Jump to content

MS Juan and MS Tracker trojan removal


abhsc

Recommended Posts

I have a Lenovo laptop and the free version of Malwarebytes. It detected the Vundo trojan in two registry keys identified as HKEY_LOCAL_MACHINE/Software/Microsoft/MS Juan and MS Tracker. It quarantines them and says they are removed per the logs. However, when I reboot they reappear and are found again by the software. Obviously, something in the start up is recreating these malware entries.

Is there any self-removal technique you can suggest before I turn it over to a pro? Also, I seem to be unable to start Internet Explorer from this computer, it begins to launch and then closes. Is this related?

Any information on how we might have gotten this infection would be helpful as well. Thanks.

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Elise025,

Thanks for responding. I am still having the problem and will follow your instructions later today when I am home with the computer. It may take a day or two if I cannot solve the connectivity problem and have to download a new browser and install it via flash drive. Since you say not to install new programs, would it be better to try to retype the log results into a computer that is not infected vs. adding a new browser?

I may be able to find a version of my current browser that will work and I will try that first.

Thanks,

abhsc

Link to post
Share on other sites

Hi, you can either install a new browser or transfer your logs using a flash drive or CD. Overtyping will be a looooot of work. :blink:

If you use a flashdrive, please use Flash disinfector to protect any clean computer.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Link to post
Share on other sites

Here is the log from OTL:

OTL logfile created on: 9/9/2010 6:15:41 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 47.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 105.87 Gb Total Space | 69.18 Gb Free Space | 65.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.56% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-8469E8DC

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 18:12:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010/08/24 22:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/05/20 21:39:50 | 000,431,608 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files\GoZone\GoZone_iSync.exe

PRC - [2008/05/15 20:19:31 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008/05/15 20:19:24 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008/05/15 20:06:57 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/08/03 20:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/07/05 19:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2007/07/05 19:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2007/07/05 19:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2007/06/28 23:02:08 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/07 20:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2007/04/26 13:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

PRC - [2007/04/09 14:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2007/04/08 21:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe

PRC - [2007/02/08 17:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2007/02/08 17:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2007/02/08 17:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2007/02/08 17:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2007/02/08 17:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

PRC - [2007/01/29 23:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2007/01/05 04:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/11/13 16:23:40 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

PRC - [2006/11/13 15:10:00 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

PRC - [2006/11/12 02:03:16 | 001,405,012 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

PRC - [2006/11/12 01:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

PRC - [2006/11/07 06:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

PRC - [2006/09/06 03:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

PRC - [2006/05/24 01:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006/05/18 20:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2006/04/17 21:00:10 | 000,028,672 | ---- | M] (Wistron Corp.) -- C:\Program Files\PM Agent\WisFnCtrlSvc.exe

PRC - [2006/04/14 14:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2005/11/10 17:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2004/07/27 20:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe

PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

PRC - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe

========== Modules (SafeList) ==========

MOD - [2010/09/09 18:12:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2009/01/23 11:35:54 | 000,134,144 | ---- | M] () -- C:\WINDOWS\system32\pqdclq.dll

MOD - [2009/01/23 11:29:54 | 000,134,144 | ---- | M] () -- C:\WINDOWS\system32\lkydrn.dll

MOD - [2007/06/28 23:02:08 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\BellSouth\HelpCenter40b\bin\sprthook.dll

MOD - [2006/11/12 02:09:38 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2006/08/25 12:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/04 08:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2008/05/15 20:19:24 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2008/05/15 20:19:00 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2008/05/15 20:16:59 | 000,349,560 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2008/05/15 20:06:57 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008/04/03 21:07:05 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/03 20:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/07/05 19:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2007/07/05 19:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2007/06/22 15:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)

SRV - [2007/06/07 20:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2007/04/08 21:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)

SRV - [2007/02/08 17:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007/02/08 17:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2007/02/08 17:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2007/01/29 23:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2007/01/14 03:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)

SRV - [2007/01/12 23:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2007/01/05 04:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)

SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/11/12 01:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/05/24 01:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2006/04/17 21:00:10 | 000,028,672 | ---- | M] (Wistron Corp.) [Auto | Running] -- C:\Program Files\PM Agent\WisFnCtrlSvc.exe -- (WisFnCtrlSvc)

SRV - [2006/04/14 14:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2006/04/14 14:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2006/04/14 14:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/10/14 07:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2005/10/06 22:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - [2008/05/15 20:20:32 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2008/05/15 20:18:33 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2008/05/15 20:16:06 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/05/15 20:15:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2008/05/15 20:14:11 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2008/05/15 20:13:26 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/05/02 14:31:59 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008/05/02 14:31:53 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/04/17 04:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080609.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2008/04/17 04:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080609.003\NAVENG.SYS -- (NAVENG)

DRV - [2008/04/03 21:07:28 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/02/19 21:53:01 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2008/02/19 21:52:01 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2008/02/14 02:51:52 | 000,240,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080606.003\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2008/02/13 15:37:46 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2008/02/13 15:37:46 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007/06/17 01:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/05/22 03:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007/04/09 14:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2007/04/02 15:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/03/08 03:03:56 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2007/02/25 23:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/16 19:46:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/02/15 07:48:54 | 000,202,880 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/02/08 16:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)

DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/01/09 18:32:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/01/09 18:32:13 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2007/01/09 18:32:13 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2007/01/09 18:32:13 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2007/01/09 18:32:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/01/09 18:32:13 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2006/11/12 21:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006/11/08 03:00:10 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/11/08 02:59:34 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/11/08 02:59:30 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/11/06 04:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006/10/29 21:52:04 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2006/10/29 21:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006/10/29 21:51:30 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2006/10/29 21:51:24 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/10/12 03:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/11/08 13:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/04 08:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2004/08/04 02:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2004/08/04 02:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3041465296-3228054719-89024727-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3041465296-3228054719-89024727-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/

IE - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3041465296-3228054719-89024727-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3041465296-3228054719-89024727-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 18:06:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 18:06:21 | 000,000,000 | ---D | M]

[2010/09/09 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/09/09 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w8pdw9ay.default\extensions

[2010/09/09 18:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/07 17:48:47 | 000,350,719 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 12024 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)

O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O2 - BHO: (no name) - {505ABA1C-B86F-4636-BC2D-DCB24460A0BA} - No CLSID value found.

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {A312852C-D85D-47E7-BCF9-90D229AF126C} - No CLSID value found.

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (no name) - {CB98918A-359D-4A77-9498-6AAC27C0266F} - No CLSID value found.

O2 - BHO: (no name) - {df7f29b0-69fe-4710-b95a-548203dce4ff} - C:\WINDOWS\system32\pqdclq.dll ()

O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.

O3 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)

O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKU\.DEFAULT..\Run: [msiexec.exe] File not found

O4 - HKU\S-1-5-18..\Run: [msiexec.exe] File not found

O4 - HKU\S-1-5-21-3041465296-3228054719-89024727-500..\Run: [Download] C:\Program Files\HelpCenterDecomJob\ssGet.exe ()

O4 - HKU\S-1-5-21-3041465296-3228054719-89024727-500..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..Trusted Domains: meadwestvaco.com ([dommlp10] https in Trusted sites)

O15 - HKU\S-1-5-21-3041465296-3228054719-89024727-500\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (lkydrn.dll) - C:\WINDOWS\System32\lkydrn.dll ()

O20 - AppInit_DLLs: (pqdclq.dll) - C:\WINDOWS\System32\pqdclq.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/09/08 11:24:08 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 18:12:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/09/09 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/09/09 18:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2010/09/09 18:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2010/09/09 18:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/09/06 16:12:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010/09/04 16:22:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/08/13 22:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!

[2010/07/14 17:53:02 | 000,000,000 | ---D | C] -- C:\d053dd2b0973b9df23

[2010/07/10 21:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo

[2010/06/20 10:54:19 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys

[2010/06/20 10:54:19 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys

[2010/06/20 10:54:19 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys

[2010/06/20 10:54:19 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys

[2010/06/20 10:54:19 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys

[2010/06/20 10:54:19 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys

[2010/06/20 10:54:18 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys

[2010/06/20 10:54:18 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys

[2010/06/20 10:52:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C

[2010/06/19 14:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin

[2010/06/19 13:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360

[2010/06/19 13:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2010/06/19 13:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite

[2010/06/19 13:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec

[2010/06/19 13:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010/06/19 13:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/06/19 13:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/06/19 13:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/06/19 13:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/06/19 12:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\support.com

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/09 18:12:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/09/09 18:11:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/09/09 18:06:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/09/09 18:06:24 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/09 18:06:24 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/09/09 18:04:51 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/09/09 18:00:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\wrjukzfo.job

[2010/09/09 17:56:05 | 000,025,312 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2010/09/09 17:55:56 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2010/09/09 17:55:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/09 17:55:51 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/09 17:55:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/09 17:55:43 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/06 21:25:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/09/06 11:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/09/04 17:59:50 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoZone iSync.lnk

[2010/09/04 17:59:50 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\GoZone iSync.lnk

[2010/09/04 16:29:27 | 000,003,296 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/09/04 16:29:27 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\76DE36C1C6.sys

[2010/09/03 23:26:32 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2010/09/03 22:59:46 | 000,079,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/09/03 22:50:56 | 000,592,432 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/09/03 22:50:56 | 000,492,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/09/03 22:50:56 | 000,090,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/09/03 22:45:39 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/11 22:11:49 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TurboTax 2009.lnk

