09:15:17:713 456 6c4 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2011-05-09 09:15:17:728 456 6c4 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2011-05-09 09:15:17:713 456 6c4 CltUI AU client got new directive = 'Reboot Warning', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000
2011-05-09 09:15:18:166 1080 2ac Agent * Added update {BE57677A-B3B1-40F0-9D51-811058A4822D}.105 to search result
2011-05-09 09:15:18:166 1080 2ac Agent * Found 1 updates and 58 categories in search; evaluated appl. rules of 1318 out of 2155 deployed entities
2011-05-09 09:15:18:181 1080 2ac Agent *********
2011-05-09 09:15:18:181 1080 2ac Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2011-05-09 09:15:18:181 1080 2ac Agent *************
2011-05-09 09:15:18:213 1080 c84 AU >>## RESUMED ## AU: Search for updates [CallId = {4BA30440-34F9-4EFD-88DD-0548FEC84874}]
2011-05-09 09:15:18:213 1080 c84 AU # 1 updates detected
2011-05-09 09:15:18:213 1080 2ac Report REPORT EVENT: {BE5B92D8-404F-4CEA-9A4F-45C7CACD5EBD} 2011-05-09 09:13:27:343-0700 1 191 101 {D53DC918-BAE4-4B71-8F2E-BC4E5749B387} 103 0 AutomaticUpdates Success Content Install Installation successful and restart required for the following update: Security Update for Windows XP (KB2509553)
2011-05-09 09:15:18:213 1080 c84 AU #########
2011-05-09 09:15:18:213 1080 2ac Report REPORT EVENT: {98F0AD5C-8E94-4A84-B348-6B54413CC02E} 2011-05-09 09:13:44:311-0700 1 191 101 {A6708B58-ACFA-4D44-B7C2-87AA935C6575} 103 0 AutomaticUpdates Success Content Install Installation successful and restart required for the following update: Security Update for Windows XP (KB2507618)
2011-05-09 09:15:18:213 1080 c84 AU ## END ## AU: Search for updates [CallId = {4BA30440-34F9-4EFD-88DD-0548FEC84874}]
2011-05-09 09:15:18:213 1080 c84 AU #############
2011-05-09 09:15:18:213 1080 c84 AU Featured notifications is disabled.
2011-05-09 09:15:18:213 1080 2ac Report REPORT EVENT: {3B6990BA-4A12-4965-A989-3AE9441CA0D6} 2011-05-09 09:15:02:075-0700 1 191 101 {BE57677A-B3B1-40F0-9D51-811058A4822D} 105 0 AutomaticUpdates Success Content Install Installation successful and restart required for the following update: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
2011-05-09 09:15:18:213 1080 c84 AU AU setting next detection timeout to 2011-05-10 10:10:41
2011-05-09 09:15:18:228 1080 c84 AU Setting AU scheduled install time to 2011-05-10 10:00:00
2011-05-09 09:15:18:228 1080 c84 AU Auto-approving update for download, updateId = {BE57677A-B3B1-40F0-9D51-811058A4822D}.105, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2011-05-09 09:15:18:228 1080 2ac Report REPORT EVENT: {EC54CA44-3137-4E66-9848-497612DBF763} 2011-05-09 09:15:02:263-0700 1 194 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Restart Required: To complete the installation of the following updates, the computer will be restarted within 15 minutes: - Security Update for Windows XP (KB2509553) - Security Update for Windows XP (KB2507618) - Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
2011-05-09 09:15:18:228 1080 c84 AU Auto-approved 1 update(s) for download (NOT for Ux)
2011-05-09 09:15:18:228 1080 c84 AU #############
2011-05-09 09:15:18:228 1080 c84 AU ## START ## AU: Download updates
2011-05-09 09:15:18:228 1080 c84 AU #########
2011-05-09 09:15:18:228 1080 c84 AU # Approved updates = 1
