Automatic Updates not functioning

View previous topic View next topic Go down

Automatic Updates not functioning

Post by GreenOnions on Tue 06 Dec 2011, 10:45 am

My dad's computer (Windows XP SP3) is currently in something of a fix--automatic updates aren't running, and Windows makes a warning appear indicating as such every time it boots. Attempting to turn it on from the security center is futile; security center says it can't do it and recommends turning it on from the Automatic Updates program in control panel. When you open up Automatic Updates... it thinks automatic updates are on. There seems to be some sort of miscommunication between automatic updates and the rest of the computer, which makes me think "virus".

A virus scan with Malwarebytes returned a result (something along the lines of PUM.security), but we still can't turn automatic updates back on. My dad has since installed McAffee on the computer (which involved removing malwarebytes, which is why I can't list a specific name for the infection), but it can't remove the problem either. My dad browsed the malwarebytes forums and is convinced that the problem is a router hijacking, but no other computers are displaying symptoms.

The logs for OTL, aswMBR, and SecurityCheck are included below. Any help you have to offer is greatly appreciated.

Incidentally, is it a good idea for him to have both McAffee and Ad-Aware on the same computer like he does now? I worry that they may try and step on each others toes a bit.

OTL.txt
OTL logfile created on: 12/5/2011 6:05:29 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.17% Memory free
2.10 Gb Paging File | 1.38 Gb Available in Paging File | 65.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.96 Gb Free Space | 34.79% Space Free | Partition Type: NTFS
Drive D: | 19.07 Gb Total Space | 11.41 Gb Free Space | 59.84% Space Free | Partition Type: FAT32
Drive F: | 489.35 Mb Total Space | 337.18 Mb Free Space | 68.90% Space Free | Partition Type: FAT

Computer Name: HOME2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/09/20 11:15:26 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2011/06/23 10:39:12 | 000,730,440 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Local Settings\Temp\mcitinfo_1323008598.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/05/23 16:40:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 09:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/08/27 08:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 14:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/06/29 16:22:22 | 000,412,944 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
PRC - [2010/06/29 16:22:18 | 001,081,384 | ---- | M] (Lavasoft AB) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010/06/29 16:16:06 | 000,624,064 | ---- | M] (Lavasoft AB) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010/06/23 11:35:18 | 001,635,672 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
PRC - [2010/06/15 10:14:20 | 001,834,432 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/06 14:07:25 | 000,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2004/04/23 18:03:06 | 000,446,464 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 16:40:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/17 20:36:10 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/09/20 11:15:26 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/19 14:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/06/29 16:22:22 | 000,412,944 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe -- (AVKService)
SRV - [2010/06/29 16:22:18 | 001,081,384 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/06/29 16:16:06 | 000,624,064 | ---- | M] (Lavasoft AB) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010/06/29 16:15:58 | 000,911,976 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010/06/29 16:15:50 | 001,234,896 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010/06/23 11:35:18 | 001,635,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010/06/15 10:14:20 | 001,834,432 | ---- | M] (Lavasoft AB) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/01/06 14:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/08/05 17:54:39 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2010/08/05 17:08:47 | 000,029,640 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2010/08/05 17:08:46 | 000,051,400 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2010/08/05 17:08:40 | 000,038,600 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2010/08/05 17:08:38 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2010/08/05 17:08:38 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2010/02/03 10:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 07:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/18 13:21:38 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/01/18 13:21:36 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2006/01/06 14:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 14:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 14:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKCU..\Run: [McAfee McItInfo] C:\Documents and Settings\Owner\Local Settings\Temp\mcitinfo_1323008598.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} [You must be registered and logged in to see this link.] (CSD ActiveX Installer)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 16:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 18:16:48 | 000,000,137 | ---- | M] () - D:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2004/07/03 14:13:40 | 000,000,172 | ---- | M] () - D:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2003/05/04 17:19:20 | 000,000,137 | ---- | M] () - D:\AUTOEXEC.NU4 -- [ FAT32 ]
O32 - AutoRun File - [2007/10/19 22:57:18 | 000,000,172 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell - "" = AutoRun
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe - (Sonic Solutions)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: G Data AntiVirus Tray Application - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
MsConfig - StartUpReg: GDFirewallTray - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 18:04:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/12/05 18:04:39 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 09:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/12/04 09:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/04 09:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/12/04 09:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/12/03 14:46:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/12/03 10:33:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/03 09:18:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/27 09:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 20:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2011/11/14 20:33:55 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2011/11/14 20:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/11/14 20:33:46 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2011/11/14 20:33:44 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2011/11/14 20:33:43 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2011/11/14 20:33:43 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2011/11/14 20:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/11/14 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/14 20:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2011/11/09 14:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/09 14:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 18:01:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 18:01:31 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/12/05 18:01:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 18:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 14:19:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 11:16:56 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe
[2011/12/04 09:13:02 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/12/04 09:13:02 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/03 14:52:42 | 000,004,698 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/12/03 10:33:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/02 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/01 23:46:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/30 23:08:27 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/30 23:08:27 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/30 14:44:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/27 09:22:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/24 08:19:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A9C61257-605E-49AB-863F-07A762589A55}
[2011/11/22 21:22:18 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FW_ RESIGNATION LETTER FOLLOW UP.eml
[2011/11/14 20:33:53 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/11/14 20:33:52 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/11/10 10:21:51 | 000,013,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preventive services.pdf
[2011/11/10 10:18:52 | 000,076,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2012 Healthcare EnrollmentGuide.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 18:04:44 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/12/04 09:13:02 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/12/04 09:12:48 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/03 14:52:42 | 000,004,698 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/11/27 09:22:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/24 08:19:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A9C61257-605E-49AB-863F-07A762589A55}