[2010/08/07 12:38:30 | 000,001,196 | ---- | M] () -- C:\net_save.dna

[2010/07/28 08:42:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/07/20 08:31:20 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk

[2010/07/20 08:18:51 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/19 09:33:28 | 000,011,455 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2010-07-19 LHH.docx

[2010/07/18 16:44:20 | 000,025,457 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nevis guide[1].docx

[2010/07/16 19:21:53 | 001,135,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB

[2010/07/10 21:38:29 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/07/10 11:26:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/06/20 21:33:02 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK

[2010/06/19 13:45:05 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/06/19 13:33:14 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk

[2010/06/19 13:15:34 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Comcast Security.url

[2010/06/19 13:15:34 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Comcast Email.url

[2010/06/13 12:28:53 | 000,514,399 | ---- | M] () -- C:\M216 Beach House Villas.QBB

[2010/06/13 09:13:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/09 18:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/09 18:06:24 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/09 18:06:24 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/07/19 09:04:10 | 000,011,455 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2010-07-19 LHH.docx

[2010/07/18 16:44:19 | 000,025,457 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nevis guide[1].docx

[2010/07/10 21:38:29 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/06/20 21:32:00 | 001,135,556 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB

[2010/06/20 10:54:19 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat

[2010/06/20 10:54:19 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat

[2010/06/20 10:54:19 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat

[2010/06/20 10:54:19 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat

[2010/06/20 10:54:19 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat

[2010/06/20 10:54:19 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat

[2010/06/20 10:54:19 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf

[2010/06/20 10:54:19 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf

[2010/06/20 10:54:19 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf

[2010/06/20 10:54:19 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf

[2010/06/20 10:54:19 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf

[2010/06/20 10:54:19 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf

[2010/06/20 10:54:18 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat

[2010/06/20 10:54:18 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat

[2010/06/20 10:54:18 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf

[2010/06/20 10:54:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf

[2010/06/20 10:52:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini

[2010/06/19 14:15:50 | 000,057,395 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2010/06/19 13:46:13 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK

[2010/06/19 13:33:14 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk

[2010/06/19 13:15:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Comcast Security.url

[2010/06/19 13:15:34 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Comcast Email.url

[2010/06/19 13:15:32 | 000,015,086 | ---- | C] () -- C:\WINDOWS\ComcastEmail.ico

[2010/06/19 13:15:32 | 000,007,982 | ---- | C] () -- C:\WINDOWS\ComcastSecurity.ico

[2010/06/19 12:38:24 | 000,001,196 | ---- | C] () -- C:\net_save.dna

[2009/06/26 19:45:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/27 09:57:29 | 000,008,607 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2009/01/23 11:35:54 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\rrvbsnpv.dll

[2009/01/23 11:35:54 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\pqdclq.dll

[2009/01/23 11:29:54 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\lkydrn.dll

[2009/01/23 11:29:54 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\chsmssmf.dll

[2009/01/06 08:28:48 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\vvrdlmrl.dll

[2009/01/06 08:28:48 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\jlbtzu.dll

[2009/01/02 18:01:07 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/01/02 17:35:18 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\mnhadvdd.ini

[2009/01/02 17:35:14 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\jpenxw.dll

[2008/04/13 10:25:08 | 000,002,740 | ---- | C] () -- C:\WINDOWS\DevMgr.ini

[2008/04/09 20:55:38 | 000,000,261 | ---- | C] () -- C:\WINDOWS\brqikmon.ini

[2008/04/09 20:52:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2008/04/08 21:33:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI

[2008/03/26 18:38:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\76DE36C1C6.sys

[2008/03/26 18:38:04 | 000,003,296 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008/02/23 11:49:12 | 000,054,133 | ---- | C] () -- C:\Program Files\INSTALL.LOG

[2008/02/22 13:09:50 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll

[2008/02/22 13:09:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll

[2008/02/19 22:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/02/19 21:51:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2008/02/19 21:42:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/02/19 21:42:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/02/19 21:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/02/19 21:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/02/19 21:42:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/02/19 21:42:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/02/19 21:37:14 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/02/19 21:37:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2008/02/19 21:36:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2008/02/19 21:36:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2008/02/19 21:34:52 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2008/02/19 21:34:43 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007/08/16 06:28:38 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/08/16 06:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys

[2007/02/09 15:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/11/12 01:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2002/11/20 18:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/09/03 22:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATTToolbar

[2009/01/28 15:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Downloaded Installations

[2008/03/12 09:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

[2010/09/03 22:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo

[2009/04/03 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon

[2008/12/29 10:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar

[2010/09/03 22:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2010/09/03 22:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/01/28 13:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2009/01/29 06:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2008/02/19 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2010/05/01 11:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2010/08/08 09:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/04/04 07:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/09/04 01:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/03/28 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/10 09:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/02/22 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo

[2008/02/22 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Lenovo

[2008/02/22 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pfmsuper\Application Data\Lenovo

[2010/09/06 11:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/09/09 18:11:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2010/05/01 11:25:53 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/09/09 18:00:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\wrjukzfo.job

========== Purity Check ==========

< End of report >

Here is the extras.txt:

OTL Extras logfile created on: 9/9/2010 6:15:41 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 47.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 105.87 Gb Total Space | 69.18 Gb Free Space | 65.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.56% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-8469E8DC

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3041465296-3228054719-89024727-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3

"{0410FF13-188D-4698-9A26-2DC645D56805}" = Symantec Real Time Storage Protection Component

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2b02f820-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks: Simple Start Edition

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon

"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security

"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component

"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security

"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center

"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center

"{9CF7DEC7-D521-46FB-A0BA-032A13FD81AF}" = SmartAudio

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist

"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care

"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{EA5911C2-1FE1-4F3E-805C-AA432A19C6EA}" = PM Agent V1.0.0.8

"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution

"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Amazon Software Downloader" = Amazon Software Downloader

"ATTToolbar" = AT&T Toolbar

"avast!" = avast! Antivirus

"AwayTask" = Maintenance Manager

"BellSouth Application Management" = BellSouth Application Management

"BellsouthHelpCenter4.0b_is1" = FastAccess

Link to post
Share on other sites

Hello again, there is still some active Vundo showing in your logs, so lets get rid of that fast. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

OK, I followed the last instructions, though one thing was different than expected. I had removed Norton/Symantec antivirus, yet ComboFix detected it running. I ran Malwarebytes FileAssassin on the files that said they were locked and could not be deleted (alu...something) and then ran ComboFix.

Here is the log:

ComboFix 10-09-09.04 - Administrator 09/10/2010 21:16:12.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.599 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1201 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\INSTALL.LOG

c:\program files\Shared

c:\program files\Shared\lib.sig

c:\windows\system32\chsmssmf.dll

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\jlbtzu.dll

c:\windows\system32\jpenxw.dll

c:\windows\system32\lkydrn.dll

c:\windows\system32\mnhadvdd.ini

c:\windows\system32\pqdclq.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\rrvbsnpv.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\vvrdlmrl.dll

.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))

.

2010-09-09 22:06 . 2010-09-09 22:06 0 ----a-w- c:\windows\nsreg.dat

2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-09-06 20:12 . 2010-09-06 20:12 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-08-14 02:56 . 2010-08-14 02:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-10 22:36 . 2010-06-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-09-10 22:35 . 2010-06-19 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-09-10 22:12 . 2009-09-19 02:29 -------- d-----w- c:\program files\HelpCenterDecomJob

2010-09-06 13:56 . 2008-02-20 01:50 -------- d-----w- c:\program files\PCDR5

2010-09-04 20:30 . 2008-03-26 22:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel

2010-09-04 20:29 . 2008-03-26 22:38 88 --sh--r- c:\windows\system32\76DE36C1C6.sys

2010-09-04 20:29 . 2008-03-26 22:38 3296 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-09-04 05:32 . 2008-02-20 01:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-04 05:32 . 2008-03-12 13:25 -------- d-----w- c:\program files\Amazon

2010-09-04 05:32 . 2008-10-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2010-09-04 05:32 . 2008-03-12 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-09-04 03:27 . 2008-02-20 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-09-04 02:59 . 2008-02-20 02:05 79688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-04 02:47 . 2008-02-20 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lenovo

2010-09-04 02:45 . 2008-03-12 13:48 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-09-04 02:45 . 2008-02-20 01:44 -------- d-----w- c:\program files\Lenovo Fingerprint Software

2010-09-04 02:38 . 2008-02-22 16:35 -------- d-----w- c:\program files\Windows Live Toolbar

2010-09-04 02:38 . 2008-02-20 01:28 -------- d-----w- c:\program files\Windows Media Connect 2

2010-09-04 02:37 . 2008-11-09 19:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-04 02:37 . 2008-10-08 00:19 -------- d-----w- c:\program files\QuickTime

2010-09-04 02:37 . 2008-02-20 01:51 -------- d-----w- c:\program files\Picasa2

2010-09-04 02:37 . 2008-02-20 01:44 -------- d-----w- c:\program files\PM Agent

2010-09-04 02:37 . 2008-02-20 02:02 -------- d-----w- c:\program files\Microsoft Works

2010-09-04 02:36 . 2008-02-20 01:34 -------- d-----w- c:\program files\Lenovo

2010-09-04 02:36 . 2008-10-09 01:15 -------- d-----w- c:\program files\iTunes

2010-09-04 02:35 . 2008-02-20 01:44 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-09-04 02:35 . 2008-02-22 17:09 -------- d-----w- c:\program files\Common Files\Motive