2011-05-09 09:15:18:244 1080 c84 AU AU initiated download, updateId = {BE57677A-B3B1-40F0-9D51-811058A4822D}.105, callId = {A10455E5-4F42-4EE8-B850-DCBC9F9741A3}
2011-05-09 09:15:18:244 1080 c84 AU Setting AU scheduled install time to 2011-05-10 10:00:00
2011-05-09 09:15:18:244 1080 c84 AU # Pending download calls = 1
2011-05-09 09:15:18:244 1080 2ac DnldMgr *************
2011-05-09 09:15:18:244 1080 c84 AU <<## SUBMITTED ## AU: Download updates
2011-05-09 09:15:18:244 1080 2ac DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2011-05-09 09:15:18:244 1080 2ac DnldMgr *********
2011-05-09 09:15:18:244 1080 2ac DnldMgr * Call ID = {A10455E5-4F42-4EE8-B850-DCBC9F9741A3}
2011-05-09 09:15:18:244 1080 2ac DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-05-09 09:15:18:244 1080 2ac DnldMgr * Updates to download = 1
2011-05-09 09:15:18:244 1080 2ac Agent * Title = Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
2011-05-09 09:15:18:244 1080 2ac Agent * UpdateId = {BE57677A-B3B1-40F0-9D51-811058A4822D}.105
2011-05-09 09:15:18:244 1080 2ac Agent * Bundles 1 updates:
2011-05-09 09:15:18:244 1080 2ac Agent * {E0B14365-7BAA-464B-916E-4842C50653F1}.105
2011-05-09 09:15:18:259 1080 2ac DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********
2011-05-09 09:15:18:259 1080 2ac DnldMgr Contacting regulation server for 1 updates.
2011-05-09 09:15:18:259 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2011-05-09 09:15:18:259 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:15:18:259 1080 2ac PT URL for regulation server found in server config.
2011-05-09 09:15:18:259 1080 2ac DnldMgr Regulation server path: https://www.update.microsoft.com/v6/...egulation.asmx.
2011-05-09 09:15:19:134 1080 2ac DnldMgr * Regulation call complete. 0x00000000
2011-05-09 09:15:19:494 1080 2ac DnldMgr *********** DnldMgr: New download job [UpdateId = {E0B14365-7BAA-464B-916E-4842C50653F1}.105] ***********
2011-05-09 09:15:19:494 1080 2ac DnldMgr * Queueing update for download handler request generation.
2011-05-09 09:15:19:494 1080 2ac DnldMgr Generating download request for update {E0B14365-7BAA-464B-916E-4842C50653F1}.105
2011-05-09 09:15:21:243 456 6c4 CltUI AU client reboot countdown: user clicked Restart Later
2011-05-09 09:15:21:243 1080 d88 AU AU got client choice 'Reboot later' in 0 mins from sessionId 0x0
2011-05-09 09:15:21:243 1080 d88 AU AU setting pending client directive to 'Reboot Pending'
2011-05-09 09:15:21:243 1080 d88 AU Changing existing AU client directive from 'Reboot Warning' to 'Reboot Pending', session id = 0x0
2011-05-09 09:15:21:290 456 6c4 CltUI AU client got new directive = 'Reboot Pending', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000
2011-05-09 09:15:33:475 1080 550 Misc WARNING: IsSessionNonstandardUI: WTSQuerySessionInformation(WinStationInitialProgram) failed for session 0, GetLastError=0
2011-05-09 09:15:34:209 1080 2ac Handler Windows Patch download for UpdateId = {E0B14365-7BAA-464B-916E-4842C50653F1}: selected action is download full-file.
2011-05-09 09:15:34:209 1080 2ac DnldMgr *********** DnldMgr: New download job [UpdateId = {E0B14365-7BAA-464B-916E-4842C50653F1}.105] ***********
2011-05-09 09:15:34:256 1080 2ac DnldMgr * All files for update were already downloaded and are valid.
2011-05-09 09:15:34:272 1080 c84 AU >>## RESUMED ## AU: Download update [UpdateId = {BE57677A-B3B1-40F0-9D51-811058A4822D}, succeeded]