[2011/11/22 21:22:17 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FW_ RESIGNATION LETTER FOLLOW UP.eml
[2011/11/14 20:33:53 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/11/14 20:33:52 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/11/10 10:21:51 | 000,013,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preventive services.pdf
[2011/11/10 10:18:52 | 000,076,713 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2012 Healthcare EnrollmentGuide.pdf
[2011/05/27 17:16:19 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/14 00:23:12 | 000,311,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/15 00:26:39 | 000,288,106 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-839522115-1177238915-1003-0.dat
[2011/02/15 00:26:37 | 000,288,106 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/05 17:09:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/14 16:36:36 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2010/06/14 16:33:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/06/14 16:33:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2010/06/14 16:32:54 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2010/03/23 16:22:49 | 000,000,277 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2010/01/12 19:05:11 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/01/03 16:40:27 | 000,060,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/27 20:04:38 | 001,876,202 | ---- | C] () -- C:\WINDOWS\autumn.exe
[2009/07/26 09:41:50 | 013,727,048 | ---- | C] () -- C:\WINDOWS\winzip121.exe
[2009/07/19 10:58:55 | 001,439,501 | ---- | C] () -- C:\WINDOWS\summer.exe
[2009/05/19 21:10:13 | 013,714,760 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/02/21 13:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/11/27 19:29:08 | 001,994,072 | ---- | C] () -- C:\WINDOWS\winter.exe
[2008/11/07 16:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/21 12:26:10 | 000,000,121 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/21 10:52:03 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.pls
[2008/09/21 09:42:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/20 09:30:23 | 001,902,553 | ---- | C] () -- C:\WINDOWS\spring.exe
[2008/09/12 18:12:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\MPS.INI
[2008/09/12 17:29:09 | 000,035,424 | ---- | C] () -- C:\WINDOWS\ADPLASMA.DLL
[2008/09/12 17:29:09 | 000,027,552 | ---- | C] () -- C:\WINDOWS\ADSLIDE.DLL
[2008/09/12 17:29:08 | 000,047,360 | ---- | C] () -- C:\WINDOWS\ADSPIDER.DLL
[2008/09/12 17:29:07 | 000,382,224 | ---- | C] () -- C:\WINDOWS\ADCIPHER.DLL
[2008/09/12 17:17:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/12 16:23:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/09/11 17:03:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/11 16:04:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/11 15:59:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/11 10:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/11 10:50:52 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,076,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/05/23 16:44:46 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 11:16:56 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe
[2011/05/23 16:46:20 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2008/11/24 10:51:19 | 020,323,355 | ---- | M] (Sonic Solutions ) -- C:\Documents and Settings\Owner\Desktop\SonicCinePlayerDVDDecoderPackv2.31_SDD.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2008/09/11 10:57:16 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2008/04/14 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/06/28 10:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/15 17:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/06/27 17:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/29 16:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\ChessBase
[2011/03/13 09:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/09/11 15:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/08/14 07:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/01/15 18:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/09/12 17:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2010/01/15 18:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2011/11/27 09:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/11/26 11:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/11/14 20:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/06/14 16:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photosmart 11
[2011/05/27 15:01:32 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/21 14:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/04/14 23:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/10/15 09:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/10/15 09:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/25 13:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/05 17:05:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2008/09/19 18:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\LG Soft India
[2011/12/04 09:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/01/12 19:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Meade
[2008/09/12 16:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/06/25 21:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/09/12 17:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/07 12:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/05/01 23:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/12 17:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/05/25 12:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/28 22:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/13 15:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 17:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/15 22:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/11 15:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/11 15:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/09/20 09:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/21 10:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/05/27 17:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/09/11 16:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/09/29 19:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/09/11 16:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/19 06:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/11/09 14:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/15 22:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/03/13 10:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2008/11/24 10:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/07/19 10:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Summer Screensaver
[2010/02/27 15:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2011/06/25 06:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2008/09/11 16:06:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/12 19:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualMoon
[2011/11/02 16:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/09/21 11:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/21 11:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/11 15:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/11 16:01:08 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/21 19:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Winter Screensaver
[2009/07/26 09:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/09/11 16:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/05/08 12:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 12:36:06

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe:SummaryInformation

< End of report >


Continued

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Tue 06 Dec 2011, 10:48 am

Extras.txt
OTL logfile created on: 12/5/2011 6:05:29 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.17% Memory free
2.10 Gb Paging File | 1.38 Gb Available in Paging File | 65.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.96 Gb Free Space | 34.79% Space Free | Partition Type: NTFS
Drive D: | 19.07 Gb Total Space | 11.41 Gb Free Space | 59.84% Space Free | Partition Type: FAT32
Drive F: | 489.35 Mb Total Space | 337.18 Mb Free Space | 68.90% Space Free | Partition Type: FAT

Computer Name: HOME2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/09/20 11:15:26 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2011/06/23 10:39:12 | 000,730,440 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Local Settings\Temp\mcitinfo_1323008598.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/05/23 16:40:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 09:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/08/27 08:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 14:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/06/29 16:22:22 | 000,412,944 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
PRC - [2010/06/29 16:22:18 | 001,081,384 | ---- | M] (Lavasoft AB) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010/06/29 16:16:06 | 000,624,064 | ---- | M] (Lavasoft AB) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010/06/23 11:35:18 | 001,635,672 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
PRC - [2010/06/15 10:14:20 | 001,834,432 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/06 14:07:25 | 000,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2004/04/23 18:03:06 | 000,446,464 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 16:40:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/17 20:36:10 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/09/20 11:15:26 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/19 14:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/06/29 16:22:22 | 000,412,944 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe -- (AVKService)
SRV - [2010/06/29 16:22:18 | 001,081,384 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/06/29 16:16:06 | 000,624,064 | ---- | M] (Lavasoft AB) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010/06/29 16:15:58 | 000,911,976 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010/06/29 16:15:50 | 001,234,896 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010/06/23 11:35:18 | 001,635,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010/06/15 10:14:20 | 001,834,432 | ---- | M] (Lavasoft AB) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/01/06 14:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/08/05 17:54:39 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2010/08/05 17:08:47 | 000,029,640 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2010/08/05 17:08:46 | 000,051,400 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2010/08/05 17:08:40 | 000,038,600 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2010/08/05 17:08:38 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2010/08/05 17:08:38 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2010/02/03 10:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 07:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/18 13:21:38 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/01/18 13:21:36 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2006/01/06 14:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 14:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 14:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKCU..\Run: [McAfee McItInfo] C:\Documents and Settings\Owner\Local Settings\Temp\mcitinfo_1323008598.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} [You must be registered and logged in to see this link.] (CSD ActiveX Installer)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 16:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 18:16:48 | 000,000,137 | ---- | M] () - D:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2004/07/03 14:13:40 | 000,000,172 | ---- | M] () - D:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2003/05/04 17:19:20 | 000,000,137 | ---- | M] () - D:\AUTOEXEC.NU4 -- [ FAT32 ]
O32 - AutoRun File - [2007/10/19 22:57:18 | 000,000,172 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell - "" = AutoRun
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7fbbc3a-059a-11e1-97d8-001320864874}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe - (Sonic Solutions)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: G Data AntiVirus Tray Application - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
MsConfig - StartUpReg: GDFirewallTray - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 18:04:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/12/05 18:04:39 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 09:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/12/04 09:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/04 09:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/12/04 09:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/12/03 14:46:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/12/03 10:33:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/03 09:18:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/27 09:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 20:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2011/11/14 20:33:55 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2011/11/14 20:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/11/14 20:33:46 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2011/11/14 20:33:44 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2011/11/14 20:33:43 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2011/11/14 20:33:43 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2011/11/14 20:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/11/14 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/14 20:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2011/11/09 14:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/09 14:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 18:01:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 18:01:31 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/12/05 18:01:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 18:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 14:19:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 11:16:56 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe
[2011/12/04 09:13:02 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/12/04 09:13:02 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/03 14:52:42 | 000,004,698 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/12/03 10:33:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/02 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/01 23:46:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/30 23:08:27 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/30 23:08:27 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/30 14:44:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/27 09:22:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/24 08:19:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A9C61257-605E-49AB-863F-07A762589A55}
[2011/11/22 21:22:18 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FW_ RESIGNATION LETTER FOLLOW UP.eml
[2011/11/14 20:33:53 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/11/14 20:33:52 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/11/10 10:21:51 | 000,013,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preventive services.pdf
[2011/11/10 10:18:52 | 000,076,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2012 Healthcare EnrollmentGuide.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 18:04:44 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/12/04 09:13:02 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/12/04 09:12:48 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/03 14:52:42 | 000,004,698 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/11/27 09:22:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/24 08:19:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A9C61257-605E-49AB-863F-07A762589A55}
[2011/11/22 21:22:17 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FW_ RESIGNATION LETTER FOLLOW UP.eml
[2011/11/14 20:33:53 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/11/14 20:33:52 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/11/10 10:21:51 | 000,013,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preventive services.pdf
[2011/11/10 10:18:52 | 000,076,713 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2012 Healthcare EnrollmentGuide.pdf
[2011/05/27 17:16:19 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/14 00:23:12 | 000,311,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/15 00:26:39 | 000,288,106 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-839522115-1177238915-1003-0.dat
[2011/02/15 00:26:37 | 000,288,106 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/05 17:09:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/14 16:36:36 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2010/06/14 16:33:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/06/14 16:33:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2010/06/14 16:32:54 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2010/03/23 16:22:49 | 000,000,277 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2010/01/12 19:05:11 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/01/03 16:40:27 | 000,060,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/27 20:04:38 | 001,876,202 | ---- | C] () -- C:\WINDOWS\autumn.exe
[2009/07/26 09:41:50 | 013,727,048 | ---- | C] () -- C:\WINDOWS\winzip121.exe
[2009/07/19 10:58:55 | 001,439,501 | ---- | C] () -- C:\WINDOWS\summer.exe
[2009/05/19 21:10:13 | 013,714,760 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/02/21 13:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/11/27 19:29:08 | 001,994,072 | ---- | C] () -- C:\WINDOWS\winter.exe
[2008/11/07 16:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/21 12:26:10 | 000,000,121 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/21 10:52:03 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.pls
[2008/09/21 09:42:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/20 09:30:23 | 001,902,553 | ---- | C] () -- C:\WINDOWS\spring.exe
[2008/09/12 18:12:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\MPS.INI
[2008/09/12 17:29:09 | 000,035,424 | ---- | C] () -- C:\WINDOWS\ADPLASMA.DLL
[2008/09/12 17:29:09 | 000,027,552 | ---- | C] () -- C:\WINDOWS\ADSLIDE.DLL
[2008/09/12 17:29:08 | 000,047,360 | ---- | C] () -- C:\WINDOWS\ADSPIDER.DLL
[2008/09/12 17:29:07 | 000,382,224 | ---- | C] () -- C:\WINDOWS\ADCIPHER.DLL
[2008/09/12 17:17:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/12 16:23:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/09/11 17:03:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/11 16:04:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/11 15:59:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/11 10:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/11 10:50:52 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,076,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/05/23 16:44:46 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/04 11:16:56 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe
[2011/05/23 16:46:20 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2008/11/24 10:51:19 | 020,323,355 | ---- | M] (Sonic Solutions ) -- C:\Documents and Settings\Owner\Desktop\SonicCinePlayerDVDDecoderPackv2.31_SDD.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2008/09/11 10:57:16 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2008/04/14 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/06/28 10:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/15 17:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/06/27 17:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/29 16:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\ChessBase
[2011/03/13 09:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/09/11 15:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/08/14 07:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/01/15 18:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/09/12 17:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2010/01/15 18:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2011/11/27 09:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/11/26 11:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/11/14 20:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/06/14 16:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photosmart 11
[2011/05/27 15:01:32 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/21 14:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/04/14 23:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/10/15 09:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/10/15 09:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/25 13:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/05 17:05:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2008/09/19 18:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\LG Soft India
[2011/12/04 09:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/01/12 19:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Meade
[2008/09/12 16:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/06/25 21:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/09/12 17:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/07 12:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/05/01 23:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/12 17:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/05/25 12:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/28 22:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/13 15:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 17:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/15 22:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/11 15:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/11 15:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/09/20 09:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/21 10:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/05/27 17:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/09/11 16:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/09/29 19:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/09/11 16:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/19 06:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/11/09 14:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/15 22:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/03/13 10:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2008/11/24 10:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/07/19 10:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Summer Screensaver
[2010/02/27 15:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2011/06/25 06:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2008/09/11 16:06:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/12 19:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualMoon
[2011/11/02 16:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/09/21 11:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/21 11:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/11 15:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/11 16:01:08 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/21 19:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Winter Screensaver
[2009/07/26 09:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/09/11 16:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/05/08 12:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 12:36:06

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe:SummaryInformation

< End of report >


aswMBR.txt
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-12-05 18:28:03
-----------------------------
18:28:03.796 OS Version: Windows 5.1.2600 Service Pack 3
18:28:03.796 Number of processors: 1 586 0x401
18:28:03.796 ComputerName: HOME2 UserName: Owner
18:28:04.187 Initialize success
18:28:06.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:28:06.218 Disk 0 Vendor: WDC_WD400BB-75JHC0 06.01C06 Size: 38146MB BusType: 3
18:28:06.218 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
18:28:06.218 Disk 1 Vendor: Maxtor_2B020H1 WAH21PB0 Size: 19541MB BusType: 3
18:28:08.250 Disk 0 MBR read successfully
18:28:08.250 Disk 0 MBR scan
18:28:08.250 Disk 0 Windows XP default MBR code
18:28:10.250 Disk 0 scanning sectors +78108030
18:28:10.281 Disk 0 scanning C:\WINDOWS\system32\drivers
18:28:17.218 Service scanning
18:28:18.390 Disk 0 trace - called modules:
18:28:18.406 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:28:18.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a0c1ab8]
18:28:18.406 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a032d98]
18:28:18.484 Scan finished successfully
18:28:32.609 Disk 0 MBR has been saved successfully to "F:\Case 2\MBR.dat"
18:28:32.625 The log file has been saved successfully to "F:\Case 2\aswMBR.txt"