2010-09-04 02:35 . 2008-02-20 01:43 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-09-04 02:35 . 2008-02-20 01:40 -------- d-----w- c:\program files\Common Files\Lenovo

2010-09-04 02:35 . 2008-10-08 00:19 -------- d-----w- c:\program files\Bonjour

2010-09-04 02:35 . 2008-03-12 13:13 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0

2010-09-04 02:35 . 2008-02-23 15:48 -------- d-----w- c:\program files\BellSouth Application Management

2010-09-04 02:35 . 2008-02-23 15:48 -------- d-----w- c:\program files\BellSouth

2010-09-04 02:35 . 2008-10-06 22:09 -------- d-----w- c:\program files\ATT

2010-09-04 02:35 . 2008-06-23 01:12 -------- d-----w- c:\program files\ATTToolbar

2010-09-04 02:35 . 2008-10-08 00:18 -------- d-----w- c:\program files\Apple Software Update

2010-09-04 02:34 . 2008-02-23 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MotiveSysIDs

2010-09-04 02:34 . 2008-02-20 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland

2010-09-04 02:34 . 2008-06-23 01:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATTToolbar

2010-09-04 02:34 . 2008-03-12 13:49 -------- d-----w- c:\program files\Symantec

2010-09-04 02:33 . 2009-01-23 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-04 02:33 . 2008-11-09 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-04 02:33 . 2008-02-20 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo

2010-08-08 13:38 . 2010-06-19 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft

2010-07-28 12:53 . 2010-04-04 12:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2010-07-28 12:42 . 2010-04-04 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM

2010-07-21 11:46 . 2009-01-28 16:33 -------- d-----w- c:\program files\Lavasoft

2010-07-11 01:34 . 2010-06-20 02:23 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe

2010-06-21 01:41 . 2009-01-27 12:49 94208 ----a-w- c:\windows\DUMPbb70.tmp

2010-06-15 00:23 . 2010-06-16 02:07 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Download"="c:\program files\HelpCenterDecomJob\ssGet.exe" [2009-07-20 917504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 851968]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]

"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-26 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-26 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-26 138008]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]

"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-04 2630968]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]

"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-29 198184]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2010-5-20 431608]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]

GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2010-5-20 431608]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-3-12 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2007-05-31 21:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/23/2009 1:02 PM 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2009 1:02 PM 20560]

R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [7/20/2007 3:52 AM 54832]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 5:11 PM 569344]

R2 WisFnCtrlSvc;WisFnCtrlSvc;c:\program files\PM Agent\WisFnCtrlSvc.exe [2/19/2008 9:44 PM 28672]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/11/2008 7:10 PM 109616]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [6/22/2007 3:45 PM 106496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]

2010-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2007-08-22 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.att.net/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: meadwestvaco.com\dommlp10

Trusted Zone: turbotax.com

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w8pdw9ay.default\

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{505ABA1C-B86F-4636-BC2D-DCB24460A0BA} - (no file)

BHO-{A312852C-D85D-47E7-BCF9-90D229AF126C} - (no file)

BHO-{CB98918A-359D-4A77-9498-6AAC27C0266F} - (no file)

HKLM-Run-osCheck - c:\program files\Norton Internet Security\osCheck.exe

HKU-Default-Run-msiexec.exe - msiconf.exe

Notify-ACNotify - ACNotify.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-10 21:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3041465296-3228054719-89024727-500\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1544)

c:\windows\system32\ATGinaHook.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(3140)

c:\windows\system32\btmmhook.dll

c:\windows\system32\browselc.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\brss01a.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\PSIService.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\windows\system32\wdfmgr.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2010-09-10 21:27:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-11 01:27

Pre-Run: 74,522,775,552 bytes free

Post-Run: 74,467,127,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3D395B2DDCF08A3055645AECB1C31464

After ComboFix rebooted and finished running, Malwarebytes no longer found the infected files. Please let me know whether you think the Vundo is gone. I can run the other diagnostic logs if needed. Thanks so much for all the help so far.

There are still a few problems with the wireless network utility being ready to go when the computer starts up, but if the malware is gone, I think I can redo the settings to cure this. If the malware is still resetting on startup, then not so much.

Thanks

abhsc

Link to post
Share on other sites

Hi, all vundo seems gone. ;)

Since Norton doesn't seem uninstalled completely, please run the uninstaller utility. After that an online scan and some windows updating to make sure your computer is protected and patched. When done, let me know if you still have the Wireless problems.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      UPDATE XP
      --------------
      Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.
      For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".
      Then go here to check for & install updates to Microsoft applications.
      Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
      Please reboot and repeat the update process until there are no more updates to install.
Link to post
Share on other sites

Elise,

I ran ESET and here is the log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\chsmssmf.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\jlbtzu.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\jpenxw.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\lkydrn.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\mnhadvdd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\pqdclq.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\rrvbsnpv.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\vvrdlmrl.dll.vir Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104279.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104280.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104281.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104282.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104283.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104284.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104286.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP148\A0104287.dll Win32/Adware.SuperJuan application cleaned by deleting - quarantined

I also ran the Microsoft updates per your instructions and installed many updates. However, there were several that failed during installation. Since this took over 5 hours and most did install fine, I am not sure how to proceed. The error messages were not listed in the Microsoft support material.

I was able to remove Norton using your instructions. I also did something similar to remove the vestiges of avast that would not run, but could not be deleted. I had to download IE8 to do the Microsoft Update download, so I now have both browser options.

Thank you so much for all of the help. I am disturbed by the appearance of the Virtumonde adware above, hopefully it is not a significant issue. Please let me know what other actions you would advise.

Thanks very much.

abhsc

Link to post
Share on other sites

Hello again,

All vundo found was either in System restore or Combofix quarantine, so nothing to worry about. ;)

Please rerun the update-process and let me know if there still were failing updates.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean ;)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete Rootkit Unhooker and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

I still cannot get all of the updates to install. Most install, but the latest failures are:

Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924)

Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

The first above was a new update that was needed after I downloaded the free version of avast that installed this program. The other has failed multiple update attempts, though other updates in the same download succeeded.

I have removed the software downloaded during the cleaning process and everything still scans as not infected.

Thanks very much for all of the help. If there is still a problem with the two updates failing, let me know.

Link to post
Share on other sites

Here is the windowsupdate.log for the last two times I tried to update:

2010-09-19 14:25:32:218 720 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 14:25:32:218 720 a38 DnldMgr *********

2010-09-19 14:25:32:234 720 a38 DnldMgr * Call ID = {E9EE930B-3617-4D39-BDE6-F557AA13811C}

2010-09-19 14:25:32:234 720 a38 DnldMgr * Priority = 1, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}

2010-09-19 14:25:32:234 720 a38 DnldMgr * Updates to download = 1

2010-09-19 14:25:32:234 720 a38 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 14:25:32:234 720 a38 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 14:25:32:234 720 a38 Agent * Bundles 1 updates:

2010-09-19 14:25:32:234 720 a38 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 14:25:32:234 720 a38 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********

2010-09-19 14:25:32:234 720 a38 DnldMgr * Regulation call complete. 0x00000000

2010-09-19 14:25:32:250 720 a38 DnldMgr *********** DnldMgr: New download job [updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104] ***********

2010-09-19 14:25:34:031 720 a38 DnldMgr * All files for update were already downloaded and are valid.

2010-09-19 14:25:34:031 720 a38 Agent *********

2010-09-19 14:25:34:031 720 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 14:25:34:031 720 494 AU >>## RESUMED ## AU: Download update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}, succeeded]

2010-09-19 14:25:34:046 720 a38 Agent *************

2010-09-19 14:25:34:046 720 494 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 14:25:34:062 720 a38 Report REPORT EVENT: {54B43D5E-6760-4997-891B-7126C24F313E} 2010-09-19 14:25:27:906-0400 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 2 updates.

2010-09-19 14:25:39:078 720 a38 Report REPORT EVENT: {385BB5A1-567B-4964-A3C0-9BD299DF7CC0} 2010-09-19 14:25:34:078-0400 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, September 20, 2010 at 3:00 AM: - Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 14:25:43:093 720 bcc AU Launched new AU client for directive 'Download Progress', session id = 0x0

2010-09-19 14:25:43:234 3744 ea4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 14:25:43:234 3744 ea4 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 14:25:43:234 3744 ea4 AUClnt Launched Client UI process

2010-09-19 14:25:43:453 3744 ea4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 14:25:43:453 3744 ea4 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 14:25:43:453 3744 ea4 Misc = Module: C:\WINDOWS\system32\wucltui.dll

2010-09-19 14:25:43:453 3744 ea4 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 14:25:43:468 3744 ea4 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}

2010-09-19 14:25:55:640 720 b18 DnldMgr BITS job {DEE33AE5-1526-4FB5-A341-0907F127C9BD} completed successfully

2010-09-19 14:25:55:671 720 b18 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\Download\b8a273ccbc567a3e3512a7df3fe01a92\80b879911be205de69d7c59ea97f8169ff7b882e:

2010-09-19 14:25:55:703 720 b18 Misc Microsoft signed: Yes

2010-09-19 14:25:55:703 720 b18 DnldMgr Download job bytes total = 722792, bytes transferred = 722792

2010-09-19 14:25:55:703 720 b18 DnldMgr *********** DnldMgr: New download job [updateId = {71BCD29D-F720-4E9E-966F-DFEB7C907901}.101] ***********

2010-09-19 14:25:55:718 720 b18 DnldMgr * All files for update were already downloaded and are valid.

2010-09-19 14:25:55:718 720 494 AU >>## RESUMED ## AU: Download update [updateId = {65577635-6955-491F-9802-EF40D6816038}, succeeded]

2010-09-19 14:25:55:734 720 494 AU #########

2010-09-19 14:25:55:734 720 494 AU ## END ## AU: Download updates

2010-09-19 14:25:55:734 720 494 AU #############

2010-09-19 14:25:55:734 720 494 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 14:25:55:734 720 494 AU AU setting pending client directive to 'Install Approval'

2010-09-19 14:25:55:734 720 494 AU Changing existing AU client directive from 'Download Progress' to 'Install Approval', session id = 0x0

2010-09-19 14:25:55:765 3744 ea4 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 14:25:55:828 3744 ea4 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}

2010-09-19 14:26:00:734 720 a38 Report REPORT EVENT: {2BD8EC2E-CB38-4CBA-9511-FA7251EBB75A} 2010-09-19 14:25:55:734-0400 1 162 101 {65577635-6955-491F-9802-EF40D6816038} 101 0 AutomaticUpdates Success Content Download Download succeeded.

2010-09-19 14:26:00:734 720 a38 Report REPORT EVENT: {7E36A150-CB85-45B3-A83D-050AC23CE5EC} 2010-09-19 14:25:55:734-0400 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, September 20, 2010 at 3:00 AM: - Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) - Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:23:23:546 720 e04 AU AU received install approval from client for 2 updates

2010-09-19 15:23:23:546 720 e04 AU #############

2010-09-19 15:23:23:546 720 e04 AU ## START ## AU: Install updates

2010-09-19 15:23:23:546 720 e04 AU #########

2010-09-19 15:23:23:562 720 e04 AU # Initiating manual install

2010-09-19 15:23:23:562 720 e04 AU # Approved updates = 2

2010-09-19 15:23:23:671 720 e04 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {5996930B-B844-444F-9258-C6DACEA3C236}]

2010-09-19 15:23:23:687 720 480 Agent *************

2010-09-19 15:23:23:687 720 480 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:23:23:687 720 480 Agent *********

2010-09-19 15:23:23:687 720 480 Agent * Updates to install = 2

2010-09-19 15:23:25:046 720 480 Agent * Title = Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924)

2010-09-19 15:23:25:046 720 480 Agent * UpdateId = {65577635-6955-491F-9802-EF40D6816038}.101

2010-09-19 15:23:25:046 720 480 Agent * Bundles 1 updates:

2010-09-19 15:23:25:046 720 480 Agent * {71BCD29D-F720-4E9E-966F-DFEB7C907901}.101

2010-09-19 15:23:25:046 720 480 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:23:25:046 720 480 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 15:23:25:046 720 480 Agent * Bundles 1 updates:

2010-09-19 15:23:25:046 720 480 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 15:23:30:953 720 480 Handler Attempting to create remote handler process as LENOVO-8469E8DC\Administrator in session 0

2010-09-19 15:23:31:296 720 e54 AU >>## RESUMED ## AU: Installing update [updateId = {65577635-6955-491F-9802-EF40D6816038}]

2010-09-19 15:23:31:296 720 e54 AU # WARNING: Install failed, error = 0x80240017 / 0x00000000

2010-09-19 15:23:31:312 720 480 DnldMgr Preparing update for install, updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104.

2010-09-19 15:23:34:734 3484 6d4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:23:34:734 3484 6d4 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:23:34:734 3484 6d4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 15:23:34:734 3484 6d4 Handler :::::::::::::

2010-09-19 15:23:34:734 3484 6d4 Handler :: START :: Handler: Command Line Install

2010-09-19 15:23:34:734 3484 6d4 Handler :::::::::

2010-09-19 15:23:34:734 3484 6d4 Handler : Updates to install = 1

2010-09-19 15:26:32:937 3484 6d4 Handler : WARNING: Command line install completed. Return code = 0x00002b2f, Result = Failed, Reboot required = false

2010-09-19 15:26:32:937 3484 6d4 Handler : WARNING: Exit code = 0x8024200B

2010-09-19 15:26:32:937 720 e54 AU >>## RESUMED ## AU: Installing update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}]

2010-09-19 15:26:32:937 3484 6d4 Handler :::::::::

2010-09-19 15:26:32:937 720 e54 AU # WARNING: Install failed, error = 0x80070643 / 0x00002B2F

2010-09-19 15:26:32:937 3484 6d4 Handler :: END :: Handler: Command Line Install

2010-09-19 15:26:32:937 3484 6d4 Handler :::::::::::::

2010-09-19 15:26:33:328 720 480 Agent *********

2010-09-19 15:26:33:328 720 e54 AU Install call completed.

2010-09-19 15:26:33:328 720 e54 AU # WARNING: Install call completed, reboot required = No, error = 0x00000000

2010-09-19 15:26:33:328 720 480 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:26:33:328 720 e54 AU #########

2010-09-19 15:26:33:343 720 480 Agent *************

2010-09-19 15:26:33:343 720 e54 AU ## END ## AU: Installing updates [CallId = {5996930B-B844-444F-9258-C6DACEA3C236}]

2010-09-19 15:26:33:343 720 e54 AU #############

2010-09-19 15:26:33:343 720 e54 AU Install complete for all calls, reboot NOT needed

2010-09-19 15:26:33:343 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:26:37:937 720 15f0 Report REPORT EVENT: {6FBD8577-AAA2-40AF-B77F-FA609592C412} 2010-09-19 15:26:32:937-0400 1 182 101 {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE} 104 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).

2010-09-19 15:32:04:062 720 570 AU Triggering Offline detection (non-interactive)

2010-09-19 15:32:05:187 720 bcc AU #############

2010-09-19 15:32:05:187 720 bcc AU ## START ## AU: Search for updates

2010-09-19 15:32:05:187 720 bcc AU #########

2010-09-19 15:32:05:203 720 bcc AU <<## SUBMITTED ## AU: Search for updates [CallId = {D544F5AB-BFF4-4139-A051-767AC6BECED0}]

2010-09-19 15:32:05:218 720 15f0 Agent *************

2010-09-19 15:32:05:218 720 15f0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 15:32:05:218 720 15f0 Agent *********

2010-09-19 15:32:05:218 720 15f0 Agent * Online = No; Ignore download priority = No

2010-09-19 15:32:05:218 720 15f0 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

2010-09-19 15:32:05:218 720 15f0 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service

2010-09-19 15:32:05:218 720 15f0 Agent * Search Scope = {Machine}

2010-09-19 15:32:05:218 3744 ea4 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 15:32:05:296 720 bcc AU AU received handle event

2010-09-19 15:34:50:640 720 15f0 Agent Update {32CB94A3-B1EF-40DE-86A8-8FBF053D800E}.100 is pruned out due to potential supersedence

2010-09-19 15:34:50:640 720 15f0 Agent * Added update {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104 to search result

2010-09-19 15:34:50:640 720 15f0 Agent * Found 1 updates and 61 categories in search; evaluated appl. rules of 1016 out of 2156 deployed entities

2010-09-19 15:34:50:750 720 15f0 Agent *********

2010-09-19 15:34:50:750 720 15f0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 15:34:50:750 720 15f0 Agent *************

2010-09-19 15:34:50:781 720 e54 AU >>## RESUMED ## AU: Search for updates [CallId = {D544F5AB-BFF4-4139-A051-767AC6BECED0}]

2010-09-19 15:34:50:781 720 e54 AU # 1 updates detected

2010-09-19 15:34:50:796 720 e54 AU #########

2010-09-19 15:34:50:796 720 e54 AU ## END ## AU: Search for updates [CallId = {D544F5AB-BFF4-4139-A051-767AC6BECED0}]

2010-09-19 15:34:50:796 720 e54 AU #############

2010-09-19 15:34:50:796 720 e54 AU Featured notifications is disabled.

2010-09-19 15:34:50:796 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:34:50:796 720 e54 AU Auto-approving update for download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0

2010-09-19 15:34:50:796 720 e54 AU Auto-approved 1 update(s) for download (NOT for Ux)

2010-09-19 15:34:50:796 720 e54 AU #############

2010-09-19 15:34:50:796 720 e54 AU ## START ## AU: Download updates

2010-09-19 15:34:50:796 720 e54 AU #########

2010-09-19 15:34:50:796 720 e54 AU # Approved updates = 1

2010-09-19 15:34:50:812 720 e54 AU AU initiated download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, callId = {2AF6865E-0B0E-4213-A549-50ECC1F80DF5}

2010-09-19 15:34:50:812 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:34:50:812 720 e54 AU AU setting pending client directive to 'Download Progress'

2010-09-19 15:34:50:890 720 e54 AU # Pending download calls = 1

2010-09-19 15:34:50:890 720 e54 AU <<## SUBMITTED ## AU: Download updates

2010-09-19 15:34:51:250 720 15f0 DnldMgr *************

2010-09-19 15:34:51:250 720 15f0 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 15:34:51:250 720 15f0 DnldMgr *********

2010-09-19 15:34:51:250 720 15f0 DnldMgr * Call ID = {2AF6865E-0B0E-4213-A549-50ECC1F80DF5}

2010-09-19 15:34:51:250 720 15f0 DnldMgr * Priority = 1, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}

2010-09-19 15:34:51:250 720 15f0 DnldMgr * Updates to download = 1

2010-09-19 15:34:51:250 720 15f0 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:34:51:250 720 15f0 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 15:34:51:265 720 15f0 Agent * Bundles 1 updates:

2010-09-19 15:34:51:265 720 15f0 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 15:34:51:265 720 15f0 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********

2010-09-19 15:34:51:265 720 15f0 DnldMgr Contacting regulation server for 1 updates.

2010-09-19 15:34:51:296 720 15f0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:

2010-09-19 15:34:51:421 720 15f0 Misc Microsoft signed: Yes

2010-09-19 15:34:51:437 720 15f0 PT URL for regulation server found in server config.

2010-09-19 15:34:51:437 720 15f0 DnldMgr Regulation server path: https://www.update.microsoft.com/v6/UpdateR...Regulation.asmx.

2010-09-19 15:34:54:156 720 15f0 DnldMgr * Regulation call complete. 0x00000000

2010-09-19 15:34:54:171 720 15f0 DnldMgr *********** DnldMgr: New download job [updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104] ***********

2010-09-19 15:35:18:921 720 15f0 DnldMgr * All files for update were already downloaded and are valid.

2010-09-19 15:35:18:937 720 15f0 Agent *********

2010-09-19 15:35:18:937 720 15f0 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 15:35:18:937 720 15f0 Agent *************

2010-09-19 15:35:19:171 720 bcc AU Launched new AU client for directive 'Download Progress', session id = 0x0

2010-09-19 15:35:19:171 720 e54 AU >>## RESUMED ## AU: Download update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}, succeeded]

2010-09-19 15:35:19:171 720 e54 AU #########

2010-09-19 15:35:19:171 720 e54 AU ## END ## AU: Download updates

2010-09-19 15:35:19:171 720 e54 AU #############

2010-09-19 15:35:19:171 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:35:19:171 720 e54 AU AU setting pending client directive to 'Install Approval'

2010-09-19 15:35:19:187 720 e54 AU Changing existing AU client directive from 'Download Progress' to 'Install Approval', session id = 0x0

2010-09-19 15:35:20:937 4088 820 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:35:20:937 4088 820 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:35:20:937 4088 820 AUClnt Launched Client UI process

2010-09-19 15:35:24:171 720 15f0 Report REPORT EVENT: {43E3FD1F-84B4-46F3-ADC1-830CB3CD7B37} 2010-09-19 15:35:19:171-0400 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, September 20, 2010 at 3:00 AM: - Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:35:34:125 4088 820 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:35:34:125 4088 820 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:35:34:125 4088 820 Misc = Module: C:\WINDOWS\system32\wucltui.dll

2010-09-19 15:35:34:109 4088 820 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 15:35:34:171 4088 820 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}

2010-09-19 15:39:10:078 720 9c AU AU received install approval from client for 1 updates

2010-09-19 15:39:10:078 720 9c AU #############

2010-09-19 15:39:10:078 720 9c AU ## START ## AU: Install updates

2010-09-19 15:39:10:078 720 9c AU #########

2010-09-19 15:39:10:078 720 9c AU # Initiating manual install

2010-09-19 15:39:10:078 720 9c AU # Approved updates = 1

2010-09-19 15:39:10:093 720 480 Agent *************

2010-09-19 15:39:10:093 720 9c AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {F2BAC7BB-829B-44C7-BA70-0978BD3C090D}]

2010-09-19 15:39:10:093 720 480 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:39:10:093 720 480 Agent *********

2010-09-19 15:39:10:093 720 480 Agent * Updates to install = 1

2010-09-19 15:39:10:109 720 480 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:39:10:109 720 480 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 15:39:10:109 720 480 Agent * Bundles 1 updates:

2010-09-19 15:39:10:109 720 480 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 15:39:13:843 720 480 Handler Attempting to create remote handler process as LENOVO-8469E8DC\Administrator in session 0

2010-09-19 15:39:14:437 720 480 DnldMgr Preparing update for install, updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104.

2010-09-19 15:39:19:578 5948 190 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:39:19:578 5948 190 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:39:19:578 5948 190 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 15:39:19:578 5948 190 Handler :::::::::::::

2010-09-19 15:39:19:578 5948 190 Handler :: START :: Handler: Command Line Install

2010-09-19 15:39:19:578 5948 190 Handler :::::::::

2010-09-19 15:39:19:578 5948 190 Handler : Updates to install = 1

2010-09-19 15:42:05:468 5948 190 Handler : WARNING: Command line install completed. Return code = 0x00002b2f, Result = Failed, Reboot required = false

2010-09-19 15:42:05:484 720 e54 AU >>## RESUMED ## AU: Installing update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}]

2010-09-19 15:42:05:484 5948 190 Handler : WARNING: Exit code = 0x8024200B

2010-09-19 15:42:05:484 720 e54 AU # WARNING: Install failed, error = 0x80070643 / 0x00002B2F

2010-09-19 15:42:05:484 5948 190 Handler :::::::::

2010-09-19 15:42:05:484 5948 190 Handler :: END :: Handler: Command Line Install

2010-09-19 15:42:05:484 5948 190 Handler :::::::::::::

2010-09-19 15:42:05:609 720 480 Agent *********

2010-09-19 15:42:05:609 720 e54 AU Install call completed.

2010-09-19 15:42:05:609 720 e54 AU # WARNING: Install call completed, reboot required = No, error = 0x00000000

2010-09-19 15:42:05:625 720 e54 AU #########

2010-09-19 15:42:05:609 720 480 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:42:05:625 720 e54 AU ## END ## AU: Installing updates [CallId = {F2BAC7BB-829B-44C7-BA70-0978BD3C090D}]

2010-09-19 15:42:05:625 720 480 Agent *************

2010-09-19 15:42:05:625 720 e54 AU #############

2010-09-19 15:42:05:625 720 e54 AU Install complete for all calls, reboot NOT needed

2010-09-19 15:42:05:625 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:42:10:375 720 10ec AU Triggering Offline detection (non-interactive)

2010-09-19 15:42:10:437 720 bcc AU #############

2010-09-19 15:42:10:437 720 bcc AU ## START ## AU: Search for updates

2010-09-19 15:42:10:437 720 bcc AU #########

2010-09-19 15:42:10:437 720 bcc AU <<## SUBMITTED ## AU: Search for updates [CallId = {D4DF07F3-7BAC-48BE-92CB-A362995CB724}]

2010-09-19 15:42:10:437 720 15f0 Agent *************

2010-09-19 15:42:10:453 720 15f0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 15:42:10:453 720 15f0 Agent *********

2010-09-19 15:42:10:453 720 15f0 Agent * Online = No; Ignore download priority = No

2010-09-19 15:42:10:453 720 15f0 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

2010-09-19 15:42:10:453 720 15f0 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service

2010-09-19 15:42:10:453 720 15f0 Agent * Search Scope = {Machine}

2010-09-19 15:42:10:453 4088 820 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 15:42:10:578 720 bcc AU AU received handle event

2010-09-19 15:42:46:906 720 15f0 Agent Update {32CB94A3-B1EF-40DE-86A8-8FBF053D800E}.100 is pruned out due to potential supersedence

2010-09-19 15:42:46:906 720 15f0 Agent * Added update {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104 to search result

2010-09-19 15:42:46:906 720 15f0 Agent * Found 1 updates and 61 categories in search; evaluated appl. rules of 1016 out of 2156 deployed entities

2010-09-19 15:42:46:937 720 15f0 Agent *********

2010-09-19 15:42:46:937 720 15f0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 15:42:46:937 720 15f0 Agent *************

2010-09-19 15:42:46:953 720 e54 AU >>## RESUMED ## AU: Search for updates [CallId = {D4DF07F3-7BAC-48BE-92CB-A362995CB724}]

2010-09-19 15:42:46:953 720 e54 AU # 1 updates detected

2010-09-19 15:42:46:953 720 15f0 Report REPORT EVENT: {BFA7124F-C2B9-4317-AF26-B5355B5C5ECB} 2010-09-19 15:42:05:515-0400 1 182 101 {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE} 104 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).

2010-09-19 15:42:46:953 720 e54 AU #########

2010-09-19 15:42:46:953 720 e54 AU ## END ## AU: Search for updates [CallId = {D4DF07F3-7BAC-48BE-92CB-A362995CB724}]

2010-09-19 15:42:46:953 720 e54 AU #############

2010-09-19 15:42:46:953 720 e54 AU Featured notifications is disabled.

2010-09-19 15:42:46:953 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:42:46:953 720 e54 AU Auto-approving update for download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0

2010-09-19 15:42:46:953 720 e54 AU Auto-approved 1 update(s) for download (NOT for Ux)

2010-09-19 15:42:46:953 720 e54 AU #############

2010-09-19 15:42:46:953 720 e54 AU ## START ## AU: Download updates

2010-09-19 15:42:46:953 720 e54 AU #########

2010-09-19 15:42:46:953 720 e54 AU # Approved updates = 1

2010-09-19 15:42:46:968 720 e54 AU AU initiated download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, callId = {4BDD761B-C863-4B84-96EE-160738229502}

2010-09-19 15:42:46:968 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:42:46:968 720 e54 AU AU setting pending client directive to 'Download Progress'

2010-09-19 15:42:47:015 720 e54 AU # Pending download calls = 1

2010-09-19 15:42:47:015 720 e54 AU <<## SUBMITTED ## AU: Download updates

2010-09-19 15:42:47:093 720 15f0 DnldMgr *************

2010-09-19 15:42:47:093 720 15f0 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 15:42:47:109 720 15f0 DnldMgr *********

2010-09-19 15:42:47:109 720 15f0 DnldMgr * Call ID = {4BDD761B-C863-4B84-96EE-160738229502}

2010-09-19 15:42:47:109 720 15f0 DnldMgr * Priority = 1, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}

2010-09-19 15:42:47:109 720 15f0 DnldMgr * Updates to download = 1

2010-09-19 15:42:47:109 720 15f0 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:42:47:109 720 15f0 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 15:42:47:109 720 15f0 Agent * Bundles 1 updates:

2010-09-19 15:42:47:109 720 15f0 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 15:42:47:109 720 15f0 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********

2010-09-19 15:42:47:109 720 15f0 DnldMgr Contacting regulation server for 1 updates.

2010-09-19 15:42:47:156 720 15f0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:

2010-09-19 15:42:47:171 720 15f0 Misc Microsoft signed: Yes

2010-09-19 15:42:47:187 720 15f0 PT URL for regulation server found in server config.

2010-09-19 15:42:47:187 720 15f0 DnldMgr Regulation server path: https://www.update.microsoft.com/v6/UpdateR...Regulation.asmx.

2010-09-19 15:42:47:468 720 15f0 DnldMgr * Regulation call complete. 0x00000000

2010-09-19 15:42:47:468 720 15f0 DnldMgr *********** DnldMgr: New download job [updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104] ***********

2010-09-19 15:42:49:125 720 15f0 DnldMgr * All files for update were already downloaded and are valid.

2010-09-19 15:42:49:140 720 e54 AU >>## RESUMED ## AU: Download update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}, succeeded]

2010-09-19 15:42:49:140 720 15f0 Agent *********

2010-09-19 15:42:49:140 720 15f0 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 15:42:49:140 720 e54 AU #########

2010-09-19 15:42:49:140 720 15f0 Agent *************

2010-09-19 15:42:49:140 720 e54 AU ## END ## AU: Download updates

2010-09-19 15:42:49:140 720 e54 AU #############

2010-09-19 15:42:49:140 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:42:49:140 720 e54 AU AU setting pending client directive to 'Install Approval'

2010-09-19 15:42:54:140 720 15f0 Report REPORT EVENT: {6B39D289-0A2D-4E52-968A-F2743F7615E7} 2010-09-19 15:42:49:140-0400 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, September 20, 2010 at 3:00 AM: - Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:43:02:093 720 bcc AU Launched new AU client for directive 'Install Approval', session id = 0x0

2010-09-19 15:43:02:531 5276 14a0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:43:02:531 5276 14a0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:43:02:515 5276 14a0 AUClnt Launched Client UI process

2010-09-19 15:43:03:609 5276 14a0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:43:03:609 5276 14a0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:43:03:609 5276 14a0 Misc = Module: C:\WINDOWS\system32\wucltui.dll

2010-09-19 15:43:03:609 5276 14a0 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 15:43:03:671 5276 14a0 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}

2010-09-19 15:51:21:015 720 1670 AU AU found 1 updates for install at shutdown

2010-09-19 15:51:21:015 2004 708 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:51:21:031 2004 708 Misc = Process: C:\WINDOWS\Explorer.EXE

2010-09-19 15:51:21:031 2004 708 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 15:51:21:015 2004 708 Shutdwn Install at shutdown: found updates to install

2010-09-19 15:51:47:109 720 bcc AU AU received handle event

2010-09-19 15:51:47:125 720 bcc AU AU setting pending client directive to 'Install Approval'

2010-09-19 15:51:57:796 720 116c AU AU found 1 updates to install at shutdown.

2010-09-19 15:51:57:812 720 116c AU #############

2010-09-19 15:51:57:812 720 116c AU ## START ## AU: Install updates

2010-09-19 15:51:57:812 720 116c AU #########

2010-09-19 15:51:57:812 720 116c AU # Initiating install at shutdown

2010-09-19 15:51:57:812 720 116c AU # Approved updates = 1

2010-09-19 15:51:57:890 720 116c AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {0A592D7D-D3A6-4DFE-AF7B-15335130CD52}]

2010-09-19 15:51:57:890 720 480 Agent *************

2010-09-19 15:51:57:890 720 480 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:51:57:890 720 480 Agent *********

2010-09-19 15:51:57:890 720 480 Agent * Updates to install = 1

2010-09-19 15:51:57:890 280 1350 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:51:57:890 280 1350 Misc = Process: \??\C:\WINDOWS\system32\winlogon.exe

2010-09-19 15:51:57:906 280 1350 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 15:51:57:890 280 1350 Shutdwn WARNING: AU will install 1 updates.

2010-09-19 15:51:58:390 720 480 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 15:51:58:390 720 480 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 15:51:58:390 720 480 Agent * Bundles 1 updates:

2010-09-19 15:51:58:390 720 480 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 15:52:02:125 720 bcc AU WARNING: Pending directive, 'Install Approval', is not applicable

2010-09-19 15:52:03:765 720 480 DnldMgr Preparing update for install, updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104.

2010-09-19 15:52:07:218 3420 668 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 15:52:07:218 3420 668 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 15:52:07:218 3420 668 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 15:52:07:218 3420 668 Handler :::::::::::::

2010-09-19 15:52:07:218 3420 668 Handler :: START :: Handler: Command Line Install

2010-09-19 15:52:07:218 3420 668 Handler :::::::::

2010-09-19 15:52:07:218 3420 668 Handler : Updates to install = 1

2010-09-19 15:54:28:328 3420 668 Handler : WARNING: Command line install completed. Return code = 0x00002b2f, Result = Failed, Reboot required = false

2010-09-19 15:54:28:328 720 e54 AU >>## RESUMED ## AU: Installing update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}]

2010-09-19 15:54:28:328 3420 668 Handler : WARNING: Exit code = 0x8024200B

2010-09-19 15:54:28:328 720 e54 AU # WARNING: Install failed, error = 0x80070643 / 0x00002B2F

2010-09-19 15:54:28:328 3420 668 Handler :::::::::

2010-09-19 15:54:28:328 3420 668 Handler :: END :: Handler: Command Line Install

2010-09-19 15:54:28:328 3420 668 Handler :::::::::::::

2010-09-19 15:54:29:046 720 480 Report REPORT EVENT: {2EF20493-99A9-4EA0-BDA0-1CEFCB82236F} 2010-09-19 15:54:28:328-0400 1 198 101 {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE} 104 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).

2010-09-19 15:54:29:125 720 480 Agent *********

2010-09-19 15:54:29:125 720 480 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 15:54:29:125 720 480 Agent *************

2010-09-19 15:54:29:125 720 e54 AU Install call completed.

2010-09-19 15:54:29:125 720 e54 AU # WARNING: Install call completed, reboot required = No, error = 0x00000000

2010-09-19 15:54:29:125 720 e54 AU #########

2010-09-19 15:54:29:125 720 e54 AU ## END ## AU: Installing updates [CallId = {0A592D7D-D3A6-4DFE-AF7B-15335130CD52}]

2010-09-19 15:54:29:125 720 e54 AU #############

2010-09-19 15:54:29:140 720 e54 AU Install complete for all calls, reboot NOT needed

2010-09-19 15:54:29:140 720 e54 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 15:54:29:140 720 e54 AU InstallAtShutdown completed.

2010-09-19 15:54:33:031 280 1350 Shutdwn WARNING: Installation at shutdown completed

2010-09-19 15:54:37:421 720 bcc AU ########### AU: Uninitializing Automatic Updates ###########

2010-09-19 15:54:37:984 720 bcc Service *********

2010-09-19 15:54:37:984 720 bcc Service ** END ** Service: Service exit [Exit code = 0x240001]

2010-09-19 15:54:37:984 720 bcc Service *************

2010-09-19 16:36:04:296 736 f38 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 16:36:04:328 736 f38 Misc = Process: C:\WINDOWS\System32\svchost.exe

2010-09-19 16:36:04:343 736 f38 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 16:36:04:281 736 f38 Service *************

2010-09-19 16:36:04:343 736 f38 Service ** START ** Service: Service startup

2010-09-19 16:36:04:359 736 f38 Service *********

2010-09-19 16:36:04:468 736 f38 Agent * WU client version 7.4.7600.226

2010-09-19 16:36:04:468 736 f38 Agent * Base directory: C:\WINDOWS\SoftwareDistribution

2010-09-19 16:36:04:468 736 f38 Agent * Access type: No proxy

2010-09-19 16:36:04:484 736 f38 Agent * Network state: Connected

2010-09-19 16:37:02:437 736 f38 Agent *********** Agent: Initializing Windows Update Agent ***********

2010-09-19 16:37:02:437 736 f38 Agent *********** Agent: Initializing global settings cache ***********

2010-09-19 16:37:02:437 736 f38 Agent * WSUS server: <NULL>

2010-09-19 16:37:02:437 736 f38 Agent * WSUS status server: <NULL>

2010-09-19 16:37:02:437 736 f38 Agent * Target group: (Unassigned Computers)

2010-09-19 16:37:02:437 736 f38 Agent * Windows Update access disabled: No

2010-09-19 16:37:02:515 736 f38 DnldMgr Download manager restoring 0 downloads

2010-09-19 16:37:02:593 736 f38 AU ########### AU: Initializing Automatic Updates ###########