2011-05-09 09:15:34:272 1080 c84 AU #########
2011-05-09 09:15:34:272 1080 2ac Agent *********
2011-05-09 09:15:34:272 1080 c84 AU ## END ## AU: Download updates
2011-05-09 09:15:34:272 1080 2ac Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2011-05-09 09:15:34:272 1080 c84 AU #############
2011-05-09 09:15:34:272 1080 2ac Agent *************
2011-05-09 09:15:34:272 1080 c84 AU Setting AU scheduled install time to 2011-05-10 10:00:00
2011-05-09 09:15:34:272 1080 2ac Report REPORT EVENT: {64B46111-6521-47A5-BCE3-D9F6E4E42BBE} 2011-05-09 09:15:18:181-0700 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates.
2011-05-09 09:15:39:271 1080 2ac Report REPORT EVENT: {ACFF9CE7-A9AB-483B-B73D-E0C12F3F9F31} 2011-05-09 09:15:34:272-0700 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Tuesday, May 10, 2011 at 3:00 AM: - Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
2011-05-09 09:15:53:846 456 6c4 CltUI AU client reboot notification: user clicked Restart Later
2011-05-09 09:16:08:843 1080 550 Misc WARNING: IsSessionNonstandardUI: WTSQuerySessionInformation(WinStationInitialProgram) failed for session 0, GetLastError=0
2011-05-09 09:17:37:855 1364 8bc COMAPI -------------
2011-05-09 09:17:37:855 1364 8bc COMAPI -- START -- COMAPI: Search [ClientId = <NULL>]
2011-05-09 09:17:37:855 1364 8bc COMAPI ---------
2011-05-09 09:17:37:871 1080 2ac Agent *************
2011-05-09 09:17:37:871 1364 8bc COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = <NULL>]
2011-05-09 09:17:37:871 1080 2ac Agent ** START ** Agent: Finding updates [CallerId = ]
2011-05-09 09:17:37:871 1080 2ac Agent *********
2011-05-09 09:17:37:871 1080 2ac Agent * Online = Yes; Ignore download priority = No
2011-05-09 09:17:37:871 1080 2ac Agent * Criteria = "( IsInstalled = 0 and IsHidden = 0 and IsAssigned = 1 and Type='Software' )"
2011-05-09 09:17:37:871 1080 2ac Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2011-05-09 09:17:37:871 1080 2ac Agent * Search Scope = {Machine}
2011-05-09 09:17:37:871 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:17:37:886 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:38:214 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-05-09 09:17:38:230 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:38:246 1080 2ac Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at https://download.windowsupdate.com/v9...dir/muauth.cab
2011-05-09 09:17:38:246 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2011-05-09 09:17:38:246 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:38:370 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2011-05-09 09:17:38:386 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:39:323 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:17:39:339 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:39:464 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:17:39:480 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:39:480 1080 2ac PT +++++++++++ PT: Synchronizing server updates +++++++++++
2011-05-09 09:17:39:480 1080 2ac PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
2011-05-09 09:17:56:913 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:17:56:929 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:57:179 1080 2ac Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-05-09 09:17:57:195 1080 2ac Misc Microsoft signed: Yes
2011-05-09 09:17:57:195 1080 2ac PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2011-05-09 09:17:57:195 1080 2ac PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/...ce/client.asmx
2011-05-09 09:17:58:476 1080 550 AU Triggering Offline detection (non-interactive)
2011-05-09 09:17:58:476 1080 550 AU #############
2011-05-09 09:17:58:476 1080 550 AU ## START ## AU: Search for updates
2011-05-09 09:17:58:476 1080 550 AU #########
2011-05-09 09:17:58:491 1080 550 AU <<## SUBMITTED ## AU: Search for updates [CallId = {770D8C79-F6D5-410A-AB0E-A71029636E14}]
2011-05-09 09:17:58:507 1080 2ac Agent * Found 0 updates and 58 categories in search; evaluated appl. rules of 1317 out of 2155 deployed entities
2011-05-09 09:17:58:507 1080 2ac Agent *********
2011-05-09 09:17:58:507 1080 2ac Agent ** END ** Agent: Finding updates [CallerId = ]
2011-05-09 09:17:58:507 1080 2ac Agent *************
2011-05-09 09:17:58:522 1080 2ac Agent *************
2011-05-09 09:17:58:538 1080 2ac Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2011-05-09 09:17:58:538 1080 2ac Agent *********
2011-05-09 09:17:58:538 1080 2ac Agent * Online = No; Ignore download priority = No
2011-05-09 09:17:58:538 1080 2ac Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2011-05-09 09:17:58:538 1080 2ac Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2011-05-09 09:17:58:538 1080 2ac Agent * Search Scope = {Machine}
2011-05-09 09:17:58:538 1364 8b4 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = <NULL>]
2011-05-09 09:17:58:538 1364 8b4 COMAPI - Updates found = 0
2011-05-09 09:17:58:538 1364 8b4 COMAPI - Reboot required
2011-05-09 09:17:58:538 1364 8b4 COMAPI ---------
2011-05-09 09:17:58:538 1364 8b4 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2011-05-09 09:17:58:538 1364 8b4 COMAPI -------------
2011-05-09 09:18:01:366 1080 2ac Agent * Added update {BE57677A-B3B1-40F0-9D51-811058A4822D}.105 to search result
2011-05-09 09:18:01:366 1080 2ac Agent * Added update {A6708B58-ACFA-4D44-B7C2-87AA935C6575}.103 to search result
2011-05-09 09:18:01:366 1080 2ac Agent * Added update {D53DC918-BAE4-4B71-8F2E-BC4E5749B387}.103 to search result
2011-05-09 09:18:01:366 1080 2ac Agent * Found 3 updates and 58 categories in search; evaluated appl. rules of 962 out of 2155 deployed entities
2011-05-09 09:18:01:381 1080 2ac Agent *********
2011-05-09 09:18:01:381 1080 2ac Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2011-05-09 09:18:01:381 1080 2ac Agent *************
2011-05-09 09:18:01:412 1080 c84 AU >>## RESUMED ## AU: Search for updates [CallId = {770D8C79-F6D5-410A-AB0E-A71029636E14}]
2011-05-09 09:18:01:412 1080 c84 AU # 3 updates detected
2011-05-09 09:18:01:412 1080 c84 AU #########
2011-05-09 09:18:01:412 1080 c84 AU ## END ## AU: Search for updates [CallId = {770D8C79-F6D5-410A-AB0E-A71029636E14}]
2011-05-09 09:18:01:412 1080 c84 AU #############
2011-05-09 09:18:01:412 1080 c84 AU Featured notifications is disabled.
2011-05-09 09:18:01:444 1080 c84 AU Setting AU scheduled install time to 2011-05-10 10:00:00
2011-05-09 09:18:03:506 1080 2ac Report REPORT EVENT: {C915CAC0-D6F0-46A8-896E-3D87CF74192C} 2011-05-09 09:17:58:507-0700 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Success Software Synchronization Windows Update Client successfully detected 0 updates.
crazydiamond is offline  
Old 05-09-2011, 11:20 AM   #8
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



You have some issues with this error hr=8024402C

Have a look at this article and disable the security software presently installed.
Windows Update error 8024402C

You can try to disable one at time. You may be able to find out which one is the culprit, in the event that it's the issue.

===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    UpdateExeVolatile

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________
nasdaq is offline  
Old 05-09-2011, 03:31 PM   #9
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



I read the article and uninstalled the following software: MSE, Spybot S&D and Spyware Blaster. I did not uninstall one at a time and I have had Spybot and Blaster on my computer for a couple of years with no problem.

Here is the log:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:22 on 09/05/2011 by Owner
Administrator - Elevation successful

========== regfind ==========

Searching for "UpdateExeVolatile"

I also got the attached during the process, so maybe the program never finished.
Attached Thumbnails
Click image for larger version

Name:	Systemlookproblem.JPG
Views:	122
Size:	17.5 KB
ID:	91551  
crazydiamond is offline  
Old 05-10-2011, 05:37 AM   #10
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



I do not see that message often with this tool.

Let me know if you can start the RegEdit.exe from the run box.

To to start > run box
Type regedit.exe press the Enter key.

Does your Register Editor open?

Just close it for now.

Keep me posted.
__________________
nasdaq is offline  
Old 05-10-2011, 09:16 AM   #11
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



Yes, the register editor opens.
crazydiamond is offline  
Old 05-10-2011, 09:22 AM   #12
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



What if I ran the program in safe mode?
crazydiamond is offline  
Old 05-10-2011, 11:29 AM   #13
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Try it in safe mode.

If that fails delete the program and download again this time from the other Mirror site.
__________________
nasdaq is offline  
Old 05-10-2011, 02:49 PM   #14
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



It failed....now going to download program from other mirror site
crazydiamond is offline  
Old 05-10-2011, 03:00 PM   #15
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



2nd Mirror site...same problem
crazydiamond is offline  
Old 05-11-2011, 05:53 AM   #16
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Please download RegSeeker and save it to your desktop:
  1. Unzip all the files into a permanent folder of its own (to unzip a file just right-click on the file and select Extract All).
  2. Then open the folder and double-click RegSeeker.exe to open the program.
  3. The program will show you many options.
  4. Below the name RegSeeker click Find in registry.
  5. In the Search for: window type (or copy and paste):

    UpdateExeVolatile <- sting to look for.

  6. Click the Search ! button. It should find all registry entries related to it.
  7. Once it finds them, click on ALL the entries while holding down the Shift key (they will be highlighted once selected) and click Select at the bottom of the window.
  8. Then right-click in the window and Export selected items. Close RegSeeker.
  9. Look inside the RegSeeker folder and open the Backup folder.
  10. In it you will find the UpdateExeVolatile .reg file that you just exported with the date and time of the file creation. It should look like this:
  11. Right-click on the file and select Edit.
  12. Notepad will open showing the contents of the file. Copy and paste the contents of the file in your next reply.
CAUTION: Do not try to use any of the other functions on RegSeeker. It is a powerful program with the potential to damage your computer if used incorrectly.
__________________
nasdaq is offline  
Old 05-11-2011, 10:37 AM   #17
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



Nothing found...therefore nothing to report.
crazydiamond is offline  
Old 05-12-2011, 06:13 AM   #18
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Try this fix.

How do I reset Windows Update components&#63;

Use the recommended automatic fix.

Keep me posted.
__________________
nasdaq is offline  
Old 05-12-2011, 03:41 PM   #19
Registered Member
 
crazydiamond's Avatar
 
Join Date: Jun 2008
Posts: 36
OS: xp



Ran the tool and same issues...windows update with same 3 updates, MSE does not start, computer does not finish shutting down and Adobe wanting to restart computer. I must say though, my computer overall is performing much better.

Oh yeah, and another thing I failed to mention altogether; when I do restart the computer it does not allow me to chose a user (I have more than one). It always starts with "Owner".
crazydiamond is offline  
Old 05-13-2011, 07:43 AM   #20
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Quote:
Oh yeah, and another thing I failed to mention altogether; when I do restart the computer it does not allow me to chose a user (I have more than one). It always starts with "Owner".
Try this fix.

User Accounts applet is completely blank
===


On the failed Windows Update issue.

Try the first recommended instructions on this page.

How to troubleshoot common Windows Update, Microsoft Update, and Windows Server Update Services installation issues

I do not suggest you try the Advanced information for advanced users instructions.

If that does not solve your problem you would be well advised to Contact Microsoft for their review.
__________________
nasdaq is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:22 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts