Jump to content

Rockitt

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks 1972 vet, All probelms resolved, system running fine, updates all downloaded and installed Thanks again for all your help
  2. These are the last active logs:- 2008-07-17 12:39:03:609 1216 2d4 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:39:03:718 1216 2d4 Misc = Process: C:\WINDOWS\System32\svchost.exe 2008-07-17 12:39:03:718 1216 2d4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll 2008-07-17 12:39:03:609 1216 2d4 Service ************* 2008-07-17 12:39:03:718 1216 2d4 Service ** START ** Service: Service startup 2008-07-17 12:39:03:718 1216 2d4 Service ********* 2008-07-17 12:39:08:140 1216 2d4 Agent * WU client version 7.0.6000.381 2008-07-17 12:39:08:187 1216 2d4 Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2008-07-17 12:39:08:187 1216 2d4 Agent * Access type: No proxy 2008-07-17 12:39:08:468 1216 2d4 Agent * Network state: Connected 2008-07-17 12:39:53:953 1216 2d4 Agent *********** Agent: Initializing Windows Update Agent *********** 2008-07-17 12:39:53:953 1216 2d4 Agent *********** Agent: Initializing global settings cache *********** 2008-07-17 12:39:54:062 1216 2d4 Agent * WSUS server: <NULL> 2008-07-17 12:39:54:062 1216 2d4 Agent * WSUS status server: <NULL> 2008-07-17 12:39:54:062 1216 2d4 Agent * Target group: (Unassigned Computers) 2008-07-17 12:39:54:062 1216 2d4 Agent * Windows Update access disabled: No 2008-07-17 12:40:00:875 1216 2d4 Agent * Found 4 persisted download calls to restore 2008-07-17 12:40:01:359 1216 2d4 DnldMgr Download manager restoring 3 downloads 2008-07-17 12:40:04:406 1216 2d4 Agent * Successfully loaded 4 persisted download calls. 2008-07-17 12:40:04:453 1216 2d4 DnldMgr Retrieved 1 persisted download jobs 2008-07-17 12:40:04:453 1216 2d4 DnldMgr *********** DnldMgr: Restoring download [no. 0] *********** 2008-07-17 12:40:04:453 1216 2d4 DnldMgr * BITS JobId = {168B3756-ABCB-41E9-8B54-6DFB382487A2} 2008-07-17 12:40:04:453 1216 2d4 DnldMgr * ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77} 2008-07-17 12:40:04:609 1216 2d4 DnldMgr * UpdateId = {C44BF113-A360-47C2-93AD-D90FB0F29C70}.102 2008-07-17 12:40:09:125 1216 2d4 DnldMgr * Restored download job. 2008-07-17 12:40:09:765 1216 2d4 AU ########### AU: Initializing Automatic Updates ########### 2008-07-17 12:40:09:765 1216 2d4 AU # Approval type: Scheduled (User preference) 2008-07-17 12:40:09:765 1216 2d4 AU # Scheduled install day/time: Every day at 3:00 2008-07-17 12:40:09:765 1216 2d4 AU # Auto-install minor updates: Yes (User preference) 2008-07-17 12:40:10:187 1216 2d4 AU # Reconnecting download for 3 updates 2008-07-17 12:40:10:187 1216 2d4 AU # Reconnected 3 pending download calls 2008-07-17 12:40:10:187 1216 2d4 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:40:12:781 1216 2d4 Report *********** Report: Initializing static reporting data *********** 2008-07-17 12:40:12:781 1216 2d4 Report * OS Version = 5.1.2600.3.0.65792 2008-07-17 12:40:12:921 1216 2d4 Report * Computer Brand = System manufacturer 2008-07-17 12:40:12:968 1216 2d4 Report * Computer Model = System Product Name 2008-07-17 12:40:13:046 1216 2d4 Report * Bios Revision = 0207 2008-07-17 12:40:13:046 1216 2d4 Report * Bios Name = BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10 2008-07-17 12:40:13:046 1216 2d4 Report * Bios Release Date = 2007-08-01T00:00:00 2008-07-17 12:40:13:046 1216 2d4 Report * Locale ID = 2057 2008-07-17 12:40:13:375 1216 2d4 AU AU setting pending client directive to 'Download Progress' 2008-07-17 12:40:13:406 1216 2d4 AU AU finished delayed initialization 2008-07-17 12:40:13:406 1216 c40 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 12:40:13:406 1216 2d4 AU ############# 2008-07-17 12:40:13:406 1216 2d4 AU ## START ## AU: Search for updates 2008-07-17 12:40:13:406 1216 c40 DnldMgr Contacting regulation server for 8 updates. 2008-07-17 12:40:13:406 1216 2d4 AU ######### 2008-07-17 12:40:13:406 1216 2d4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {0ECE1DE9-2B2D-46D6-9E2B-E1449A6D0069}] 2008-07-17 12:40:13:578 1216 c40 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab: 2008-07-17 12:40:13:687 1216 c40 Misc Microsoft signed: Yes 2008-07-17 12:40:14:046 1216 c40 DnldMgr Regulation server path: http://www.update.microsoft.com/v6/UpdateR...Regulation.asmx. 2008-07-17 12:40:28:375 1216 2d4 AU Launched new AU client for directive 'Download Progress', session id = 0x0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: 60677071-e060-4a1f-ae30-f348e31370b0 at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: b5718698-d6e7-4e54-8744-0136ed23def7 at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: ffa61bc5-fde6-466a-8622-8fdbc971f73d at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: d1205bd9-6e05-4fcc-9e4f-aac7f3c3a566 at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: cb795df7-7719-4b14-9a5c-866c593a4a58 at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr Per-Update: 1ff75efd-4045-4558-93ce-e4338871b710 at rate 0 2008-07-17 12:40:28:671 1216 c40 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 12:40:28:750 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {1BDB48A1-7A6A-4CF6-89AA-2CED0AFB20FD}.100] *********** 2008-07-17 12:40:29:406 3572 df8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:40:29:406 3572 df8 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 12:40:29:406 3572 df8 AUClnt Launched Client UI process 2008-07-17 12:40:30:921 3572 df8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:40:30:921 3572 df8 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 12:40:30:921 3572 df8 Misc = Module: C:\WINDOWS\system32\wucltui.dll 2008-07-17 12:40:30:921 3572 df8 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000 2008-07-17 12:40:31:406 3572 df8 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89} 2008-07-17 12:40:41:000 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:40:41:671 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {38672CEF-F981-4B1C-BA81-1DAE18F8AA6E}.100] *********** 2008-07-17 12:40:41:718 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:41:718 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 38672CEF-F981-4B1C-BA81-1DAE18F8AA6E is "Priority" regulated and can NOT download. Sequence 4256 vs AcceptRate 0. 2008-07-17 12:40:41:718 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {B5718698-D6E7-4E54-8744-0136ED23DEF7}.100] *********** 2008-07-17 12:40:41:781 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:41:781 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {FFA61BC5-FDE6-466A-8622-8FDBC971F73D}.100] *********** 2008-07-17 12:40:41:828 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:41:828 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {CB795DF7-7719-4B14-9A5C-866C593A4A58}.100] *********** 2008-07-17 12:40:41:937 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:41:937 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {1FF75EFD-4045-4558-93CE-E4338871B710}.100] *********** 2008-07-17 12:40:41:984 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:41:984 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {60677071-E060-4A1F-AE30-F348E31370B0}.100] *********** 2008-07-17 12:40:42:031 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:42:031 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {D1205BD9-6E05-4FCC-9E4F-AAC7F3C3A566}.100] *********** 2008-07-17 12:40:42:078 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B5718698-D6E7-4E54-8744-0136ED23DEF7 is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FFA61BC5-FDE6-466A-8622-8FDBC971F73D is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update CB795DF7-7719-4B14-9A5C-866C593A4A58 is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 1FF75EFD-4045-4558-93CE-E4338871B710 is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 60677071-E060-4A1F-AE30-F348E31370B0 is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update D1205BD9-6E05-4FCC-9E4F-AAC7F3C3A566 is "PerUpdate" regulated and can NOT download. Sequence 1570 vs AcceptRate 0. 2008-07-17 12:40:42:078 1216 c40 DnldMgr Generating download request for update {60677071-E060-4A1F-AE30-F348E31370B0}.100 2008-07-17 12:40:43:593 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {DA783AEB-B73F-4579-B546-39E9A26F03C3}, succeeded] 2008-07-17 12:40:43:593 1216 c44 AU AU checked download status and it changed: Downloading is paused 2008-07-17 12:40:43:593 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:40:43:625 1216 c44 AU Auto-approving update for install, updateId = {DA783AEB-B73F-4579-B546-39E9A26F03C3}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=1 2008-07-17 12:40:43:625 1216 c44 AU Auto-approved 1 update(s) for install (NOT for Ux), installType=2 2008-07-17 12:40:43:625 1216 c44 AU ############# 2008-07-17 12:40:43:625 1216 c44 AU ## START ## AU: Install updates 2008-07-17 12:40:43:625 1216 c44 AU ######### 2008-07-17 12:40:43:625 1216 c44 AU # Initiating minor updates install 2008-07-17 12:40:43:625 1216 c44 AU # Approved updates = 1 2008-07-17 12:40:43:625 1216 c44 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {B250DB57-523B-457F-9ECE-3F248BD2400E}] 2008-07-17 12:40:43:687 1216 fe8 Agent ************* 2008-07-17 12:40:43:687 1216 fe8 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates] 2008-07-17 12:40:43:750 1216 fe8 Agent ********* 2008-07-17 12:40:43:750 1216 fe8 Agent * Updates to install = 1 2008-07-17 12:40:43:796 1216 c40 Handler MSP download: file proofsp1-es-es.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325) 2008-07-17 12:40:44:000 1216 c40 DnldMgr Generating download request for update {B5718698-D6E7-4E54-8744-0136ED23DEF7}.100 2008-07-17 12:40:44:000 1216 fe8 Agent * Title = Definition Update for Windows Defender - KB915597 (Definition 1.37.746.0) 2008-07-17 12:40:44:000 1216 fe8 Agent * UpdateId = {DA783AEB-B73F-4579-B546-39E9A26F03C3}.100 2008-07-17 12:40:44:000 1216 fe8 Agent * Bundles 1 updates: 2008-07-17 12:40:44:000 1216 fe8 Agent * {1BDB48A1-7A6A-4CF6-89AA-2CED0AFB20FD}.100 2008-07-17 12:42:18:765 1216 c40 Handler MSP download: file mainwwsp1.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652) 2008-07-17 12:42:18:765 3572 df8 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000 2008-07-17 12:42:18:859 1216 2d4 AU AU received handle event 2008-07-17 12:42:22:812 1216 c40 DnldMgr Generating download request for update {FFA61BC5-FDE6-466A-8622-8FDBC971F73D}.100 2008-07-17 12:42:30:546 1216 c40 Handler MSP download: file mainmuisp1-en-us.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f) 2008-07-17 12:42:31:015 1216 c40 DnldMgr Generating download request for update {D1205BD9-6E05-4FCC-9E4F-AAC7F3C3A566}.100 2008-07-17 12:42:32:062 1216 c40 Handler MSP download: file proofsp1-fr-fr.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3) 2008-07-17 12:42:32:062 1216 c40 DnldMgr Generating download request for update {38672CEF-F981-4B1C-BA81-1DAE18F8AA6E}.100 2008-07-17 12:42:36:687 1216 c40 Handler MSP download: file outlook.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834) 2008-07-17 12:42:36:734 1216 c40 DnldMgr Generating download request for update {CB795DF7-7719-4B14-9A5C-866C593A4A58}.100 2008-07-17 12:42:39:500 1216 c40 Handler MSP download: file proofsp1-en-us.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e) 2008-07-17 12:42:39:546 1216 c40 DnldMgr Generating download request for update {1FF75EFD-4045-4558-93CE-E4338871B710}.100 2008-07-17 12:42:43:265 1216 c40 Handler MSP download: file clientsharedmuisp1-en-us.cab already exists in sandbox directory (C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813) 2008-07-17 12:42:43:484 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {38672CEF-F981-4B1C-BA81-1DAE18F8AA6E}.100] *********** 2008-07-17 12:42:43:484 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:781 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {B5718698-D6E7-4E54-8744-0136ED23DEF7}.100] *********** 2008-07-17 12:42:43:781 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:828 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {FFA61BC5-FDE6-466A-8622-8FDBC971F73D}.100] *********** 2008-07-17 12:42:43:828 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:859 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {CB795DF7-7719-4B14-9A5C-866C593A4A58}.100] *********** 2008-07-17 12:42:43:859 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:906 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {1FF75EFD-4045-4558-93CE-E4338871B710}.100] *********** 2008-07-17 12:42:43:906 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:953 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {60677071-E060-4A1F-AE30-F348E31370B0}.100] *********** 2008-07-17 12:42:43:953 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:43:984 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {D1205BD9-6E05-4FCC-9E4F-AAC7F3C3A566}.100] *********** 2008-07-17 12:42:43:984 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:42:44:093 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {9D177940-04A9-4576-8118-59844F725602}, succeeded] 2008-07-17 12:42:46:125 1216 c40 Report REPORT EVENT: {54B7BA37-4537-4475-890C-4D4E6ED6D575} 2008-07-17 12:40:10:187+0200 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed. 2008-07-17 12:42:46:218 1216 c40 Report REPORT EVENT: {1C137785-1DB4-4069-9C66-FF5BFEAED71C} 2008-07-17 12:40:43:625+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Definition Update for Windows Defender - KB915597 (Definition 1.37.746.0) 2008-07-17 12:42:46:718 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {2470E441-42FA-4397-B6AE-9E5498F47962}, succeeded] 2008-07-17 12:42:46:718 1216 c40 Agent ************* 2008-07-17 12:42:46:734 1216 c40 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2008-07-17 12:42:46:734 1216 c40 Agent ********* 2008-07-17 12:42:46:734 1216 c40 Agent * Online = No; Ignore download priority = No 2008-07-17 12:42:46:734 1216 c40 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2008-07-17 12:42:46:734 1216 c40 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} 2008-07-17 12:42:46:734 1216 c44 AU ######### 2008-07-17 12:42:46:734 1216 c44 AU ## END ## AU: Download updates 2008-07-17 12:42:46:734 1216 c44 AU ############# 2008-07-17 12:43:02:578 3116 c30 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:43:02:578 3116 c30 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 12:43:02:578 3116 c30 AUClnt FATAL: Error: 0x80004002. wuauclt handler: failed to spawn COM server 2008-07-17 12:43:02:593 1216 fe8 Handler FATAL: 0x80004002: ERROR: Remote update handler container process created (PID: 3116), but exited before signaling event 2008-07-17 12:43:04:593 1216 c44 AU >>## RESUMED ## AU: Installing update [updateId = {DA783AEB-B73F-4579-B546-39E9A26F03C3}] 2008-07-17 12:43:04:593 1216 fe8 Agent * WARNING: Exit code = 0x80004002 2008-07-17 12:43:04:593 1216 fe8 Agent ********* 2008-07-17 12:43:04:593 1216 fe8 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:04:593 1216 fe8 Agent ************* 2008-07-17 12:43:04:593 1216 fe8 Agent WARNING: WU client failed installing updates with error 0x80004002 2008-07-17 12:43:04:593 1216 c44 AU # WARNING: Install skipped 2008-07-17 12:43:04:593 1216 c44 AU Install call completed. 2008-07-17 12:43:04:593 1216 c44 AU # WARNING: Install call failed, reboot required = No, error = 0x80004002 2008-07-17 12:43:04:593 1216 c44 AU ######### 2008-07-17 12:43:04:593 1216 c44 AU ## END ## AU: Installing updates [CallId = {B250DB57-523B-457F-9ECE-3F248BD2400E}] 2008-07-17 12:43:04:593 1216 c44 AU ############# 2008-07-17 12:43:04:593 1216 c44 AU Install complete for all calls, reboot NOT needed 2008-07-17 12:43:04:593 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:04:593 1216 c44 AU AU setting pending client directive to 'Install Approval' 2008-07-17 12:43:04:640 1216 c44 AU Piggybacking on an AU detection already in progress 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {28190A6C-BDE4-4B91-83BC-1F0231B694B2}.103 to search result 2008-07-17 12:43:11:515 1216 c40 Agent Update {0162A7A8-01E2-416F-ADCB-2C68141A7183}.104 is pruned out due to potential supersedence 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {2470E441-42FA-4397-B6AE-9E5498F47962}.103 to search result 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {ED0D8850-60F4-48FC-BD76-49EED8A6F341}.106 to search result 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {B4D318F7-B6A2-4470-A051-1D20600AAD80}.106 to search result 2008-07-17 12:43:11:515 1216 c40 Agent Update {9BC241F4-5D8A-41F0-8B4C-05CF37631237}.100 is pruned out due to potential supersedence 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {9D177940-04A9-4576-8118-59844F725602}.100 to search result 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {44F3BFC5-1C64-41E2-839D-A91407634BAB}.101 to search result 2008-07-17 12:43:11:515 1216 c40 Agent Update {66D4AAF6-21E3-4E78-BBE1-B8ABCEA2243D}.100 is pruned out due to potential supersedence 2008-07-17 12:43:11:515 1216 c40 Agent Update {4C386996-10DF-4A10-AE2E-B4BD48C2B394}.100 is pruned out due to potential supersedence 2008-07-17 12:43:11:515 1216 c40 Agent Update {1FE563C0-BE8F-458B-8DBA-3700CDE412B5}.100 is pruned out due to potential supersedence 2008-07-17 12:43:11:515 1216 c40 Agent * Added update {DA783AEB-B73F-4579-B546-39E9A26F03C3}.100 to search result 2008-07-17 12:43:11:515 1216 c40 Agent * Found 7 updates and 39 categories in search; evaluated appl. rules of 734 out of 954 deployed entities 2008-07-17 12:43:11:609 1216 c40 Agent ********* 2008-07-17 12:43:11:609 1216 c40 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:11:609 1216 c40 Agent ************* 2008-07-17 12:43:11:609 1216 c44 AU >>## RESUMED ## AU: Search for updates [CallId = {0ECE1DE9-2B2D-46D6-9E2B-E1449A6D0069}] 2008-07-17 12:43:11:609 1216 c44 AU # 7 updates detected 2008-07-17 12:43:11:609 1216 c40 Report REPORT EVENT: {FB64F8EE-EFF6-45C4-9404-652928BB8988} 2008-07-17 12:42:44:765+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) 2008-07-17 12:43:11:609 1216 c40 Report REPORT EVENT: {09CCE7C7-FBD2-4963-B958-F5256FE975DE} 2008-07-17 12:42:46:875+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) - 2007 Microsoft Office Suite Service Pack 1 (SP1) 2008-07-17 12:43:11:640 1216 c44 AU WARNING: AU ignoring update during offline scan: 2008-07-17 12:43:11:640 1216 c44 AU ######### 2008-07-17 12:43:11:640 1216 c44 AU ## END ## AU: Search for updates [CallId = {0ECE1DE9-2B2D-46D6-9E2B-E1449A6D0069}] 2008-07-17 12:43:11:640 1216 c44 AU ############# 2008-07-17 12:43:11:640 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:11:640 1216 c44 AU Auto-approving update for download, updateId = {ED0D8850-60F4-48FC-BD76-49EED8A6F341}.106, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0 2008-07-17 12:43:11:640 1216 c44 AU Auto-approving update for download, updateId = {28190A6C-BDE4-4B91-83BC-1F0231B694B2}.103, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0 2008-07-17 12:43:11:640 1216 c44 AU Auto-approving update for download, updateId = {44F3BFC5-1C64-41E2-839D-A91407634BAB}.101, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0 2008-07-17 12:43:11:640 1216 c44 AU Auto-approving update for download, updateId = {B4D318F7-B6A2-4470-A051-1D20600AAD80}.106, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0 2008-07-17 12:43:11:640 1216 c44 AU Auto-approved 4 update(s) for download (NOT for Ux) 2008-07-17 12:43:11:640 1216 c44 AU ############# 2008-07-17 12:43:11:640 1216 c44 AU ## START ## AU: Download updates 2008-07-17 12:43:11:640 1216 c44 AU ######### 2008-07-17 12:43:11:640 1216 c44 AU # Approved updates = 4 2008-07-17 12:43:11:687 1216 c44 AU AU initiated download, updateId = {ED0D8850-60F4-48FC-BD76-49EED8A6F341}.106, callId = {893DC918-0C2D-4CAB-A2E7-4FC95FE35CD1} 2008-07-17 12:43:11:703 1216 c44 AU AU initiated download, updateId = {28190A6C-BDE4-4B91-83BC-1F0231B694B2}.103, callId = {BC27AA8D-BE1D-4ADD-A16D-F82F4C11CE15} 2008-07-17 12:43:11:828 1216 c40 DnldMgr ************* 2008-07-17 12:43:11:828 1216 c44 AU AU initiated download, updateId = {44F3BFC5-1C64-41E2-839D-A91407634BAB}.101, callId = {27830E65-4472-40ED-8768-DF0E146AF15A} 2008-07-17 12:43:11:828 1216 c40 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:11:828 1216 c40 DnldMgr ********* 2008-07-17 12:43:11:859 1216 c40 DnldMgr * Call ID = {893DC918-0C2D-4CAB-A2E7-4FC95FE35CD1} 2008-07-17 12:43:11:859 1216 c40 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D} 2008-07-17 12:43:11:859 1216 c40 DnldMgr * Updates to download = 1 2008-07-17 12:43:11:859 1216 c40 Agent * Title = Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) 2008-07-17 12:43:11:859 1216 c40 Agent * UpdateId = {ED0D8850-60F4-48FC-BD76-49EED8A6F341}.106 2008-07-17 12:43:11:859 1216 c44 AU AU initiated download, updateId = {B4D318F7-B6A2-4470-A051-1D20600AAD80}.106, callId = {0F47F077-86E7-40F9-B903-C427AFE784C3} 2008-07-17 12:43:11:859 1216 c40 Agent * Bundles 1 updates: 2008-07-17 12:43:11:859 1216 c40 Agent * {62D0071B-11C4-43C9-A3E9-A27E32E12D07}.106 2008-07-17 12:43:11:859 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:11:859 1216 c40 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 12:43:11:859 1216 c40 DnldMgr Contacting regulation server for 12 updates. 2008-07-17 12:43:11:859 1216 c44 AU # Pending download calls = 4 2008-07-17 12:43:11:859 1216 c44 AU <<## SUBMITTED ## AU: Download updates 2008-07-17 12:43:11:890 1216 c40 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab: 2008-07-17 12:43:11:890 1216 c40 Misc Microsoft signed: Yes 2008-07-17 12:43:11:906 1216 c40 DnldMgr Regulation server path: http://www.update.microsoft.com/v6/UpdateR...Regulation.asmx. 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: 60677071-e060-4a1f-ae30-f348e31370b0 at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: b5718698-d6e7-4e54-8744-0136ed23def7 at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: ffa61bc5-fde6-466a-8622-8fdbc971f73d at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: d1205bd9-6e05-4fcc-9e4f-aac7f3c3a566 at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: cb795df7-7719-4b14-9a5c-866c593a4a58 at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr Per-Update: 1ff75efd-4045-4558-93ce-e4338871b710 at rate 0 2008-07-17 12:43:12:281 1216 c40 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 12:43:12:281 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {62D0071B-11C4-43C9-A3E9-A27E32E12D07}.106] *********** 2008-07-17 12:43:12:281 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:43:12:281 1216 c40 DnldMgr Generating download request for update {62D0071B-11C4-43C9-A3E9-A27E32E12D07}.106 2008-07-17 12:43:13:296 1216 c44 AU AU checked download status and it changed: Downloading is not paused 2008-07-17 12:43:13:296 1216 c40 Handler Windows Patch download for UpdateId = {62D0071B-11C4-43C9-A3E9-A27E32E12D07}: selected action is download full-file. 2008-07-17 12:43:13:296 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {62D0071B-11C4-43C9-A3E9-A27E32E12D07}.106] *********** 2008-07-17 12:43:13:296 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:43:13:296 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {ED0D8850-60F4-48FC-BD76-49EED8A6F341}, succeeded] 2008-07-17 12:43:13:296 1216 c40 Agent ********* 2008-07-17 12:43:13:296 1216 c40 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:13:296 1216 c40 Agent ************* 2008-07-17 12:43:13:296 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:13:343 1216 c40 DnldMgr ************* 2008-07-17 12:43:13:343 1216 c40 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:13:343 1216 c40 DnldMgr ********* 2008-07-17 12:43:13:343 1216 c40 DnldMgr * Call ID = {BC27AA8D-BE1D-4ADD-A16D-F82F4C11CE15} 2008-07-17 12:43:13:343 1216 c40 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D} 2008-07-17 12:43:13:343 1216 c40 DnldMgr * Updates to download = 1 2008-07-17 12:43:13:343 1216 c40 Agent * Title = Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) 2008-07-17 12:43:13:343 1216 c40 Agent * UpdateId = {28190A6C-BDE4-4B91-83BC-1F0231B694B2}.103 2008-07-17 12:43:13:343 1216 c40 Agent * Bundles 1 updates: 2008-07-17 12:43:13:343 1216 c40 Agent * {532DE0D7-B6DF-4374-8DAB-40B918908B2E}.103 2008-07-17 12:43:13:359 1216 c40 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 12:43:13:359 1216 c40 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 12:43:13:359 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {532DE0D7-B6DF-4374-8DAB-40B918908B2E}.103] *********** 2008-07-17 12:43:14:093 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:43:14:093 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {28190A6C-BDE4-4B91-83BC-1F0231B694B2}, succeeded] 2008-07-17 12:43:14:093 1216 c40 Agent ********* 2008-07-17 12:43:14:093 1216 c40 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:14:093 1216 c40 Agent ************* 2008-07-17 12:43:14:093 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:14:109 1216 c40 DnldMgr ************* 2008-07-17 12:43:14:109 1216 c40 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:14:109 1216 c40 DnldMgr ********* 2008-07-17 12:43:14:109 1216 c40 DnldMgr * Call ID = {27830E65-4472-40ED-8768-DF0E146AF15A} 2008-07-17 12:43:14:109 1216 c40 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D} 2008-07-17 12:43:14:109 1216 c40 DnldMgr * Updates to download = 1 2008-07-17 12:43:14:109 1216 c40 Agent * Title = Update for Windows XP (KB951978) 2008-07-17 12:43:14:109 1216 c40 Agent * UpdateId = {44F3BFC5-1C64-41E2-839D-A91407634BAB}.101 2008-07-17 12:43:14:109 1216 c40 Agent * Bundles 1 updates: 2008-07-17 12:43:14:109 1216 c40 Agent * {E3E55B65-F747-405D-A436-6A06BF5D993C}.101 2008-07-17 12:43:14:109 1216 c40 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 12:43:14:109 1216 c40 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 12:43:14:109 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {E3E55B65-F747-405D-A436-6A06BF5D993C}.101] *********** 2008-07-17 12:43:14:156 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:43:14:156 1216 c40 DnldMgr Generating download request for update {E3E55B65-F747-405D-A436-6A06BF5D993C}.101 2008-07-17 12:43:18:296 1216 c40 Handler Windows Patch download for UpdateId = {E3E55B65-F747-405D-A436-6A06BF5D993C}: selected action is download express (delta). 2008-07-17 12:43:19:593 1216 2d4 AU Launched new AU client for directive 'Install Approval', session id = 0x0 2008-07-17 12:43:19:625 3636 e54 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:43:19:625 3636 e54 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 12:43:19:625 3636 e54 AUClnt Launched Client UI process 2008-07-17 12:43:19:671 3636 e54 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 12:43:19:671 3636 e54 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 12:43:19:671 3636 e54 Misc = Module: C:\WINDOWS\system32\wucltui.dll 2008-07-17 12:43:19:671 3636 e54 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000 2008-07-17 12:43:19:671 3636 e54 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89} 2008-07-17 12:43:44:562 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {E3E55B65-F747-405D-A436-6A06BF5D993C}.101] *********** 2008-07-17 12:43:44:750 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:43:44:921 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {44F3BFC5-1C64-41E2-839D-A91407634BAB}, succeeded] 2008-07-17 12:43:44:921 1216 c40 Agent ********* 2008-07-17 12:43:44:921 1216 c40 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:44:921 1216 c40 Agent ************* 2008-07-17 12:43:44:921 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:43:44:968 1216 c40 DnldMgr ************* 2008-07-17 12:43:44:968 1216 c40 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:43:44:968 1216 c40 DnldMgr ********* 2008-07-17 12:43:44:968 1216 c40 DnldMgr * Call ID = {0F47F077-86E7-40F9-B903-C427AFE784C3} 2008-07-17 12:43:44:968 1216 c40 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D} 2008-07-17 12:43:44:968 1216 c40 DnldMgr * Updates to download = 1 2008-07-17 12:43:44:968 1216 c40 Agent * Title = Cumulative Security Update for Internet Explorer 7 for Windows XP (KB950759) 2008-07-17 12:43:44:968 1216 c40 Agent * UpdateId = {B4D318F7-B6A2-4470-A051-1D20600AAD80}.106 2008-07-17 12:43:44:968 1216 c40 Agent * Bundles 1 updates: 2008-07-17 12:43:44:968 1216 c40 Agent * {665968F0-0FD1-46D0-B5EC-C9E416E55BDF}.105 2008-07-17 12:43:45:000 1216 c40 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 12:43:45:000 1216 c40 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 12:43:45:062 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {665968F0-0FD1-46D0-B5EC-C9E416E55BDF}.105] *********** 2008-07-17 12:43:45:093 1216 c40 DnldMgr * Queueing update for download handler request generation. 2008-07-17 12:43:45:093 1216 c40 DnldMgr Generating download request for update {665968F0-0FD1-46D0-B5EC-C9E416E55BDF}.105 2008-07-17 12:44:07:906 1216 c40 Handler Windows Patch download for UpdateId = {665968F0-0FD1-46D0-B5EC-C9E416E55BDF}: selected action is download full-file. 2008-07-17 12:44:07:906 1216 c40 DnldMgr *********** DnldMgr: New download job [updateId = {665968F0-0FD1-46D0-B5EC-C9E416E55BDF}.105] *********** 2008-07-17 12:44:08:093 1216 c40 DnldMgr * All files for update were already downloaded and are valid. 2008-07-17 12:44:08:140 1216 c44 AU >>## RESUMED ## AU: Download update [updateId = {B4D318F7-B6A2-4470-A051-1D20600AAD80}, succeeded] 2008-07-17 12:44:08:140 1216 c44 AU ######### 2008-07-17 12:44:08:140 1216 c44 AU ## END ## AU: Download updates 2008-07-17 12:44:08:140 1216 c44 AU ############# 2008-07-17 12:44:08:140 1216 c44 AU Setting AU scheduled install time to 2008-07-18 01:00:00 2008-07-17 12:44:08:140 1216 c40 Agent ********* 2008-07-17 12:44:08:140 1216 c40 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates] 2008-07-17 12:44:08:140 1216 c40 Agent ************* 2008-07-17 12:44:08:140 1216 c40 Report REPORT EVENT: {B337F0DA-F020-4606-A4E0-7B6FF136784A} 2008-07-17 12:43:13:343+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) - 2007 Microsoft Office Suite Service Pack 1 (SP1) - Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) 2008-07-17 12:44:08:140 1216 c40 Report REPORT EVENT: {040CF0BE-AC3E-4CF9-AF1A-10A9ACCFBE87} 2008-07-17 12:43:14:093+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) - 2007 Microsoft Office Suite Service Pack 1 (SP1) - Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) - Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) 2008-07-17 12:44:08:140 1216 c40 Report REPORT EVENT: {6C0A9D7E-7C18-4A92-8E84-17839885C027} 2008-07-17 12:43:44:968+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) - 2007 Microsoft Office Suite Service Pack 1 (SP1) - Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) - Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) - Update for Windows XP (KB951978) 2008-07-17 12:44:13:140 1216 c40 Report REPORT EVENT: {59E60F52-8676-4EF1-A86D-7DD9AB0CF76E} 2008-07-17 12:44:08:140+0200 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 18 July 2008 at 03:00: - Update for Microsoft Office Outlook 2007 (KB952142) - 2007 Microsoft Office Suite Service Pack 1 (SP1) - Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) - Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) - Update for Windows XP (KB951978) - Cumulative Security Update for Internet Explorer 7 for Windows XP (KB950759) 2008-07-17 14:16:12:562 1216 b18 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *********** 2008-07-17 14:16:12:812 1216 b18 DnldMgr * Regulation call complete. 0x00000000 2008-07-17 23:02:41:156 1216 2d4 AU AU received handle event 2008-07-17 23:02:41:281 1216 2d4 AU AU setting pending client directive to 'Install Approval' 2008-07-17 23:02:56:328 1216 2d4 AU WARNING: AU found no suitable session to launch client in 2008-07-17 23:03:40:187 1216 2d4 AU Launched new AU client for directive 'Install Approval', session id = 0x0 2008-07-17 23:03:40:453 2836 ba8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 23:03:40:453 2836 ba8 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 23:03:40:453 2836 ba8 AUClnt Launched Client UI process 2008-07-17 23:03:41:484 2836 ba8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0200) =========== 2008-07-17 23:03:41:484 2836 ba8 Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2008-07-17 23:03:41:484 2836 ba8 Misc = Module: C:\WINDOWS\system32\wucltui.dll 2008-07-17 23:03:41:484 2836 ba8 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000 2008-07-17 23:03:41:859 2836 ba8 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}
  3. Thanks 1972vet, your help has been very much appreciated. The only issue i have now, is how to resolve the issue with windows updates not installing. Any ideas, or can you point me in the direction of another forum or help section?
  4. Probably because i manually deleted the folder when i disabled in msconfig. Just checked again, and definitely not there. Run Killbox and not found either..... Checked msconfig and the entries that we re-enabled (including VAV.exe) are no longer there. System seems to be running fine, no pop-ups, no strange behaviour and smooth as normal Fresh HJT Log:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:23:03, on 16/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9805 bytes
  5. Just got in, as i thought there was no VAV in add/remove programs. Disabled windows defender and downloaded RogueRemover, this turned out clean, nothing found. Run MBAM again, clean nothing found. Same as SpyBot just 1 tracking cookie found so nothing there really Fresh HJT log below:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:55, on 16/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9895 bytes
  6. Hi 1972vet, I am at work at the moment, so not able to do anything until i get home in 5 hours or so. But a little more info for you....... sys4.exe was one of a number of sys running processes that were present that i stoppes over the weekend, i found them all in windows\documents and settings\local settings\user\temp and there were 3 or 4 different files (sys1.exe, sys2.exe etc) deleted from there and they haven't returned either. VAV.exe was a Vista Anti-Virus app or something that downloaded and installed itself, that was the start of all the other viruses etc that opened the floodgates. I remember stopping the running process, and deleting the entire folder from the HDD and disabling in msconfig. I don't remember seeing VAV in add or remove programs, but will check tonight follow as you've posted above and then reply with the requested logs etc
  7. I used the Symantec removal tool (disabled Windows defender incase) Re-anabled the msconfig entries as above, VAV.exe returned an error "File not found" on start-up. Checked C:\Windows\system32\dmcghgdl.dll and the file is no longer there I ran a new MBAM scan and found 2 new entries so posted below with fresh HJT log:- Malwarebytes' Anti-Malware 1.20 Database version: 957 Windows 5.1.2600 Service Pack 3 11:39:28 16/07/2008 mbam-log-7-16-2008 (11-39-28).txt Scan type: Quick Scan Objects scanned: 41342 Time elapsed: 7 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40273316 (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:40:26, on 16/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9819 bytes
  8. I have a number of processes stopped in msconfig, mostly running processes that are no longer required, i don't want to run at start-up, or when i have attempted virus removal in the past and stopped the processes that were flagged. I have uploaded images of what i have running and what i have stopped but Symantec isn't one of them so no idea? I have manually downloaded and installed IE7 again from the windows update site but these are the following updates that have downloaded but are refusing to install:- Update for Microsoft Office Outlook 2007 (KB952142) 2007 Microsoft Office Suite Service Pack 1 (SP1) Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) Update for Windows XP (KB951978) And these are the available updates from Windows Update:- Definition Update for Windows Defender - KB915597 Update for Windows XP (KB951978) Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760) Cumulative Security Update for Internet Explorer 7 for Windows XP (KB950759) Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) Update for Microsoft Office Outlook 2007 (KB952142) 2007 Microsoft Office Suite Service Pack 1 (SP1) They download fine, but just fail to install. I've run services.msc and have Auto Updates, BITS and Event log fully functional (service started on auto) with no errors showing in event log so no idea why they won't install?
  9. I think i know what that is, i had Norton Antivurus 2003 installed a couple of years ago, but the registration expired so uninstalled that and downloaded Avast as it was free and been using that ever since. I trialled a couple of others like Kaspersky but they slowed down my system so now Avast is the ONLY AV program installed and running 100% I don't have any other Symantec products installed, could it be that there are still traces left of of Norton AV from the uninstall? System seems to be performing well, no traces of viruses apart from the tracking cookies that Spybot is picking up but not overly concerned about them. The only other issue is Windows Update not installing the necessary updates so will try and resolve that over the next couple of days. Here is a new HJT Log for you in the meantime:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:41, on 15/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9350 bytes
  10. Quick question, one of the issues i had at the weekend was one of the virused had disabled Auto Update for XP. I managed to get that up and running again but....... I now have 192mb of updates to install which include IE7, they download but ALL fail to install for some reason. No idea why, and no error number or log on the Windows update site either Here's the full SpyBot S&D log from the latest version fully updated --- Search result list --- Hint of the Day: Click the bar at the right of this to see more information! () Zedo: Tracking cookie (Internet Explorer: User) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) Right Media: Tracking cookie (Firefox: default) (Cookie, fixed) DirectTrack: Tracking cookie (Firefox: default) (Cookie, fixed) MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) DirectTrack: Tracking cookie (Firefox: default) (Cookie, fixed) DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed) MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed) Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed) Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-07-07 TeaTimer.exe (1.6.0.20) 2004-04-27 unins000.exe (51.13.0.0) 2008-07-15 unins001.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-07-07 advcheck.dll (1.6.1.12) 2007-04-02 aports.dll (2.1.0.0) 2004-05-12 borlndmm.dll (7.0.4.453) 2004-05-12 delphimm.dll (7.0.4.453) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-07-07 SDHelper.dll (1.6.0.12) 2008-06-19 sqlite3.dll 2008-07-07 Tools.dll (2.1.5.7) 2004-05-12 UnzDll.dll (1.73.1.1) 2004-05-12 ZipDll.dll (1.73.2.0) 2008-06-17 Includes\Adware.sbi (*) 2008-07-07 Includes\AdwareC.sbi (*) 2008-06-03 Includes\Cookies.sbi (*) 2008-06-03 Includes\Dialer.sbi (*) 2008-07-07 Includes\DialerC.sbi (*) 2008-06-03 Includes\HeavyDuty.sbi (*) 2008-07-08 Includes\Hijackers.sbi (*) 2008-07-08 Includes\HijackersC.sbi (*) 2008-06-25 Includes\Keyloggers.sbi (*) 2008-07-08 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-07-02 Includes\Malware.sbi (*) 2008-07-08 Includes\MalwareC.sbi (*) 2008-06-17 Includes\PUPS.sbi (*) 2008-07-01 Includes\PUPSC.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-10 Includes\Security.sbi (*) 2008-07-08 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-06-17 Includes\Spyware.sbi (*) 2008-07-08 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-06-24 Includes\Trojans.sbi (*) 2008-07-08 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782) / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Windows XP Service Pack 3 / Windows XP / SP4: Security Update for Windows XP (KB950760) / Windows XP / SP4: Security Update for Windows XP (KB950762) / Windows XP / SP4: Security Update for Windows XP (KB951376) / Windows XP / SP4: Security Update for Windows XP (KB951376-v2) / Windows XP / SP4: Security Update for Windows XP (KB951698) / Windows XP / SP4: Security Update for Windows XP (KB951748) / Windows XP / SP4: Update for Windows XP (KB951978) --- Startup entries list --- Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2} command: C:\Program Files\Google\Gmail Notifier\gnotify.exe file: C:\Program Files\Google\Gmail Notifier\gnotify.exe size: 479232 MD5: 3DF7AC30A381C57D0C70EAEFEE3C4EF2 Located: HK_LM:Run, AppleSyncNotifier command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe size: 116040 MD5: 27E0EB81AE55788C8FBE6D489F862168 Located: HK_LM:Run, avast! command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe size: 79224 MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F Located: HK_LM:Run, HotKeysCmds command: C:\WINDOWS\system32\hkcmd.exe file: C:\WINDOWS\system32\hkcmd.exe size: 166424 MD5: 4CCD8266E948D29C698FE6393D5A9CA9 Located: HK_LM:Run, IgfxTray command: C:\WINDOWS\system32\igfxtray.exe file: C:\WINDOWS\system32\igfxtray.exe size: 141848 MD5: 407E99FD256DAF061C4FFADC0AB0DDBB Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 289064 MD5: 12577ED7558A642C53C959E72FF2455F Located: HK_LM:Run, Persistence command: C:\WINDOWS\system32\igfxpers.exe file: C:\WINDOWS\system32\igfxpers.exe size: 137752 MD5: 601D21C2B66AB945C0A73C07A8E0C928 Located: HK_LM:Run, RTHDCPL command: RTHDCPL.EXE file: C:\WINDOWS\RTHDCPL.EXE size: 16855552 MD5: 9BED5FA9D8E98A1C4F8A9922185FDA7D Located: HK_LM:Run, SkyTel command: SkyTel.EXE file: C:\WINDOWS\SkyTel.EXE size: 1826816 MD5: 8A451B4C2E8688311B7483B2D61D3FB6 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe size: 144784 MD5: 6AB4C021FBD36DC6764924C312428D97 Located: HK_LM:Run, Windows Defender command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide file: C:\Program Files\Windows Defender\MSASCui.exe size: 866584 MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC Located: HK_CU:Run, ALUAlert where: .DEFAULT... command: C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe file: C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, Nokia.PCSync where: .DEFAULT... command: C:\Program Files\Nokia\Nokia PC Suite 6 Enterprise Edition\PcSync2.exe /NoDialog file: C:\Program Files\Nokia\Nokia PC Suite 6 Enterprise Edition\PcSync2.exe size: 1265664 MD5: 295BA32F60D1EA780288458D508EF6A1 Located: HK_CU:Run, CTFMON.EXE where: PE_C_JOHAN... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, msnmsgr where: PE_C_JOHAN... command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe size: 5724184 MD5: A8972A2F9A744DD5EE0BFE429D767F1C Located: HK_CU:Run, CTFMON.EXE where: S-1-5-19... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-20... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-21-1606980848-602609370-839522115-1003... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, MsnMsgr where: S-1-5-21-1606980848-602609370-839522115-1003... command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe size: 5724184 MD5: A8972A2F9A744DD5EE0BFE429D767F1C Located: HK_CU:Run, ALUAlert where: S-1-5-18... command: C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe file: C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, Nokia.PCSync where: S-1-5-18... command: C:\Program Files\Nokia\Nokia PC Suite 6 Enterprise Edition\PcSync2.exe /NoDialog file: C:\Program Files\Nokia\Nokia PC Suite 6 Enterprise Edition\PcSync2.exe size: 1265664 MD5: 295BA32F60D1EA780288458D508EF6A1 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, dimsntfy command: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, igfxcui command: igfxdev.dll file: igfxdev.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 12/05/2004 01:03:00 Date (last access): 15/07/2008 02:56:42 Date (last write): 07/07/2008 09:41:58 Filesize: 1562448 Attributes: archive MD5: 32981ADE44D01EC2A9EBC2E311291707 CRC32: C2F522E6 Version: 1.6.0.12 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0_07\bin\ Long name: ssv.dll Short name: Date (created): 12/07/2008 23:33:44 Date (last access): 15/07/2008 03:07:28 Date (last write): 10/06/2008 04:27:02 Filesize: 509328 Attributes: archive MD5: F921D875A1CBD69A6A462BA2514BC831 CRC32: 38AC9EE2 Version: 6.0.70.6 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Sign-in Helper Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 20/09/2007 10:30:18 Date (last access): 15/07/2008 03:05:56 Date (last write): 20/09/2007 10:30:18 Filesize: 328752 Attributes: archive MD5: 59CF5BF6684AFCF906CADAD39B4214DE CRC32: C363813C Version: 4.200.520.1 {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Toolbar Helper Path: C:\Program Files\Windows Live Toolbar\ Long name: msntb.dll Short name: Date (created): 19/10/2007 11:20:48 Date (last access): 15/07/2008 03:07:28 Date (last write): 19/10/2007 11:20:48 Filesize: 546320 Attributes: archive MD5: CEE1BE1DA21300208D07FBEAE9EA2B51 CRC32: 12446524 Version: 3.1.0.146 --- ActiveX list --- {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) DPF name: CLSID name: Facebook Photo Uploader 5 Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf Codebase: http://upload.facebook.com/controls/Facebo...toUploader5.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: ImageUploader5.ocx Short name: IMAGEU~1.OCX Date (created): 09/04/2008 15:27:42 Date (last access): 15/07/2008 03:11:22 Date (last write): 09/04/2008 15:27:42 Filesize: 3175136 Attributes: archive MD5: C34D0189E37CDE86947B889FBEB81C7A CRC32: DAEE829D Version: 5.1.11.0 {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) DPF name: CLSID name: Windows Live Safety Center Base Module Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf Codebase: http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: wlscBase.dll Short name: Date (created): 24/06/2008 08:05:12 Date (last access): 15/07/2008 03:02:40 Date (last write): 24/06/2008 08:05:12 Filesize: 455744 Attributes: archive MD5: 17536C890DF63AB4644EB111C28128F5 CRC32: 0E5EC3BB Version: 1.8.5036.1 {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) DPF name: CLSID name: WUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf Codebase: http://www.update.microsoft.com/windowsupd...b?1215878691109 Path: C:\WINDOWS\system32\ Long name: wuweb.dll Short name: Date (created): 18/04/2008 16:23:42 Date (last access): 15/07/2008 03:04:50 Date (last write): 30/07/2007 19:19:46 Filesize: 203096 Attributes: archive MD5: FD984F9BFC9C62BD6546BD183CE5ADE7 CRC32: 8092F837 Version: 7.0.6000.381 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) DPF name: CLSID name: MUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf Codebase: http://www.update.microsoft.com/microsoftu...b?1208543610937 Path: C:\WINDOWS\system32\ Long name: muweb.dll Short name: Date (created): 30/07/2007 19:18:34 Date (last access): 15/07/2008 03:04:50 Date (last write): 30/07/2007 19:18:34 Filesize: 207736 Attributes: archive MD5: 8038B166CE79E58E193566150CE26465 CRC32: 9137D395 Version: 7.0.6000.381 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 Date (last access): 15/07/2008 03:11:22 Date (last write): 10/06/2008 04:27:02 Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_05 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_05\bin\ Long name: npjpi160_05.dll Short name: NPJPI1~1.DLL Date (created): 22/02/2008 02:33:32 Date (last access): 15/07/2008 03:11:22 Date (last write): 22/02/2008 04:25:20 Filesize: 132496 Attributes: archive MD5: 4FDFB86D78994BD71CBB779A7809E9CD CRC32: 5A0EB880 Version: 6.0.50.13 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 Date (last access): 15/07/2008 03:11:22 Date (last write): 10/06/2008 04:27:02 Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 Date (last access): 15/07/2008 03:11:22 Date (last write): 10/06/2008 04:27:02 Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash9f.ocx Short name: Date (created): 25/03/2008 04:32:42 Date (last access): 15/07/2008 03:11:22 Date (last write): 25/03/2008 04:32:42 Filesize: 2991488 Attributes: readonly archive MD5: 48FDF435B8595604E54125B321924510 CRC32: 12335E29 Version: 9.0.124.0 --- Process list --- PID: 0 ( 0) [system] PID: 684 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 764 ( 684) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 788 ( 684) \??\C:\WINDOWS\system32\winlogon.exe size: 507904 PID: 832 ( 788) C:\WINDOWS\system32\services.exe size: 108544 MD5: 0E776ED5F7CC9F94299E70461B7B8185 PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: BF2466B3E18E970D8A976FB95FC1CA85 PID: 1012 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1088 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1200 ( 832) C:\Program Files\Windows Defender\MsMpEng.exe size: 13592 MD5: F45DD1E1365D857DD08BC23563370D0E PID: 1264 ( 832) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1308 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1428 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1548 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1628 ( 832) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe size: 611664 MD5: 17067069B9A7865028C1F2E6971D0CCC PID: 1672 ( 832) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe size: 17272 MD5: 67AF5593EF8359B56DAD6F289D22494B PID: 1748 ( 832) C:\Program Files\Alwil Software\Avast4\ashServ.exe size: 144760 MD5: 373BF09D372A82EA637CA9A6BC8CC8E9 PID: 1972 (1900) C:\WINDOWS\Explorer.EXE size: 1033728 MD5: 12896823FB95BFB3DC9B46BCAEDC9923 PID: 260 ( 832) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B PID: 1532 ( 832) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe size: 116040 MD5: 68277BB887A67D992A81B01710AFF92A PID: 1600 ( 832) C:\Program Files\Bonjour\mDNSResponder.exe size: 229376 MD5: CFD4C3352E29A8B729536648466E8DF5 PID: 424 ( 832) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe size: 217600 MD5: AB2B9349ADA4AC5EC74B622B8303FE23 PID: 568 ( 832) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 768 (1972) C:\WINDOWS\system32\hkcmd.exe size: 166424 MD5: 4CCD8266E948D29C698FE6393D5A9CA9 PID: 1136 (1012) C:\WINDOWS\system32\igfxsrvc.exe size: 256536 MD5: FAB6E90B4229C2CAC944021E9211594F PID: 1448 (1972) C:\WINDOWS\system32\igfxpers.exe size: 137752 MD5: 601D21C2B66AB945C0A73C07A8E0C928 PID: 1848 (1972) C:\WINDOWS\RTHDCPL.EXE size: 16855552 MD5: 9BED5FA9D8E98A1C4F8A9922185FDA7D PID: 1888 (1972) C:\Program Files\Google\Gmail Notifier\gnotify.exe size: 479232 MD5: 3DF7AC30A381C57D0C70EAEFEE3C4EF2 PID: 2068 (1972) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe size: 144784 MD5: 6AB4C021FBD36DC6764924C312428D97 PID: 2116 (1972) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe size: 79224 MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F PID: 2264 (1972) C:\Program Files\iTunes\iTunesHelper.exe size: 289064 MD5: 12577ED7558A642C53C959E72FF2455F PID: 2292 (1972) C:\Program Files\Windows Defender\MSASCui.exe size: 866584 MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC PID: 2304 (1972) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 PID: 2340 (1972) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe size: 5724184 MD5: A8972A2F9A744DD5EE0BFE429D767F1C PID: 2472 ( 832) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe size: 247160 MD5: 1E105120FCA89F052081D94D8EDDD522 PID: 2600 ( 832) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe size: 349560 MD5: 0AC0D3338B4E4F2744B648FCC35A8BB3 PID: 2960 ( 832) C:\WINDOWS\System32\alg.exe size: 44544 MD5: 8C515081584A38AA007909CD02020B3D PID: 3080 ( 832) C:\Program Files\iPod\bin\iPodService.exe size: 532264 MD5: B510D6665EA4562797187F18094A040E PID: 604 ( 832) C:\Program Files\Windows Live\Messenger\usnsvc.exe size: 98328 MD5: 9D19B042A4FD5C02195071EA2FE0C821 PID: 2104 ( 624) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4891472 MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 15/07/2008 03:14:48 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://home.microsoft.com/access/autosearch.asp?p=%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4EFFB846-0F7D-4956-A8B3-B8FA4E4C8B6C}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4EFFB846-0F7D-4956-A8B3-B8FA4E4C8B6C}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C27A67A3-686A-4E48-937B-E23033381A61}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C27A67A3-686A-4E48-937B-E23033381A61}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{91886BD1-C562-441E-873E-7DCD3BEB17D5}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{91886BD1-C562-441E-873E-7DCD3BEB17D5}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Namespace Provider 3: mdnsNSP GUID: {B600E6E9-553B-4A19-8696-335E5C896153} Filename: C:\Program Files\Bonjour\mdnsNSP.dll Description: Apple Rendezvous protocol DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll DB protocol: mdnsNSP
  11. Yeah, spybot is up-to date. Other things i noticed when all the viruses started coming through as if the floodgates opened, at one stage i had like 150 different variations and types so cut the ADSL connection ASAP and cleaned as many as i could. But MS Juan and Vundo stumped me. IE7 had Privacy options changed to "Accept ALL Cookies" when it's normally at Medium, so downgraded back to IE6 and it seems to be fine now. Also Avast antivrus was disabled which seemed to have caused all the problems, is there a way that a particular virus got through and changed the settings in Avast, that that's how all the others got through. In the meantime, that's why i changed to Firefox and installed Windows Defender...... So far so good, run MDAM a couple of times and coming up clean, Spybot is still showing the same 3 instances but no worries about them if you so they are no problem. Changed the settings in Firefox as you suggested, but otherwise so far so good. No more damn pop-up ad's!!!!!!! I assume that's it and nothing else to do? Thanks for you your help man, it sounds so simple now, but was pulling my hair out for near on 2 days so turned here as a last resort where i should have come here first in retrospect
  12. Hi again, Just run a fresh scan with MBAM and found nothing, but Spybot S&D found the following if this helps:- Avenue A, Inc.: Tracking cookie (Internet Explorer: User) (Cookie, nothing done) Possible extension hijack: Default registry file handler (Registry change, nothing done) HKEY_CLASSES_ROOT\regfile\shell\open\command\!=regedit.exe "%1" Possible extension hijack: Default screen saver handler (Registry change, nothing done) HKEY_CLASSES_ROOT\scrfile\shell\open\command\!="%1" /S --- Spybot - Search && Destroy version: 1.3 --- 2004-05-12 Includes\Cookies.sbi 2004-05-12 Includes\Dialer.sbi 2004-05-12 Includes\Hijackers.sbi 2004-05-12 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-05-12 Includes\Malware.sbi 2004-05-12 Includes\Revision.sbi 2004-05-12 Includes\Security.sbi 2004-05-12 Includes\Spybots.sbi 2004-05-12 Includes\Tracks.uti 2004-05-12 Includes\Trojans.sbi 2007-06-06 Plugins\TCPIPAddress.dll
  13. Thanks 1972vet, New Hijack this log posted. Sorry it took a couple of housr, i live in Spain so there is a time difference to wherever you are. I am off to work soon and won't be able to post back any further logs until this evening but can reply to any questions you have in the meantime Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:36:52, on 14/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9035 bytes
  14. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:06, on 13/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215878691109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208543610937 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9147 bytes
  15. ANALYSIS: 2008-07-13 22:45:07 PROTECTIONS: 1 MALWARE: 11 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.2204.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\xgarbbts.default\Cache\4292372Ed01[
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.