2010-09-19 16:37:02:609 736 f38 AU AU setting next sqm report timeout to 2010-09-19 20:37:02

2010-09-19 16:37:02:609 736 f38 AU # Approval type: Scheduled (User preference)

2010-09-19 16:37:02:609 736 f38 AU # Scheduled install day/time: Every day at 3:00

2010-09-19 16:37:02:609 736 f38 AU # Auto-install minor updates: Yes (User preference)

2010-09-19 16:37:02:609 736 f38 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 16:37:02:609 736 f38 AU Initializing featured updates

2010-09-19 16:37:02:625 736 f38 AU Found 0 cached featured updates

2010-09-19 16:37:04:421 736 f38 Report *********** Report: Initializing static reporting data ***********

2010-09-19 16:37:04:421 736 f38 Report * OS Version = 5.1.2600.3.0.65792

2010-09-19 16:37:04:546 736 f38 Report * Computer Brand = LENOVO

2010-09-19 16:37:04:562 736 f38 Report * Computer Model = 06872DU

2010-09-19 16:37:04:562 736 f38 Report * Bios Revision = 66ET39WW (1.13 )

2010-09-19 16:37:04:562 736 f38 Report * Bios Name = Ver 1.00PARTTBL

2010-09-19 16:37:04:562 736 f38 Report * Bios Release Date = 2007-10-31T00:00:00

2010-09-19 16:37:04:562 736 f38 Report * Locale ID = 1033

2010-09-19 16:37:04:671 736 f38 AU AU finished delayed initialization

2010-09-19 16:37:04:687 736 f38 AU #############

2010-09-19 16:37:04:687 736 f38 AU ## START ## AU: Search for updates

2010-09-19 16:37:04:687 736 f38 AU #########

2010-09-19 16:37:04:750 736 f38 AU <<## SUBMITTED ## AU: Search for updates [CallId = {C51BBEED-F3A1-4E1A-991A-C77FBE6F3B28}]

2010-09-19 16:37:17:546 736 a00 Report REPORT EVENT: {503A9957-0A65-496A-98A4-1BA4AA75D0CC} 2010-09-19 16:37:02:625-0400 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.

2010-09-19 16:37:17:578 736 a00 Agent *************

2010-09-19 16:37:17:578 736 a00 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 16:37:17:578 736 a00 Agent *********

2010-09-19 16:37:17:593 736 a00 Agent * Online = No; Ignore download priority = No

2010-09-19 16:37:17:593 736 a00 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

2010-09-19 16:37:17:593 736 a00 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service

2010-09-19 16:37:17:593 736 a00 Agent * Search Scope = {Machine}

2010-09-19 16:38:50:468 736 a00 Agent Update {32CB94A3-B1EF-40DE-86A8-8FBF053D800E}.100 is pruned out due to potential supersedence

2010-09-19 16:38:50:468 736 a00 Agent * Added update {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104 to search result

2010-09-19 16:38:50:468 736 a00 Agent * Found 1 updates and 61 categories in search; evaluated appl. rules of 1016 out of 2156 deployed entities

2010-09-19 16:38:50:500 736 a00 Agent *********

2010-09-19 16:38:50:500 736 a00 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 16:38:50:500 736 a00 Agent *************

2010-09-19 16:38:50:546 736 de8 AU >>## RESUMED ## AU: Search for updates [CallId = {C51BBEED-F3A1-4E1A-991A-C77FBE6F3B28}]

2010-09-19 16:38:50:546 736 de8 AU # 1 updates detected

2010-09-19 16:38:50:546 736 de8 AU #########

2010-09-19 16:38:50:546 736 de8 AU ## END ## AU: Search for updates [CallId = {C51BBEED-F3A1-4E1A-991A-C77FBE6F3B28}]

2010-09-19 16:38:50:546 736 de8 AU #############

2010-09-19 16:38:50:546 736 de8 AU Featured notifications is disabled.

2010-09-19 16:38:50:546 736 de8 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 16:38:50:546 736 de8 AU Auto-approving update for download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0

2010-09-19 16:38:50:546 736 de8 AU Auto-approved 1 update(s) for download (NOT for Ux)

2010-09-19 16:38:50:546 736 de8 AU #############

2010-09-19 16:38:50:546 736 de8 AU ## START ## AU: Download updates

2010-09-19 16:38:50:546 736 de8 AU #########

2010-09-19 16:38:50:546 736 de8 AU # Approved updates = 1

2010-09-19 16:38:50:562 736 de8 AU AU initiated download, updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104, callId = {1752ABEE-5710-4FBE-AFB4-C3046D3629C2}

2010-09-19 16:38:50:562 736 de8 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 16:38:50:562 736 de8 AU AU setting pending client directive to 'Download Progress'

2010-09-19 16:38:50:562 736 de8 AU # Pending download calls = 1

2010-09-19 16:38:50:562 736 de8 AU <<## SUBMITTED ## AU: Download updates

2010-09-19 16:38:50:734 736 a00 DnldMgr *************

2010-09-19 16:38:50:734 736 a00 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 16:38:50:734 736 a00 DnldMgr *********

2010-09-19 16:38:50:734 736 a00 DnldMgr * Call ID = {1752ABEE-5710-4FBE-AFB4-C3046D3629C2}

2010-09-19 16:38:50:734 736 a00 DnldMgr * Priority = 1, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}

2010-09-19 16:38:50:734 736 a00 DnldMgr * Updates to download = 1

2010-09-19 16:38:50:734 736 a00 Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 16:38:50:734 736 a00 Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 16:38:50:734 736 a00 Agent * Bundles 1 updates:

2010-09-19 16:38:50:734 736 a00 Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 16:38:50:734 736 a00 DnldMgr *********** DnldMgr: Regulation Refresh [svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********

2010-09-19 16:38:50:734 736 a00 DnldMgr Contacting regulation server for 1 updates.

2010-09-19 16:38:50:812 736 a00 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:

2010-09-19 16:38:50:921 736 a00 Misc Microsoft signed: Yes

2010-09-19 16:38:50:968 736 a00 PT URL for regulation server found in server config.

2010-09-19 16:38:50:968 736 a00 DnldMgr Regulation server path: https://www.update.microsoft.com/v6/UpdateR...Regulation.asmx.

2010-09-19 16:38:53:968 736 a00 DnldMgr * Regulation call complete. 0x00000000

2010-09-19 16:38:53:968 736 a00 DnldMgr *********** DnldMgr: New download job [updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104] ***********

2010-09-19 16:39:04:109 736 a00 DnldMgr * All files for update were already downloaded and are valid.

2010-09-19 16:39:04:140 736 de8 AU >>## RESUMED ## AU: Download update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}, succeeded]

2010-09-19 16:39:04:140 736 de8 AU #########

2010-09-19 16:39:04:140 736 de8 AU ## END ## AU: Download updates

2010-09-19 16:39:04:140 736 de8 AU #############

2010-09-19 16:39:04:140 736 de8 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 16:39:04:140 736 a00 Agent *********

2010-09-19 16:39:04:140 736 a00 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]

2010-09-19 16:39:04:140 736 a00 Agent *************

2010-09-19 16:39:04:156 736 de8 AU AU setting pending client directive to 'Install Approval'

2010-09-19 16:39:05:687 736 f38 AU Launched new AU client for directive 'Install Approval', session id = 0x0

2010-09-19 16:39:08:609 2648 ee0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 16:39:08:609 2648 ee0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 16:39:08:609 2648 ee0 AUClnt Launched Client UI process

2010-09-19 16:39:09:156 736 a00 Report REPORT EVENT: {F8451A5D-61B4-436C-A6EF-348DBA7D39D2} 2010-09-19 16:39:04:156-0400 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, September 20, 2010 at 3:00 AM: - Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 16:39:09:359 2648 ee0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 16:39:09:359 2648 ee0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-09-19 16:39:09:359 2648 ee0 Misc = Module: C:\WINDOWS\system32\wucltui.dll

2010-09-19 16:39:09:359 2648 ee0 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 16:39:10:359 2648 ee0 CltUI AU client creating UI plugin, clsid={3809920F-B9D4-42DA-92E0-E26265E0FB89}

2010-09-19 16:50:40:296 736 2d0 AU AU found 1 updates for install at shutdown

2010-09-19 16:50:40:312 1816 e4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 16:50:40:312 1816 e4 Misc = Process: C:\WINDOWS\Explorer.EXE

2010-09-19 16:50:40:312 1816 e4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 16:50:40:312 1816 e4 Shutdwn Install at shutdown: found updates to install

2010-09-19 16:51:16:656 736 580 AU AU received install approval from client for 1 updates

2010-09-19 16:51:16:671 736 580 AU #############

2010-09-19 16:51:16:671 736 580 AU ## START ## AU: Install updates

2010-09-19 16:51:16:671 736 580 AU #########

2010-09-19 16:51:16:671 736 580 AU # Initiating manual install

2010-09-19 16:51:16:671 736 580 AU # Approved updates = 1

2010-09-19 16:51:16:765 736 580 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {31D31886-A3A9-4D11-871B-1414C30648A5}]

2010-09-19 16:51:16:765 736 35c Agent *************

2010-09-19 16:51:16:765 736 35c Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 16:51:16:765 736 35c Agent *********

2010-09-19 16:51:16:765 736 35c Agent * Updates to install = 1

2010-09-19 16:51:17:203 736 35c Agent * Title = Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)

2010-09-19 16:51:17:203 736 35c Agent * UpdateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}.104

2010-09-19 16:51:17:203 736 35c Agent * Bundles 1 updates:

2010-09-19 16:51:17:203 736 35c Agent * {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104

2010-09-19 16:51:22:359 736 35c Handler Attempting to create remote handler process as LENOVO-8469E8DC\Administrator in session 0

2010-09-19 16:51:22:781 736 35c DnldMgr Preparing update for install, updateId = {86B393EA-BE78-485C-8372-593ED3D4D4D9}.104.

2010-09-19 16:51:27:671 736 de8 AU >>## RESUMED ## AU: Installing update [updateId = {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE}]

2010-09-19 16:51:27:671 736 de8 AU # WARNING: Install aborted, error = 0x8024000B

2010-09-19 16:51:27:750 736 35c Agent * WARNING: Exit code = 0x8024000B

2010-09-19 16:51:27:750 736 de8 AU Install call completed.

2010-09-19 16:51:27:750 736 35c Agent *********

2010-09-19 16:51:27:750 736 35c Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-09-19 16:51:27:750 736 35c Agent *************

2010-09-19 16:51:27:750 736 de8 AU # WARNING: Install call aborted, reboot required = No, error = 0x8024000B

2010-09-19 16:51:27:765 736 de8 AU #########

2010-09-19 16:51:27:750 736 35c Agent WARNING: WU client failed installing updates with error 0x8024000b

2010-09-19 16:51:27:765 736 de8 AU ## END ## AU: Installing updates [CallId = {31D31886-A3A9-4D11-871B-1414C30648A5}]

2010-09-19 16:51:27:765 736 de8 AU #############

2010-09-19 16:51:27:765 736 de8 AU Install complete for all calls, reboot NOT needed

2010-09-19 16:51:27:765 736 de8 AU Setting AU scheduled install time to 2010-09-20 07:00:00

2010-09-19 16:51:32:671 736 a00 Report REPORT EVENT: {556004C0-D79F-44B9-B5CA-BB8E29AFC091} 2010-09-19 16:51:27:671-0400 1 186 101 {1B3C995E-3CD4-4BAE-A262-EEDF57D310EE} 104 8024000b AutomaticUpdates Success Content Install User cancelled the installation.

2010-09-19 16:51:32:718 736 bac AU Triggering Offline detection (non-interactive)

2010-09-19 16:51:32:734 736 f38 AU #############

2010-09-19 16:51:32:734 736 f38 AU ## START ## AU: Search for updates

2010-09-19 16:51:32:750 736 f38 AU #########

2010-09-19 16:51:32:750 736 f38 AU <<## SUBMITTED ## AU: Search for updates [CallId = {6769163C-6F65-47AE-B347-EE3EE39F3D81}]

2010-09-19 16:51:32:750 736 a00 Agent *************

2010-09-19 16:51:32:750 736 a00 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 16:51:32:750 736 a00 Agent *********

2010-09-19 16:51:32:750 736 a00 Agent * Online = No; Ignore download priority = No

2010-09-19 16:51:32:750 736 a00 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

2010-09-19 16:51:32:750 736 a00 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service

2010-09-19 16:51:32:750 736 a00 Agent * Search Scope = {Machine}

2010-09-19 16:51:32:796 2648 ee0 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0x00000000

2010-09-19 16:51:32:843 736 f38 AU AU received handle event

2010-09-19 16:51:41:968 736 580 AU AU found 0 updates for install at shutdown

2010-09-19 16:51:41:984 1816 e4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-19 16:51:41:984 1816 e4 Misc = Process: C:\WINDOWS\Explorer.EXE

2010-09-19 16:51:41:984 1816 e4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-19 16:51:41:984 1816 e4 Shutdwn Install at shutdown: no updates to install

2010-09-19 16:52:22:656 736 f38 AU ########### AU: Uninitializing Automatic Updates ###########

2010-09-19 16:52:36:734 736 a00 Agent * WARNING: Failed to filter search results, error = 0x8024000B

2010-09-19 16:52:36:734 736 a00 Agent *********

2010-09-19 16:52:36:734 736 a00 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-19 16:52:36:734 736 a00 Agent *************

2010-09-19 16:52:36:796 736 f38 Service *********

2010-09-19 16:52:36:796 736 f38 Service ** END ** Service: Service exit [Exit code = 0x240001]

2010-09-19 16:52:36:796 736 f38 Service *************

2010-09-22 17:47:46:562 728 f9c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-09-22 17:47:46:593 728 f9c Misc = Process: C:\WINDOWS\System32\svchost.exe

2010-09-22 17:47:46:593 728 f9c Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-09-22 17:47:46:546 728 f9c Service *************

2010-09-22 17:47:46:593 728 f9c Service ** START ** Service: Service startup

2010-09-22 17:47:46:593 728 f9c Service *********

2010-09-22 17:47:46:781 728 f9c Agent * WU client version 7.4.7600.226

2010-09-22 17:47:46:796 728 f9c Agent * Base directory: C:\WINDOWS\SoftwareDistribution

2010-09-22 17:47:46:796 728 f9c Agent * Access type: No proxy

2010-09-22 17:47:46:796 728 f9c Agent * Network state: Connected

2010-09-22 17:48:36:265 728 f9c Agent *********** Agent: Initializing Windows Update Agent ***********

2010-09-22 17:48:36:312 728 f9c Agent *********** Agent: Initializing global settings cache ***********

2010-09-22 17:48:36:312 728 f9c Agent * WSUS server: <NULL>

2010-09-22 17:48:36:312 728 f9c Agent * WSUS status server: <NULL>

2010-09-22 17:48:36:312 728 f9c Agent * Target group: (Unassigned Computers)

2010-09-22 17:48:36:312 728 f9c Agent * Windows Update access disabled: No

2010-09-22 17:48:36:625 728 f9c DnldMgr Download manager restoring 0 downloads

2010-09-22 17:48:37:062 728 f9c AU ########### AU: Initializing Automatic Updates ###########

2010-09-22 17:48:37:109 728 f9c AU AU setting next detection timeout to 2010-09-22 21:48:37

2010-09-22 17:48:37:109 728 f9c AU AU setting next sqm report timeout to 2010-09-22 21:48:37

2010-09-22 17:48:37:171 728 f9c AU # Approval type: Scheduled (User preference)

2010-09-22 17:48:37:171 728 f9c AU # Scheduled install day/time: Every day at 3:00

2010-09-22 17:48:37:171 728 f9c AU # Auto-install minor updates: Yes (User preference)

2010-09-22 17:48:37:359 728 f9c AU Initializing featured updates

2010-09-22 17:48:37:421 728 f9c AU Found 0 cached featured updates

2010-09-22 17:48:40:656 728 f9c Report *********** Report: Initializing static reporting data ***********

2010-09-22 17:48:40:656 728 f9c Report * OS Version = 5.1.2600.3.0.65792

2010-09-22 17:48:40:765 728 f9c Report * Computer Brand = LENOVO

2010-09-22 17:48:40:765 728 f9c Report * Computer Model = 06872DU

2010-09-22 17:48:40:812 728 f9c Report * Bios Revision = 66ET39WW (1.13 )

2010-09-22 17:48:40:812 728 f9c Report * Bios Name = Ver 1.00PARTTBL

2010-09-22 17:48:40:890 728 f9c Report * Bios Release Date = 2007-10-31T00:00:00

2010-09-22 17:48:40:890 728 f9c Report * Locale ID = 1033

2010-09-22 17:48:41:578 728 f9c AU AU finished delayed initialization

2010-09-22 17:48:41:687 728 f9c AU #############

2010-09-22 17:48:41:687 728 f9c AU ## START ## AU: Search for updates

2010-09-22 17:48:41:687 728 f9c AU #########

2010-09-22 17:48:41:796 728 f9c AU <<## SUBMITTED ## AU: Search for updates [CallId = {B502003E-47D2-4182-A7D9-167C86D1DDE5}]

2010-09-22 17:48:56:718 728 f9c AU Forced install timer expired for scheduled install

2010-09-22 17:48:56:781 728 f9c AU UpdateDownloadProperties: 0 download(s) are still in progress.

2010-09-22 17:48:56:890 728 f9c AU Setting AU scheduled install time to 2010-09-23 07:00:00

2010-09-22 17:50:12:468 728 d48 Report REPORT EVENT: {D7CF73D7-C13C-4FCD-B77D-C36F89359863} 2010-09-22 17:48:37:421-0400 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.

2010-09-22 17:50:12:500 728 d48 Agent *************

2010-09-22 17:50:12:500 728 d48 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2010-09-22 17:50:12:500 728 d48 Agent *********

2010-09-22 17:50:12:500 728 d48 Agent * Online = No; Ignore download priority = No

2010-09-22 17:50:12:500 728 d48 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

2010-09-22 17:50:12:500 728 d48 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service

2010-09-22 17:50:12:500 728 d48 Agent * Search Scope = {Machine}

I hope all of that helps - thanks again. Sorry to respond so late, I did not receive an update notice for some reason.

Link to post
Share on other sites

Hi again, sometimes the email notifications do not work as they should unfortunately.

I found the following solution for this problem:

Right click My Computer, select Manage, Services and Applications, Services. Now find everything that STARTS WITH "MSSQL" or "SQLAgent" that has a "startup type" of "Disabled" and change their startup type to "Manual".

You will then be able to successfully install the update.

It will require a reboot. After it comes back up you can re-disable the services.

Please let me know if this did the trick and if you have any other problems left.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.