checkup.txt
Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Security Scan Plus
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Lavasoft Ad-Aware Total Security Firewall GDFwSvc.exe
``````````End of Log````````````

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Wed 07 Dec 2011, 12:16 pm

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Wed 07 Dec 2011, 4:42 pm

I hate to slow things down from the get-go, but that list of antivirus-disabling instructions doesn't have some of the programs my dad's computer uses, and I worry about what may happen if combofix is interrupted. His main antivirus is Ad-Aware Total Security (none of the instuctions for any version of ad-aware match the setup for this version; in fact, the ad-aware tray icon has been missing since this whole episode started. Plus, if I try and Google "disable Ad-Aware Total Security" I just get a ton of results for how to disable that fake AV called Total Security). It seems that the McAffee on the machine is just the McAffee Security Scanner, which I can't make run anyway since my dad's computer lacks an internet connection at the moment (I'll try and fix that tomorrow).

Essentially, I'm worried about trying to disable these things without instruction, since I've tried to do so anyway (Ad-Aware's GDScan.exe runs on startup and slows the computer to a crawl) to no avail, and stopping combofix in the middle of a scan is, as I understand it, a very bad thing.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Sat 10 Dec 2011, 12:51 am

Okay that's not a problem.

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then run Combofix, Ad-Aware wont run in Safe Mode so it wont interfere.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Sun 11 Dec 2011, 2:43 am

I'm running ComboFix now, it's gotten through all 50 stages. but now it's stalling during the "deleting files" part of things.

So far it says the files it's deleted are:
C:\Program Files\INSTALL.LOG
C:\Program Files\UNWISE.EXE
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\install.exe

and the folder it's deleted is:
C:\Documents and Settings\Owner\WINDOWS

And now it seems stalled. That last line about deleting the admin's WINDOWS folder is kinda bothering me, especially since when the line showed up explorer.exe died and the computer is stalling. There's still mouse interaction (and the cursor is still blinking in combofix's prompt), but nothing else is happening.

I tried installing the windows recovery environment, but it couldn't for some reason (despite a working internet connection). Any ideas?

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Sun 11 Dec 2011, 11:46 am

Quick update: 8 hours and one workday later, the computer is still exactly where it was--combofix is still showing the same exact status as before, hasn't rebooted or created C:\Combofix.txt. On the bright side, I managed to get explorer working again, so I can at least navigate the computer, albeit with a big blue combofix window up at all times. Do you think it'd be safe to reboot the computer at this point?

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Sun 11 Dec 2011, 12:08 pm

Yes it should be fine.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Sun 11 Dec 2011, 1:42 pm

After rebooting, Automatic Updates are running again. Security Center verifies that there are no problems, so everything seems fine on that front.

Problem is, the computer's wireless connection isn't working now. I can't tell if it's malware-related or if it's a software issue. The computer doesn't have a wireless card, and uses a peripheral by Netgear that runs using its own application. Consequently, Windows can't give any helpful troubleshooting for it (as far as it's concerned, the wireless internet connection hasn't been configured).

The computer does get an internet connection when it's hard-wired to the router, however, which makes me think even more that it's software-related. I've taken the opportunity to update the antivirus and windows updates, so at least that's taken care of. Other than running some additional antivirus scans to make sure the system is totally clean, the wireless connection is the only remaining issue.

Thank you so much for your help, by the way!


P.S. Combofix didn't leave a .txt, though it did leave a folder in C:\ called Belahzur (what I renamed combofix) that has the My Computer icon and which opens My Computer when double clicked. Thoughts?

P.P.S. After some additional tinkering, I really think the problem with the wireless is that the Netgear program isn't running. No matter how many times I try to run it manually, it never starts up. It shows up in the task manager (and if you try and run the program several times, several instances will appear), but the program never properly starts up. No program, no wireless--that's my thinking.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Mon 12 Dec 2011, 11:29 am

Hello.
Close the program in Task Manager, does it close properly? try re-launching it manually then.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Mon 12 Dec 2011, 12:38 pm

Closing the program through the task manager and then rerunning it doesn't make it run properly, though task manager shows that a new instance of it is running. I can't tell if the program isn't running for a purely innocent reason (maybe one of the files or folders combofix deleted had an effect on it?), or if something is actively preventing it from running (I've given it permission in Ad-Aware's firewall, and even when Ad-Aware is off it still doesn't run). RIght now I'm trying an uninstall/reinstall on the program, but it isn't detecting the peripheral for some reason. The setup never times out when searching for it, so it's hard to say if the setup is just programmed like that or if it's actually freezing for some reason while searching.


EDIT: Nevermind, got the program reinstalled. Needed an odd combination of windows installation AND proprietary setup to get working. Oddly enough, though, I still can't get an internet connection despite the system tray telling me that I have a working wireless connection. Plus, even now, the Netgear program doesn't run--and I get the feeling that the system tray will stop thinking I have a connection if I reboot. Definitely something strange going on.

Incidentally, I was checking the task manager and I noticed a couple of odd programs running, one is "NDP20SP2-KB2539631-x86.exe", which sounds like it has something to do with windows updating, and the other is "HotFixInstaller.exe". No idea about that one. Google results leave me pessimistic about it, though.

2nd Edit: The computer just asked to reboot for updates, so I'm guessing that's what NDP was all about. While it was rebooting though, the computer had trouble closing something called "Netsession Hidden Window" and gave me the whole End Task/Cancel routine. What was that all about?

3rd Edit: Both wired and wireless internet stopped working, so I left the computer hard-plugged in and booted in safe mode with networking, and the net started working. So, something that boots in normal windows is what's causing this. Whether it's a virus or some strange corrupted file or whatever is a mystery.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Thu 15 Dec 2011, 7:43 am

Part bump, part update: I decided to try using System Restore to set the computer back about a month, but after the computer finished rebooting I got a message saying that the computer could not be restored to that date and that no changes were made. There was definitely a working restore point on that day, so I have no idea what happened. Frankly, I didn't even know System Restore could be interrupted.

To reestablish the computer's issues, it can't connect to the internet outside of safe mode, and automatic updates don't run (although the computer doesn't yell about them anymore). Well actually, they try to run when the computer is shut down, but they tend to stall a few updates in.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Thu 15 Dec 2011, 9:28 am

Okay lets see about repairing the net connection.

Please download FSS from here

Download it to your Desktop and run it.
Press Scan.

Wait for it to run and it will generate a log file, copy and paste the log back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Thu 15 Dec 2011, 9:48 am

Ran FSS, here are the results:

FSS
Farbar Service Scanner
Ran by Owner (administrator) on 14-12-2011 at 17:34:36
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****


Sounds like it couldn't find anything wrong. Despite what it says though, I can't connect to yahoo or google.

Also, after System Restore failed, I went back to try again and found that the restore dates before last week had all disappeared. The computer's problems began last week, so I have a sinking feeling that restoring to the (now) earliest date won't solve anything.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Belahzur on Sun 18 Dec 2011, 10:03 am

Hello.
Lets have a look at your DNS settings.


  • Now open a new notepad file.
  • Input this into the notepad file:

    @echo off
    ipconfig /all >> log.txt
    start notepad log.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by GreenOnions on Sun 18 Dec 2011, 11:23 am

Sorry to say this, but my dad's decided to just wipe the hard drive and reinstall windows from scratch. He's backed up all of his important files, so at least he's covered on that front. I'm sure we could've resolved this with a little more time, but so it goes.

Thank you so much for all of your help.

GreenOnions

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-09-12
Operating System : XP

View user profile

Back to top Go down

Re: Automatic Updates not functioning

Post by Sponsored content Today at 6:12 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum