# Unresponsive



## Rena30 (Jan 19, 2013)

Hello, everyone. I need some help figuring out what is going on with my computer. I have an Acer, Windows XP laptop. A few weeks ago Google Chrome browser was constantly sending me a "Unresponsive pages, kill or wait" message. I read around and found out it might have been the AVG tool bar so I got rid of it. It worked better for about a day but now it is acting crazy again. 
Everything will be working fine and then all of the sudden the page I am on will just freeze up! My mouse will move but it will not let me close the window. So I usually have to minimize the window. When I do this everything on my desk top disappears briefly. Then if I try to go back on line it will say unresponsive page and never connect again until I restart my pc. I do not know what to do. Can someone please help me????


----------



## blues_harp28 (Jan 9, 2005)

Hi, does this only happen with Google Chrome - have you tried another browser?
Check and post
*TSG System Information Utility* - found here.
http://library.techguy.org/wiki/TSG_Valuable_links
------
Download Security Check by screen317 
http://screen317.spywareinfoforum.org/
Save it to your Desktop.

Double click the install icon.
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad - and will save a log called checkup.txt.
Post the result of the scan here.


----------



## Rena30 (Jan 19, 2013)

Hi, I did uninstall Google Chrome and went back to IE. It continued for a little bit and the stopped. I thought I had fixed it by getting rid of AVG so I tried Chrome again. It worked well for awhile. Here is a copy:

Results of screen317's Security Check version 0.99.57 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
CCleaner 
Java(TM) 6 Update 37 
*Java version out of Date!* 
Adobe Flash Player 11.5.502.146 
Google Chrome 24.0.1312.52 
Google Chrome searchplugins... 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
CyberDefender SchedulerService SchedulerService.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 17% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## blues_harp28 (Jan 9, 2005)

You have CyberDefender installed it will conflict with Microsoft Security Essentials.
------
Post a Hjt log - to see what is running on your system.
Hijack this 2.04

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* .
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* use the AnalyseThis button, its findings are dangerous if misinterpreted.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also post the uninstall log from Hjt log
Start HiJackThis.
At the bottom right - Other Stuff 
Click on Config > Misc Tools.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.


----------



## Rena30 (Jan 19, 2013)

Thank you here are the list you requested.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:58 PM, on 1/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://tbedits.myfuncards.com/one-t...5F3C-F891-49F9-8E95-BEA5036F1269&n=2012061519
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340400378484
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bprote~1\22463~1.83\protec~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberDefender Scheduling Service (CDScheduler) - CyberDefender Corp. - C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6914 bytes

Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
CyberDefender Framework
File Type Assistant
Free File Viewer 2012
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Info Center 1.0.0.10
Java(TM) 6 Update 37
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office File Validation Add-In
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master 2
PowerDirector Express
PreReq
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
SoftV90 Data Fax Modem with SmartCP
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx PCNow
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Yontoo 1.10.02


----------



## blues_harp28 (Jan 9, 2005)

Uninstall CyberDefender.

Download *MalwareBytes* and *SuperAntiSpyware* to your desktop.
Download the Free versions of both programs.

MalwareBytes

SuperAntiSpyware

Once they are downloaded to your desktop.
Close all open browser windows.

*MalwareBytes*
Click on the Install icon - allow it to update during the install process.
Start Malwarebytes Anti-Malware.
Click on Scanner > then quick scan > then Scan.
Any infections or problems will be highlighted in red.
After the scan is finished - Click - Show Results.
Check that all entries are selected.
Click - Remove Selected.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes again.
Click on the Logs Tab.
Highlight the scan log entry.
Click - Open.
The scan log will appear in Notepad.
Copy and paste it in your next post.

*SuperAntiSpyware*
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.
---------
Download AdwCleaner to your desktop.
Close all open browsers.
Double click the adwcleaner.exe.
Click on Delete - accept any prompts that appear.
It will then restart your Pc - allow it to do.

On restart - a log file will open a notepad window.
Post the logfile in the reply box below.
The logfile is saved in C:\AdwCleaner[R1].txt.

Note.
If using Internet Explorer you may get an alert that stops the program downloading.
Click on Tools > Smartscreen Filter.
Turn off Smartscreen Filter.
Click OK in the box that opens. Then click on the link above again.


----------



## Rena30 (Jan 19, 2013)

I am having a problem with Adwcleaner. It keeps on saying (Not responding). When I go to Adwcleaner I click on delete it then says all programs will have to close in order to continue, close all programs and then click ok. I click on ok. It starts to delete and then eventually says not responding. I am using a Belkin Router, could this be the problem?


----------



## blues_harp28 (Jan 9, 2005)

With Adwcleaner, you need to close all open browser windows.
Leave Adwcleaner for the moment.

Download and install MalwareBytes and SuperAntiSpyware.
Close all browser windows before installing them and then post the log files.


----------



## Rena30 (Jan 19, 2013)

Where can I find the SuperAntispyware Log. When I go to SuperAntispyware and go to the logs there is nothing there. At the bottom it has Save Empty and clean logs checked. Where it it be saved on my pc?


----------



## blues_harp28 (Jan 9, 2005)

Under View Scan logs
Make sure that 'Keep a detailed log of scanning results' is ticked.
It should be ticked by default.
If it is not ticked - put a tick there and run the scan again


Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.


----------



## Rena30 (Jan 19, 2013)

It is ticked. But there is no logs to highlight. Should I run the scan again?


----------



## blues_harp28 (Jan 9, 2005)

Yes scan again but check that 'Save clean/empty log' is also ticked.


----------



## Rena30 (Jan 19, 2013)

Ok, I believe I miss read your last instructions. I tried to run the Adwcleaner again for the 5th time. Below are the Malware and Superantispyware logs along with the first Adwcleaner log the the last the other 3 Adwcleaner logs are the same as the last. It has not completed the scan yet. Keeps (not responding). Also I can not find the log from the first scan that I did with Superantispyware.
Thank you, I do not know much about computers, at all!!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.01

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Coletta Wade :: SARENAH [administrator]

1/19/2013 7:48:09 PM
mbam-log-2013-01-19 (19-48-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222740
Time elapsed: 58 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2013 at 12:59 PM

Application Version : 5.6.1014

Core Rules Database Version : 9898
Trace Rules Database Version: 7710

Scan type : Quick Scan
Total Scan Time : 00:27:06

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 32097
Registry threats detected : 0
File items scanned : 6905
File threats detected : 36

Adware.Tracking Cookie
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\COLETTA WADE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

# AdwCleaner v2.106 - Logfile created 01/19/2013 at 22:32:08
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Coletta Wade - SARENAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Coletta Wade\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\bProtectorForWindows
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Coletta Wade\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Coletta Wade\Application Data\Toolbar4
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 13:16:38
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Coletta Wade - SARENAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Coletta Wade\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\bProtectorForWindows

***** [Registry] *****


----------



## blues_harp28 (Jan 9, 2005)

Right click My Computer > Properties > Automatic Updates.
Tick - *Automatic [recommended]*
Apply > Ok.

You can later - once all updates are installed - choose.
Tick - Notify me but don't automatically download or install them.
--------
When all updates are installed - post a New Hjt log.


----------



## Rena30 (Jan 19, 2013)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:25:35 PM, on 1/20/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://tbedits.myfuncards.com/one-t...5F3C-F891-49F9-8E95-BEA5036F1269&n=2012061519
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340400378484
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bprote~1\22463~1.83\protec~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6817 bytes


----------



## blues_harp28 (Jan 9, 2005)

Have you installed all Windows Updates - see post # 14?
-------
Start Hjt log - click Scan.
Once the page has opened - put a Tick mark against these entries and click *Fix*
Double check that only these entries are ticked.

*R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

O8 - Extra context menu item: &Search - http://tbedits.myfuncards.com/one-toolbaredits/menusearch.jhtml?s=207560036&p=ZU xdm080YYus&si=CNawrNO20bACFQjf4AodvDXtoQ&a=5FFD5F3C-F891-49F9-8E95-BEA5036F1269& n=2012061519*

Close Hjt log.
Restart your Pc.
-------
Check and post
*TSG System Information Utility* - found here.
http://library.techguy.org/wiki/TSG_Valuable_links
-------
Right click My Computer > Properties.
What is listed under the General Tab?
Or post a screenshot.
http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## Rena30 (Jan 19, 2013)

I believe I did install all updates. I did as you said in post 14. It was already ticked but I went ahead and changed my time for my 4:00pm but it never notified me because that option wasn't ticked. Should I continue with your steps from the last post?


----------



## blues_harp28 (Jan 9, 2005)

Yes follow suggestions in post # 16


----------



## Rena30 (Jan 19, 2013)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) M processor 1.50GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 16864 MB, Free - 2892 MB; D: Total - 18119 MB, Free - 17767 MB;
Motherboard: Acer, Garda-910
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

Under General Tab:
System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

Registerd to:
Coletta Wade
76477-OEM-0011903-00100
Acer Inc
Acer System
Intel (R) Celeron (R)M
processor 1.50Ghz
1.50GHz. 1.99GB of RAM
Physical Address Extension


----------



## blues_harp28 (Jan 9, 2005)

Right click My Computer > Open
Right click - Local disk - should be C:
Click Properties.

Tools > Error checking.
Tick both boxes
Click start.
It will say it cannot scan, do you want it to scan at the next start up..
Click Yes - restart Pc.

It will scan the Pc at the next start up - let it scan - it will then boot to your desktop.


----------



## Rena30 (Jan 19, 2013)

Ok I am back?


----------



## blues_harp28 (Jan 9, 2005)

Ok - run system file checker - you will need the install Cd.
http://dwightblackburn.com/winxp/


----------



## Rena30 (Jan 19, 2013)

I do not have an install cd. I bought this computer used.


----------



## blues_harp28 (Jan 9, 2005)

Check Event Viewer.
Start > Run > Type
eventvwr

Check under Applications and System.
For recent *Errors* - not information or warnings.

Double-click each error one at a time - then click on the icon that looks like two pieces of paper. 
These will be saved in the Clipboard.
The Clipboard can be hard to find.

Start > Run > Type
Clipbrd.exe

In Clipboard.
Click on File top toolbar > Save As.
Save to Notepad
Copy and paste the errors into notepad - then paste them here.


----------



## Rena30 (Jan 19, 2013)

How do I save Clipboard to notepad?


----------



## Rena30 (Jan 19, 2013)

I think I got it. Is this it?

PÃ     ù  &Text  ù  &OEM Text  Event Type:	Error
Event Source:	crypt32
Event Category:	None
Event ID:	8
Date: 10/31/2012
Time: 9:25:42 AM
User: N/A
Computer:	SARENAH
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	crypt32
Event Category:	None
Event ID:	8
Date: 10/31/2012
Time: 9:25:42 AM
User: N/A
Computer:	SARENAH
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## blues_harp28 (Jan 9, 2005)

Both Event Viewer Logs are for Date: 10/31/2012 and will not be telling us much.

Your uninstall log from Hjt log are showing
Security Update for Windows Internet Explorer 
But not Windows Xp updates.

Download - WinUpdatesList 
http://www.nirsoft.net/utils/wul.html
Download link at the bottom of the page.
Check that the Windows Update dates are recent.


----------



## Rena30 (Jan 19, 2013)

Which WindowUpdatesList link do I use? Zip file or self-install executable?


----------



## blues_harp28 (Jan 9, 2005)

I have just downloaded the program and it is not showing enough updates.
Instead - post the uninstall list from Hjt log.

Start HiJackThis.
At the bottom right - Other Stuff 
Click on Config > Misc Tools.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.


----------



## Rena30 (Jan 19, 2013)

Ok I also went to Windows updates in my start menu, I ran a check and it said all updates were up to date.

Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
File Type Assistant
Free File Viewer 2012
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Info Center 1.0.0.10
Java(TM) 6 Update 37
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office File Validation Add-In
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master 2
PowerDirector Express
PreReq
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
SoftV90 Data Fax Modem with SmartCP
SUPERAntiSpyware
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx PCNow
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Yontoo 1.10.02


----------



## blues_harp28 (Jan 9, 2005)

Up to date!! - something not right.
It is only showing one Windows Update
*Security Update for Windows XP (KB923789)*
That was for Flash Player
Security Update for Flash Player (KB923789)

Date published:	*5/13/2008*

The rest are for ..
Security Update for Microsoft .NET Framework 3.5 SP1
Security Update for Windows Internet Explorer 7
Security Update for Windows Internet Explorer 8

Try Resetting Windows Update.
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Click on Run Now - in the Fix Box.


----------



## Rena30 (Jan 19, 2013)

Ok I did it. The last 2 days it has been acting even worse, I have to put it in standby several times a day just to get it to go online..


----------



## blues_harp28 (Jan 9, 2005)

Control Panel > Add-Remove programs > Click on show updates.
Are the latest updates listed there?

Try either Firefox or Opera browsers - does the same happen
http://www.mozilla.org/en-US/firefo...rDNHIc3plcSvQSx_ByCacYQ&bvm=bv.41248874,d.d2k

http://www.opera.com/

What is the model number of your Acer laptop?

Run the online scan - if drivers are needed and the Chipset driver is listed - install that first.
Re-start the laptop after each driver is installed.
Intel® Driver Update Utility
http://www.intel.com/p/en_US/support/detect


----------



## Rena30 (Jan 19, 2013)

In the control pannel there is 2 new updates. Windows XP- Software Update and
Security Update for Windows XP (KB923789).
I tried firefox before we started talking and the same problem occurred. 
Model number is MS2180.
Intel couldn't do the check until I downloaded Java Installer.
Here is what it found:
Intel Chipset said, This version is valid. Current installed 6.1.0

Downloaded, Graphic Driver new - 14.25.50.4764 (6.14.10.4764) 

The others had the following message Device unknown or unsupported. Please contact manufacturer for more updates.
I listed for you the names and the current installed.

Audio Driver for Intel Desktop Board - Current - Blank
Wireless Networking (WIFI) Current - 4.0.0.14001
Wired Networking - Current - 5.620.1202.2004


----------



## blues_harp28 (Jan 9, 2005)

Click Start - Run
Type
services.msc

Press Enter.
Double-click on Automatic Updates.
Check Start Up Type is set to Automatic.

If not, set to Automatic
Under Service status - click Start.
Apply - Ok.
Close Services.
Restart your Pc.


----------



## Rena30 (Jan 19, 2013)

It is set to Automatic and service status says started.


----------



## blues_harp28 (Jan 9, 2005)

Download and install the Windows Update Agent.
http://download.windowsupdate.com/W...one/7.4.7600.226/WindowsUpdateAgent30-x86.exe

If that does not help.
You may need to Register the Wups2.dll file. 
Start - Run - Type
cmd 
Click Ok
A Command Prompt window will open - at the flashing >
Type
net stop wuauserv

Then at the flashing >
Type
regsvr32 %windir%\system32\wups2.dll

Press Enter.
You should receive the message 'wups2.dll succeded'

To restart the Automatic Updates service
Then Type in Command Prompt
net start wuauserv

Press Enter.
To leave Command Prompt at the flashing >
Type 
Exit


----------



## Rena30 (Jan 19, 2013)

Ok. When I tried to install Windows Update Agent, it said installation was not needed because it was already installed. So I followed and finished the next steps.


----------



## blues_harp28 (Jan 9, 2005)

(From a Mark1956 post)

One possible cause is that Windows Update's Download folder contains corrupted files. These steps will disable the Download folder so that a new one will automatically be created:

1. Click Start, type cmd in the Search box then right-click on cmd in the pop-up and select Run as Administrator. 
*For Xp* - Start - Run - Type - cmd - click Ok.

2. In the command prompt window, type *net stop wuauserv* and hit Enter. Watch for confirmation that the service has been stopped and leave the Command Prompt window open.

3. Click Start, type: *%windir%* in the box and hit Enter.

4. Scroll down the list in the left hand pane and click on SoftwareDistribution.

5. In the right hand pane, right-click on the folder Download, select Rename and change it to Download.old Close the window and confirm any prompts.

6. Back in the Command Prompt window, type *net start wuauserv* and press Enter. Close the window. Reboot the PC and future updates should download and install without anymore problems.

Note: After resolving this Windows Update issue, please feel free to delete the Download.old folder.


----------



## Rena30 (Jan 19, 2013)

Ok, I followed those instructions. I went back to delete the Download.old folder, it sent a prompt that said the folder was too big for the recycle bin, do you want to delete it permanently? I ticked no and just came back here. A new folder is there but it is empty.


----------



## blues_harp28 (Jan 9, 2005)

Leave the old download folder for the moment - it is doing no harm where it is.
Have you tried Windows Updates again?

If the updates still do not work - try this link.
http://support.microsoft.com/mats/windows_update/en-gb


----------



## Rena30 (Jan 19, 2013)

Which post # are you referring to when you ask have I tried windows updates again? I went back to control panel, where I viewed the updates before and I am not seeing any new updates?


----------



## blues_harp28 (Jan 9, 2005)

Hopefully with all the resetting of Windows Updates - you should be notified of new updates in the hours to come.
If that does not happen - let us know.
Back to your original problem.
Check Device Manager
http://www.computerhope.com/issues/ch000833.htm

Click the + sign to expand all entries.
Check for exclamation marks.
If a driver is needed - always go to the manufacturers website.


----------



## blues_harp28 (Jan 9, 2005)

Click the Start button > Run > Type
msconfig

Click on the Start up tab.
Write down carefully what is listed and post the list here.
Or post a screenshot.
http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## Rena30 (Jan 19, 2013)

Ok, I did not find any exclamation marks in the Device Manager. 
Here is the list:
Start Up ---------- Command --------- Location -------------- 
IMJPMIG - "C:WINDOWS\IME\im...... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

epm-dm - c:acer\Empowering\T..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

Monitor - C:\Acer\Empowering\T..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

admtray - "C:\Acer\Empowering....... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer..... 

conime - %windir%\system32\....... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

BelkinRouterMonitor - C:\Program Files\Belki..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

EKIJ5000MUI - C:\WINDOWS\System..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

msseces - "C:\Program Files\Micro.... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

jusched - "C:\Program Files\Com..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer..... 

igfxtray - C:\WINDOWS\system..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

hkcmd - C:\WINDOWS\system..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

igfxpers - C:\WINDOWS\system....... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer...... 

ISUSPM - "C:\Program Files\Com..... HKCU\SOFTWARE\Microsoft\Windows\CurrentVer...... 

ctfmon - C:\WINDOWS\system...... HKCU\SOFTWARE\Microsoft\Windows\CurrentVer......
All Of These Were Checked.

Info Center - C:\Program Files\PCPit..... SOFTWARE\Microsoft\Windows\Current Version Run

MSMSGS - "C:\Program Files\Mes..... SOFTWARE\Microsoft\Windows\Current Version Run

SUPERAntiSpyware - Crogram Files\SUPE...... SOFTWARE\Microsoft\Windows\Current Version Run
These 3 Were Not Checked.


----------



## Rena30 (Jan 19, 2013)

I never did receive any notification about new updates.
When it freezes up I push a little button that puts my computer in standby mode, when I turn it back on, it runs a lot faster for a little while, is this harmful to my computer?


----------



## blues_harp28 (Jan 9, 2005)

Start > Run - Type
msconfig
Under the Start Up Tab.
Untick all these entries.

*IMJPMIG - "C:WINDOWS\IME\im......

HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

epm-dm - c:acer\Empowering\T..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

Monitor - C:\Acer\Empowering\T..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

admtray - "C:\Acer\Empowering....... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.....

conime - %windir%\system32\....... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

EKIJ5000MUI - C:\WINDOWS\System..... HKLM\SOFTWARE\Microsoft\Windows\CurrentVer......

MSMSGS - "C:\Program Files\Mes..... SOFTWARE\Microsoft\Windows\Current Version Run

SUPERAntiSpyware - Crogram Files\SUPE...... SOFTWARE\Microsoft\Windows\Current Version Run*

Apply > Ok > Reboot your Pc.

The System Configuration Utility box appear on retstart - saying changes have been made.
Tick the box on the lower left and then OK.

*You may decide that some of these need to run at start up - if yes, retick them in msconfig*
http://netsquirrel.com/msconfig/index.html


----------



## blues_harp28 (Jan 9, 2005)

Rena30 said:


> I never did receive any notification about new updates.
> When it freezes up I push a little button that puts my computer in standby mode, when I turn it back on, it runs a lot faster for a little while, is this harmful to my computer?


If by the end of today you have not been notified that updates are being installed - let us know.
Standby is letting the Pc almost close down and then little is running on the Pc.
Once you come out of Standby - it is similar to a reboot and may still indicate that the original problem is not solved.

Let us know if the changes to programs running at start up has helped.


----------



## Rena30 (Jan 19, 2013)

My updates are scheduled to automatically update at 4:00pm my time. It is 4:41pm here now. I haven't received any notifications. But I wanted to let you know that my computer just froze up again. That was the first time today. It usually does it when I am on Facebook but it does do it on other sites as well.


----------



## Rena30 (Jan 19, 2013)

After my pc froze up today for the first time, it started acting really bad. It won't stay working for very long at all. I went and looked at the new Download folder that was created after following the steps in post #39. (The one that used to be empty) It has several (update) files in there now. But apparently none of them have installed. Because I looked in Add/Remove programs and nothing new has been added.


----------



## blues_harp28 (Jan 9, 2005)

Whatever we are trying here does not seem to be working.
Is it possible for you to borrow a Windows XP Home Edition Cd, from friend or family and run System File checker? - see Post # 22.
A Hard Drive test would be worth running.
SeaTools for DOS tutorial - ISO to CD
http://knowledge.seagate.com/articles/en_US/FAQ/201271en

You may have to consider saving all needed data and files externally and restoring your laptop back to how it left the factory.
Acer Support 
http://acer.custhelp.com/app/answers/detail/a_id/2631


----------



## Rena30 (Jan 19, 2013)

Unfortunately it is not possible to borrow a Cd. I do not know of anyone who uses Windows XP. Should I continue with the rest of the steps in your last post or is that for if I have the Cd?


----------



## blues_harp28 (Jan 9, 2005)

It is likely that you have some system files that are damaged in some way and that is causing your continued problems.
Without an Xp install Cd - there is no way of knowing.

It is worth running a Hard drive test.
http://knowledge.seagate.com/articles/en_US/FAQ/201271en
You download the IOS file for the test and burn it to a Cd/DVD.
You then start your Pc from the Cd and run the tests.


----------



## blues_harp28 (Jan 9, 2005)

Rena30 said:


> After my pc froze up today for the first time, it started acting really bad. It won't stay working for very long at all


Is it freezing at start up - or after the Pc has been on for a while?
Did you make the changes mentioned in post # 47?


----------



## Rena30 (Jan 19, 2013)

Yes, I did make the changes in post #47. It freezes after it has been on for awhile.
Is there any other way to do this, I do not have a blank Cd and I don't even know if I have a Cd burner?


----------



## blues_harp28 (Jan 9, 2005)

I found this on the Acer website - it may work on your laptop.
Testing the hard disk
http://acer--uk.custhelp.com/app/answers/detail/a_id/11589/~/testing-the-hard-disk

Read the warning.
Quote.
'Do not use the option Write Zeroes from the test menu. This removes all data from your hard drive and cannot be undone'.

Here is a link on how to burn a Cd.
http://www.howtogeek.com/howto/14183/beginner-geek-how-to-burn-an-iso-image-to-a-disc/


----------



## Rena30 (Jan 19, 2013)

I do not know what to do. I am confused. I do not know how to back up anything and I do not have any blank Cd's. I am too scared to do anything else without having some step by step details.


----------



## blues_harp28 (Jan 9, 2005)

At the Acer website - it does suggest that all data and files are backed up, as the hard drive test writes to the hard drive and data may be lost.
You can back up your data using a USB stick - you would copy and paste them onto the USB stick.
If you have a large enough USB stick.
How to copy information to a CD in Windows XP
http://support.microsoft.com/kb/306524

EaseUS Todo Backup Free
http://www.todo-backup.com/products/home/free-backup-software.htm

Or the other way is to back up data and files onto an external hard drive.


----------



## blues_harp28 (Jan 9, 2005)

Your problem may well be linked to the lack of Windows Updates.
If you can, run an online scan with Eset.
Online Virus Scanner | ESET
http://www.eset.com/us/online-scanner/

*Do Not* let ESET remove what it finds - post the log file.
The log file will be found here.
C:\Program Files\ESET\EsetOnlineScanner\log.txt

Depending on what it finds - I will ask one of our Malware Experts to check the log files.


----------



## Rena30 (Jan 19, 2013)

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=e27ce3cf96a07040a719d306aae6e7b0
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-25 11:03:23
# local_time=2013-01-25 05:03:23 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 10732537 16433197 0 0
# scanned=45582
# found=0
# cleaned=0
# scan_time=14717


----------



## blues_harp28 (Jan 9, 2005)

Related to Windows Updates.
Go back into Services.
Start - Run - Type.
services.msc

Click - Ok
Double Click each entry - and check that they are set to Automatic.

Background Intelligent Transfer Service (BITS)
Cryptographic Services
Remote Procedure Call (RPC)
System Restore Service


----------



## Rena30 (Jan 19, 2013)

Ok I did. There was 2 Remote Procedure Calls, 1 was set at Automatic and 1 was set at Manual, I changed the one set at manual to automatic.


----------



## blues_harp28 (Jan 9, 2005)

Have you been able to back up all your needed data and files?
Returning to factory settings may be you only option.
But be aware, sometimes that does not always work correctly.


----------



## Rena30 (Jan 19, 2013)

I just finished downloading EaseUs todo backup. But I do not know what to do next. I have it downloaded to my desktop, if someone could walk me through the steps, I would really appreciate it.


----------



## blues_harp28 (Jan 9, 2005)

EASEUS file backup freeware 





http://www.todo-backup.com/download/docs/User_Guide.pdf


----------



## Rena30 (Jan 19, 2013)

Do I just need to back up files? Or do I need to do a system back up also?


----------



## blues_harp28 (Jan 9, 2005)

Your system files seem to be corrupted in some way and not having the install Cd - there is no way to repair them.
If you back up your system files - you will be left with the same problem.

Saving your data and files is the next best move and hopefully the return to factory settings will work Ok and you will have a clean working laptop.


----------



## Rena30 (Jan 19, 2013)

Well I did get all of the files backed up. And if that is all I need to run the hard disk test, then I will do that in the morning. If I need to backup the system them I am going to have to find something that will hold more space. Just let me know if I should go ahead with the test. I appreciate your patience with me. Thanks


----------



## Rena30 (Jan 19, 2013)

Sorry, I figured everyone had turned in for the night. The options it gives is file back up or system backup and I am not sure if I need both?


----------



## blues_harp28 (Jan 9, 2005)

I'm glad to be of some help.
It is worth running the hard drive test first.
If it pases that test - then return the laptop to factory settings.
Let us know if the test goes a Ok.


----------



## blues_harp28 (Jan 9, 2005)

Rena30 said:


> Sorry, I figured everyone had turned in for the night. The options it gives is file back up or system backup and I am not sure if I need both?


It is past midnight here in the Uk - so I'm offline very soon.

You need *file back up*


----------



## Rena30 (Jan 19, 2013)

Ok I ran both test and they both passed. I believe I have everything backed up. When you go into EaseUs backup, underneath the option Backup it says: Data backup (File,Disk/Partition) / System Backup. I have backed up the first 2 options (File/Disk/Partition).


----------



## blues_harp28 (Jan 9, 2005)

You must have a diferent version than shown in the video above.
Did it not have a section to just back up your data and files?
You did not need to back up - Disk/Partition.

To where did you make the backup - an external hard drive?

Check that you can now access your saved files and data on a working Pc - before you set your laptop back to factory setings.


----------



## Rena30 (Jan 19, 2013)

Yes, it was a different version. It did not have that option. When I go to My Computer (from my start menu) there is a Acer C: and AcerData D:. The files and the disk partition were both saved to the Acerdata D:. Everything still seems to be where they were.


----------



## blues_harp28 (Jan 9, 2005)

If you made the back up on your hard drive then when you return the laptop to factory setting, all data and files will be lost, overwritten.

The back up has to be externally - to Cd's - USB sticks or better still an external hard drive.

http://support.microsoft.com/kb/306524
Transferring files onto a USB flash drive
http://kb.sandisk.com/app/answers/detail/a_id/104/~/transferring-files-onto-a-usb-flash-drive
http://www.wikihow.com/Copy-Files-to-an-External-Hard-Drive

In the EASEUS file backup program - Under File Backup - Select backup destination.
That is where you choose where the backup will be installed.
Click on Computer and choose the drive where the back up will be made.


----------



## Rena30 (Jan 19, 2013)

In the version of EaseUs Backup that I have, I am not seeing any options like that. So I guess the safest thing for me to do is to go purchase some blank cd's. It might be awhile before I am able to do so but when I get some I will let you know.


----------



## blues_harp28 (Jan 9, 2005)

OK - good luck, keep us updated.


----------



## Rena30 (Jan 19, 2013)

Hello Guys. I never did go buy any cd's. The computer started acting better for a little while. Now it is acting up again. I have been doing some research and I think I know what the problem is. I have a searchplugins folder virus. I can not find a FREE removal for this. I hear this is very dangerous but I can not afford to pay anyone. Can you give me some ideas of how to get rid of this virus?


----------



## blues_harp28 (Jan 9, 2005)

What makes you think that you have a 'searchplugins folder virus?'
Returning the Pc to factory setting will remove and then re-install the operating system.

But as you have asked the question - I will ask one of our Malware Experts to comment on the virus.


----------



## Rena30 (Jan 19, 2013)

I think I have the virus because it is everywhere. When ever I try to open anything the folder searchplugins appears. It is an empty folder, but I have read all about it, empty but dangerous. I am almost positive that is the problem.


----------



## Mark1956 (May 7, 2011)

Ok, Blues Harp I got your PM, lets see what we can find with a few more scanning tools. The Searchplugins virus is known about and gives heaps of results on Google, please do not be tempted to follow any guides for removal.

Please go Here and follow the instructions to run DDS, then *Copy and Paste* both the logs into your next reply. You need not run HJT or GMER.

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## blues_harp28 (Jan 9, 2005)

Thanks Mark :up:


----------



## Rena30 (Jan 19, 2013)

Here are the 2 logs.

DDS (Ver_2012-11-20.01) - FAT32_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by Coletta Wade at 16:18:34 on 2013-02-21
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [epm-dm] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: RestrictRun = dword:0
uPolicies-System: NoSecCPL = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
uPolicies-System: NoDevMgrPage = dword:0
uPolicies-System: NoConfigPage = dword:0
uPolicies-System: NoVirtMemPage = dword:0
uPolicies-System: NoFileSysPage = dword:0
uPolicies-System: NoNetSetup = dword:0
uPolicies-System: NoNetSetupIDPage = dword:0
uPolicies-System: NoNetSetupSecurityPage = dword:0
uPolicies-System: NoWorkgroupContents = dword:0
uPolicies-System: NoEntireNetwork = dword:0
uPolicies-System: NoFileSharingControl = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - d:\programs\micros~1\office11\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400378484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2903CD53-31CE-4D73-A5C2-8E21836F709B} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\bprote~1\22463~1.83\protec~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? cpudrv;cpudrv
R? EsgScanner;EsgScanner
R? Lbd;Lbd
R? RkHit;RkHit
R? SBRE;SBRE
R? WinRM;Windows Remote Management (WS-Management)
S? AWService;AdminWorks Agent X6
S? esgiguard;esgiguard
S? MpFilter;Microsoft Malware Protection Driver
S? RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter
S? SpyHunter 4 Service;SpyHunter 4 Service
.
=============== Created Last 30 ================
.
2013-02-21 21:58:56	6954968	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd7ca745-c0ad-4626-82f7-397aedcb2ccd}\mpengine.dll
2013-02-21 21:44:33	--------	d-----w-	c:\documents and settings\coletta wade\searchplugins
2013-02-20 22:14:14	110080	----a-r-	c:\documents and settings\coletta wade\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconF7A21AF7.exe
2013-02-20 22:14:14	110080	----a-r-	c:\documents and settings\coletta wade\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconD7F16134.exe
2013-02-20 22:14:14	110080	----a-r-	c:\documents and settings\coletta wade\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconCF33A0CE.exe
2013-02-20 22:14:08	--------	d-----w-	C:\sh4ldr
2013-02-20 22:14:08	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-20 22:03:31	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-20 22:02:26	--------	d-----w-	c:\program files\common files\Wise Installation Wizard
2013-02-19 20:36:07	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-14 04:12:17	--------	d-----w-	c:\windows\system32\wbem\searchplugins
2013-01-26 20:11:08	--------	d-sh--w-	C:\BOOT
2013-01-26 20:05:50	185032	----a-w-	c:\windows\system32\drivers\EuFdDisk.sys
2013-01-26 20:05:50	14920	----a-w-	c:\windows\system32\drivers\eudskacs.sys
2013-01-26 20:05:49	50248	----a-w-	c:\windows\system32\drivers\eubakup.sys
2013-01-26 20:05:48	40648	----a-w-	c:\windows\system32\drivers\EUBKMON.sys
2013-01-26 20:03:03	--------	d-----w-	c:\program files\EaseUS
2013-01-26 02:18:25	--------	d-----w-	c:\documents and settings\all users\application data\Intuit
2013-01-25 01:35:28	--------	d-sh--w-	C:\FOUND.000
2013-01-25 01:22:16	--------	d-----w-	c:\windows\system32\searchplugins
2013-01-24 23:58:02	--------	d--h--w-	c:\windows\ie8
.
==================== Find3M ====================
.
2013-02-19 20:35:54	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-19 20:35:52	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-19 20:35:52	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-18 22:38:54	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:38:54	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53:22	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-20 19:16:40	445	----a-w-	c:\windows\DeleteOnReboot.bat
2013-01-07 21:43:52	464024	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-07 01:16:02	2193024	------w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58	2069760	------w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00	1867264	------w-	c:\windows\system32\win32k.sys
2013-01-02 06:49:10	148992	------w-	c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10	1292288	------w-	c:\windows\system32\quartz.dll
2012-12-26 20:16:30	916480	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:16:28	43520	------w-	c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-12-24 06:41:00	385024	------w-	c:\windows\system32\html.iec
2012-12-16 12:24:00	290560	----a-w-	c:\windows\system32\atmfd.dll
.
============= FINISH: 16:22:54.28 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/29/2008 12:44:49 AM
System Uptime: 2/21/2013 3:44:05 PM (1 hours ago)
.
Motherboard: Acer | | Garda-910 
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 16 GiB total, 2.55 GiB free.
D: is FIXED (FAT32) - 18 GiB total, 17.352 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Service: AR5211
.
==== System Restore Points ===================
.
RP1031: 2/19/2013 2:35:44 PM - Installed Java 7 Update 15
RP1032: 2/19/2013 3:19:52 PM - Software Distribution Service 3.0
RP1033: 2/20/2013 3:44:07 PM - Software Distribution Service 3.0
RP1034: 2/20/2013 4:14:07 PM - Installed SpyHunter
RP1035: 2/21/2013 3:58:52 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
Driver Manager
File Type Assistant
Free File Viewer 2012
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Info Center 1.0.0.10
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 37
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master 2
PowerDirector Express
PreReq
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923789)
SoftV90 Data Fax Modem with SmartCP
SpyHunter
System Requirements Lab for Intel
TurboTax 2008 WinPerReleaseEngine
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx PCNow
WebFldrs XP
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
2/20/2013 4:12:29 PM, error: Service Control Manager [7011] - Timeout (60000 milliseconds) waiting for a transaction response from the Netman service.
2/20/2013 3:47:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/16/2013 9:50:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SBRE
2/16/2013 9:50:03 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

I see the infection in those logs but I need the logs from the other two scans as well.

ADWCleaner removed an entry relating to this infection earlier in the thread:

C:\Documents and Settings\All Users\Application Data\bProtectorForWindows

I'd like you to run it again to see if it is still there. First, right click on ADWCleaner in your Downloads folder and select Delete. Then download a fresh copy from here ADWCleaner which will be an updated version, this time save it to your Desktop.

Start the program and click on the Delete button then post the new log.

Please uninstall Java(TM) 6 Update 37 you should not leave old versions of Java on the system as they pose a security threat.


----------



## Rena30 (Jan 19, 2013)

Sorry, I was cooking dinner. I am kinda slow at this stuff please bear with me. Here is the Rkill log.

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/21/2013 05:38:01 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/21/2013 05:39:52 PM
Execution time: 0 hours(s), 1 minute(s), and 51 seconds(s)


----------



## Rena30 (Jan 19, 2013)

How do I find out if my computer is a 32bit or a 64bit?


----------



## Rena30 (Jan 19, 2013)

Never mind I got it.


----------



## Mark1956 (May 7, 2011)

It is 32 bit.


----------



## Rena30 (Jan 19, 2013)

Ok I am going to do the ADWCleaner now.

RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Coletta Wade [Admin rights]
Mode : Scan -- Date : 02/21/2013 18:43:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] EXPLORER.EXE -- C:\WINDOWS\explorer.exe : c:\docume~1\alluse~1\applic~1\bprote~1\22463~1.83\protec~1.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys [-] --> FOUND
[Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys [-] --> FOUND
[Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys [-] --> FOUND
[Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys [-] --> FOUND
[Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys [-] --> FOUND
[Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys [-] --> FOUND
[Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys [-] --> FOUND
[Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys [-] --> FOUND
[Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys [-] --> FOUND
[Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys [-] --> FOUND
[Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys [-] --> FOUND
[Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys [-] --> FOUND
[Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys [-] --> FOUND
[Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys [-] --> FOUND
[Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys [-] --> FOUND
[Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys [-] --> FOUND
[Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys [-] --> FOUND
[Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys [-] --> FOUND
[Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys [-] --> FOUND
[Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys [-] --> FOUND
[Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys [-] --> FOUND
[Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys [-] --> FOUND
[Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys [-] --> FOUND
[Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys [-] --> FOUND
[Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys [-] --> FOUND
[Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys [-] --> FOUND
[Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys [-] --> FOUND
[Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys [-] --> FOUND
[Faked.Drv][FILE] usbprint.sys : C:\WINDOWS\system32\drivers\usbprint.sys [-] --> FOUND
[Faked.Drv][FILE] wmiacpi.sys : C:\WINDOWS\system32\drivers\wmiacpi.sys [-] --> FOUND
[Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys [-] --> FOUND
[Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys [-] --> FOUND
[Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys [-] --> FOUND
[Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys [-] --> FOUND
[Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys [-] --> FOUND
[Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys [-] --> FOUND
[Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys [-] --> FOUND
[Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys [-] --> FOUND
[Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys [-] --> FOUND
[Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys [-] --> FOUND
[Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys [-] --> FOUND
[Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys [-] --> FOUND
[Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys [-] --> FOUND
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> FOUND
[Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys [-] --> FOUND
[Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys [-] --> FOUND
[Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys [-] --> FOUND
[Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys [-] --> FOUND
[Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys [-] --> FOUND
[Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys [-] --> FOUND
[Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys [-] --> FOUND
[Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys [-] --> FOUND
[Faked.Drv][FILE] ENECBPTH.sys : C:\WINDOWS\system32\drivers\ENECBPTH.sys [-] --> FOUND
[Faked.Drv][FILE] mspqm.sys : C:\WINDOWS\system32\drivers\mspqm.sys [-] --> FOUND
[Faked.Drv][FILE] EUBKMON.sys : C:\WINDOWS\system32\drivers\EUBKMON.sys [-] --> FOUND
[Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys [-] --> FOUND
[Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys [-] --> FOUND
[Faked.Drv][FILE] ohci1394.sys : C:\WINDOWS\system32\drivers\ohci1394.sys [-] --> FOUND
[Faked.Drv][FILE] viaide.sys : C:\WINDOWS\system32\drivers\viaide.sys [-] --> FOUND
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys [-] --> FOUND
[Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys [-] --> FOUND
[Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys [-] --> FOUND
[Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys [-] --> FOUND
[Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys [-] --> FOUND
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys [-] --> FOUND
[Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys [-] --> FOUND
[Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys [-] --> FOUND
[Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys [-] --> FOUND
[Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys [-] --> FOUND
[Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys [-] --> FOUND
[Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys [-] --> FOUND
[Faked.Drv][FILE] agp440.sys : C:\WINDOWS\system32\drivers\agp440.sys [-] --> FOUND
[Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys [-] --> FOUND
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys [-] --> FOUND
[Faked.Drv][FILE] usbuhci.sys : C:\WINDOWS\system32\drivers\usbuhci.sys [-] --> FOUND
[Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys [-] --> FOUND
[Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys [-] --> FOUND
[Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys [-] --> FOUND
[Faked.Drv][FILE] usbstor.sys : C:\WINDOWS\system32\drivers\usbstor.sys [-] --> FOUND
[Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys [-] --> FOUND
[Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys [-] --> FOUND
[Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys [-] --> FOUND
[Faked.Drv][FILE] usbscan.sys : C:\WINDOWS\system32\drivers\usbscan.sys [-] --> FOUND
[Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys [-] --> FOUND
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys [-] --> FOUND
[Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys [-] --> FOUND
[Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys [-] --> FOUND
[Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys [-] --> FOUND
[Faked.Drv][FILE] amdagp.sys : C:\WINDOWS\system32\drivers\amdagp.sys [-] --> FOUND
[Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys [-] --> FOUND
[Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys [-] --> FOUND
[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys [-] --> FOUND
[Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys [-] --> FOUND
[Faked.Drv][FILE] battc.sys : C:\WINDOWS\system32\drivers\battc.sys [-] --> FOUND
[Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys [-] --> FOUND
[Faked.Drv][FILE] compbatt.sys : C:\WINDOWS\system32\drivers\compbatt.sys [-] --> FOUND
[Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys [-] --> FOUND
[Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys [-] --> FOUND
[Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys [-] --> FOUND
[Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys [-] --> FOUND
[Faked.Drv][FILE] intelide.sys : C:\WINDOWS\system32\drivers\intelide.sys [-] --> FOUND
[Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys [-] --> FOUND
[Faked.Drv][FILE] CCDECODE.sys : C:\WINDOWS\system32\drivers\CCDECODE.sys [-] --> FOUND
[Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys [-] --> FOUND
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys [-] --> FOUND
[Faked.Drv][FILE] usbccgp.sys : C:\WINDOWS\system32\drivers\usbccgp.sys [-] --> FOUND
[Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys [-] --> FOUND
[Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys [-] --> FOUND
[Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys [-] --> FOUND
[Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys [-] --> FOUND
[Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys [-] --> FOUND
[Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys [-] --> FOUND
[Faked.Drv][FILE] sffp_mmc.sys : C:\WINDOWS\system32\drivers\sffp_mmc.sys [-] --> FOUND
[Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys [-] --> FOUND
[Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys [-] --> FOUND
[Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys [-] --> FOUND
[Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys [-] --> FOUND
[Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys [-] --> FOUND
[Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys [-] --> FOUND
[Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys [-] --> FOUND
[Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys [-] --> FOUND
[Faked.Drv][FILE] i2omp.sys : C:\WINDOWS\system32\drivers\i2omp.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys [-] --> FOUND
[Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys [-] --> FOUND
[Faked.Drv][FILE] 1394bus.sys : C:\WINDOWS\system32\drivers\1394bus.sys [-] --> FOUND
[Faked.Drv][FILE] toside.sys : C:\WINDOWS\system32\drivers\toside.sys [-] --> FOUND
[Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys [-] --> FOUND
[Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys [-] --> FOUND
[Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys [-] --> FOUND
[Faked.Drv][FILE] sparrow.sys : C:\WINDOWS\system32\drivers\sparrow.sys [-] --> FOUND
[Faked.Drv][FILE] adpu160m.sys : C:\WINDOWS\system32\drivers\adpu160m.sys [-] --> FOUND
[Faked.Drv][FILE] irda.sys : C:\WINDOWS\system32\drivers\irda.sys [-] --> FOUND
[Faked.Drv][FILE] perc2hib.sys : C:\WINDOWS\system32\drivers\perc2hib.sys [-] --> FOUND
[Faked.Drv][FILE] aic78xx.sys : C:\WINDOWS\system32\drivers\aic78xx.sys [-] --> FOUND
[Faked.Drv][FILE] aha154x.sys : C:\WINDOWS\system32\drivers\aha154x.sys [-] --> FOUND
[Faked.Drv][FILE] CmBatt.sys : C:\WINDOWS\system32\drivers\CmBatt.sys [-] --> FOUND
[Faked.Drv][FILE] dpti2o.sys : C:\WINDOWS\system32\drivers\dpti2o.sys [-] --> FOUND
[Faked.Drv][FILE] aic78u2.sys : C:\WINDOWS\system32\drivers\aic78u2.sys [-] --> FOUND
[Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys [-] --> FOUND
[Faked.Drv][FILE] cpqarray.sys : C:\WINDOWS\system32\drivers\cpqarray.sys [-] --> FOUND
[Faked.Drv][FILE] symc810.sys : C:\WINDOWS\system32\drivers\symc810.sys [-] --> FOUND
[Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys [-] --> FOUND
[Faked.Drv][FILE] cd20xrnt.sys : C:\WINDOWS\system32\drivers\cd20xrnt.sys [-] --> FOUND
[Faked.Drv][FILE] hpn.sys : C:\WINDOWS\system32\drivers\hpn.sys [-] --> FOUND
[Faked.Drv][FILE] perc2.sys : C:\WINDOWS\system32\drivers\perc2.sys [-] --> FOUND
[Faked.Drv][FILE] sym_hi.sys : C:\WINDOWS\system32\drivers\sym_hi.sys [-] --> FOUND
[Faked.Drv][FILE] fetnd5.sys : C:\WINDOWS\system32\drivers\fetnd5.sys [-] --> FOUND
[Faked.Drv][FILE] symc8xx.sys : C:\WINDOWS\system32\drivers\symc8xx.sys [-] --> FOUND
[Faked.Drv][FILE] sym_u3.sys : C:\WINDOWS\system32\drivers\sym_u3.sys [-] --> FOUND
[Faked.Drv][FILE] enum1394.sys : C:\WINDOWS\system32\drivers\enum1394.sys [-] --> FOUND
[Faked.Drv][FILE] ql10wnt.sys : C:\WINDOWS\system32\drivers\ql10wnt.sys [-] --> FOUND
[Faked.Drv][FILE] ql1080.sys : C:\WINDOWS\system32\drivers\ql1080.sys [-] --> FOUND
[Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys [-] --> FOUND
[Faked.Drv][FILE] ql1240.sys : C:\WINDOWS\system32\drivers\ql1240.sys [-] --> FOUND
[Faked.Drv][FILE] ql12160.sys : C:\WINDOWS\system32\drivers\ql12160.sys [-] --> FOUND
[Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys [-] --> FOUND
[Faked.Drv][FILE] ql1280.sys : C:\WINDOWS\system32\drivers\ql1280.sys [-] --> FOUND
[Faked.Drv][FILE] hidusb.sys : C:\WINDOWS\system32\drivers\hidusb.sys [-] --> FOUND
[Faked.Drv][FILE] rasirda.sys : C:\WINDOWS\system32\drivers\rasirda.sys [-] --> FOUND
[Faked.Drv][FILE] mraid35x.sys : C:\WINDOWS\system32\drivers\mraid35x.sys [-] --> FOUND
[Faked.Drv][FILE] i2omgmt.sys : C:\WINDOWS\system32\drivers\i2omgmt.sys [-] --> FOUND
[Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys [-] --> FOUND
[Faked.Drv][FILE] dac2w2k.sys : C:\WINDOWS\system32\drivers\dac2w2k.sys [-] --> FOUND
[Faked.Drv][FILE] dac960nt.sys : C:\WINDOWS\system32\drivers\dac960nt.sys [-] --> FOUND
[Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys [-] --> FOUND
[Faked.Drv][FILE] asc3550.sys : C:\WINDOWS\system32\drivers\asc3550.sys [-] --> FOUND
[Faked.Drv][FILE] asc.sys : C:\WINDOWS\system32\drivers\asc.sys [-] --> FOUND
[Faked.Drv][FILE] asc3350p.sys : C:\WINDOWS\system32\drivers\asc3350p.sys [-] --> FOUND
[Faked.Drv][FILE] ABP480N5.SYS : C:\WINDOWS\system32\drivers\ABP480N5.SYS [-] --> FOUND
[Faked.Drv][FILE] amsint.sys : C:\WINDOWS\system32\drivers\amsint.sys [-] --> FOUND
[Faked.Drv][FILE] ini910u.sys : C:\WINDOWS\system32\drivers\ini910u.sys [-] --> FOUND
[Faked.Drv][FILE] aliide.sys : C:\WINDOWS\system32\drivers\aliide.sys [-] --> FOUND
[Faked.Drv][FILE] NABTSFEC.sys : C:\WINDOWS\system32\drivers\NABTSFEC.sys [-] --> FOUND
[Faked.Drv][FILE] ultra.sys : C:\WINDOWS\system32\drivers\ultra.sys [-] --> FOUND
[Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys [-] --> FOUND
[Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys [-] --> FOUND
[Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys [-] --> FOUND
[Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys [-] --> FOUND
[Faked.Drv][FILE] cmdide.sys : C:\WINDOWS\system32\drivers\cmdide.sys [-] --> FOUND
[Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys [-] --> FOUND
[Faked.Drv][FILE] srv.sys : C:\WINDOWS\system32\drivers\srv.sys [-] --> FOUND
[Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys [-] --> FOUND
[Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys [-] --> FOUND
[Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys [-] --> FOUND
[Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys [-] --> FOUND
[Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys [-] --> FOUND
[Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys [-] --> FOUND
[Faked.Drv][FILE] agpcpq.sys : C:\WINDOWS\system32\drivers\agpcpq.sys [-] --> FOUND
[Faked.Drv][FILE] alim1541.sys : C:\WINDOWS\system32\drivers\alim1541.sys [-] --> FOUND
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys [-] --> FOUND
[Faked.Drv][FILE] Rtlnicxp.sys : C:\WINDOWS\system32\drivers\Rtlnicxp.sys [-] --> FOUND
[Faked.Drv][FILE] BCMWL5.SYS : C:\WINDOWS\system32\drivers\BCMWL5.SYS [-] --> FOUND
[Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys [-] --> FOUND
[Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys [-] --> FOUND
[Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys [-] --> FOUND
[Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys [-] --> FOUND
[Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys [-] --> FOUND
[Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys [-] --> FOUND
[Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys [-] --> FOUND
[Faked.Drv][FILE] mskssrv.sys : C:\WINDOWS\system32\drivers\mskssrv.sys [-] --> FOUND
[Faked.Drv][FILE] mspclock.sys : C:\WINDOWS\system32\drivers\mspclock.sys [-] --> FOUND
[Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_CNXT.sys : C:\WINDOWS\system32\drivers\HSF_CNXT.sys [-] --> FOUND
[Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys [-] --> FOUND
[Faked.Drv][FILE] nscirda.sys : C:\WINDOWS\system32\drivers\nscirda.sys [-] --> FOUND
[Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys [-] --> FOUND
[Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys [-] --> FOUND
[Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys [-] --> FOUND
[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> FOUND
[Faked.Drv][FILE] kbdhid.sys : C:\WINDOWS\system32\drivers\kbdhid.sys [-] --> FOUND
[Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys [-] --> FOUND
[Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys [-] --> FOUND
[Faked.Drv][FILE] HSFHWICH.sys : C:\WINDOWS\system32\drivers\HSFHWICH.sys [-] --> FOUND
[Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys [-] --> FOUND
[Faked.Drv][FILE] MpFilter.sys : C:\WINDOWS\system32\drivers\MpFilter.sys [-] --> FOUND
[Faked.Drv][FILE] WSTCODEC.SYS : C:\WINDOWS\system32\drivers\WSTCODEC.SYS [-] --> FOUND
[Faked.Drv][FILE] pfc.sys : C:\WINDOWS\system32\drivers\pfc.sys [-] --> FOUND
[Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys [-] --> FOUND
[Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys [-] --> FOUND
[Faked.Drv][FILE] ialmnt5.sys : C:\WINDOWS\system32\drivers\ialmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys [-] --> FOUND
[Faked.Drv][FILE] eubakup.sys : C:\WINDOWS\system32\drivers\eubakup.sys [-] --> FOUND
[Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys [-] --> FOUND
[Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys [-] --> FOUND
[Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys [-] --> FOUND
[Faked.Drv][FILE] UBHelper.sys : C:\WINDOWS\system32\drivers\UBHelper.sys [-] --> FOUND
[Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys [-] --> FOUND
[Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys [-] --> FOUND
[Faked.Drv][FILE] ar5211.sys : C:\WINDOWS\system32\drivers\ar5211.sys [-] --> FOUND
[Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys [-] --> FOUND
[Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys [-] --> FOUND
[Faked.Drv][FILE] viaagp.sys : C:\WINDOWS\system32\drivers\viaagp.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_DP.sys : C:\WINDOWS\system32\drivers\HSF_DP.sys [-] --> FOUND
[Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys [-] --> FOUND
[Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys [-] --> FOUND
[Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys [-] --> FOUND
[Faked.Drv][FILE] eudskacs.sys : C:\WINDOWS\system32\drivers\eudskacs.sys [-] --> FOUND
[Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys [-] --> FOUND
[Faked.Drv][FILE] ac97intc.sys : C:\WINDOWS\system32\drivers\ac97intc.sys [-] --> FOUND
[Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys [-] --> FOUND
[Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys [-] --> FOUND
[Faked.Drv][FILE] RTL8192su.sys : C:\WINDOWS\system32\drivers\RTL8192su.sys [-] --> FOUND
[Faked.Drv][FILE] epm-psd.sys : C:\WINDOWS\system32\drivers\epm-psd.sys [-] --> FOUND
[Faked.Drv][FILE] epm-shd.sys : C:\WINDOWS\system32\drivers\epm-shd.sys [-] --> FOUND
[Faked.Drv][FILE] osaio.sys : C:\WINDOWS\system32\drivers\osaio.sys [-] --> FOUND
[Faked.Drv][FILE] osanbm.sys : C:\WINDOWS\system32\drivers\osanbm.sys [-] --> FOUND
[Faked.Drv][FILE] OsaFsLoc.sys : C:\WINDOWS\system32\drivers\OsaFsLoc.sys [-] --> FOUND
[Faked.Drv][FILE] NdisFilt.sys : C:\WINDOWS\system32\drivers\NdisFilt.sys [-] --> FOUND
[Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys [-] --> FOUND
[Faked.Drv][FILE] NETMNT.sys : C:\WINDOWS\system32\drivers\NETMNT.sys [-] --> FOUND
[Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys [-] --> FOUND
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys [-] --> FOUND
[Faked.Drv][FILE] sisagp.sys : C:\WINDOWS\system32\drivers\sisagp.sys [-] --> FOUND
[Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys [-] --> FOUND
[Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys [-] --> FOUND
[Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys [-] --> FOUND
[Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys [-] --> FOUND
[Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys [-] --> FOUND
[Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys [-] --> FOUND
[Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys [-] --> FOUND
[Faked.Drv][FILE] mouhid.sys : C:\WINDOWS\system32\drivers\mouhid.sys [-] --> FOUND
[Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys [-] --> FOUND
[Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys [-] --> FOUND
[Faked.Drv][FILE] SONYPVU1.SYS : C:\WINDOWS\system32\drivers\SONYPVU1.SYS [-] --> FOUND
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys [-] --> FOUND
[Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys [-] --> FOUND
[Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys [-] --> FOUND
[Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys [-] --> FOUND
[Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys [-] --> FOUND
[Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys [-] --> FOUND
[Faked.Drv][FILE] hdaudbus.sys : C:\WINDOWS\system32\drivers\hdaudbus.sys [-] --> FOUND
[Faked.Drv][FILE] gagp30kx.sys : C:\WINDOWS\system32\drivers\gagp30kx.sys [-] --> FOUND
[Faked.Drv][FILE] fltMgr.sys : C:\WINDOWS\system32\drivers\fltMgr.sys [-] --> FOUND
[Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys [-] --> FOUND
[Faked.Drv][FILE] SLIP.sys : C:\WINDOWS\system32\drivers\SLIP.sys [-] --> FOUND
[Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys [-] --> FOUND
[Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys [-] --> FOUND
[Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys [-] --> FOUND
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys [-] --> FOUND
[Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinbtxx.sys : C:\WINDOWS\system32\drivers\atinbtxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys [-] --> FOUND
[Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys [-] --> FOUND
[Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys [-] --> FOUND
[Faked.Drv][FILE] MSTEE.sys : C:\WINDOWS\system32\drivers\MSTEE.sys [-] --> FOUND
[Faked.Drv][FILE] GEARAspiWDM.sys : C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [-] --> FOUND
[Faked.Drv][FILE] RimSerial.sys : C:\WINDOWS\system32\drivers\RimSerial.sys [-] --> FOUND
[Faked.Drv][FILE] PCTSD.sys : C:\WINDOWS\system32\drivers\PCTSD.sys [-] --> FOUND
[Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys [-] --> FOUND
[Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys [-] --> FOUND
[Faked.Drv][FILE] BTHUSB.SYS : C:\WINDOWS\system32\drivers\BTHUSB.SYS [-] --> FOUND
[Faked.Drv][FILE] RimUsb.sys : C:\WINDOWS\system32\drivers\RimUsb.sys [-] --> FOUND
[Faked.Drv][FILE] StreamIP.sys : C:\WINDOWS\system32\drivers\StreamIP.sys [-] --> FOUND
[Faked.Drv][FILE] NdisIP.sys : C:\WINDOWS\system32\drivers\NdisIP.sys [-] --> FOUND
[Faked.Drv][FILE] AFGSp50.sys : C:\WINDOWS\system32\drivers\AFGSp50.sys [-] --> FOUND
[Faked.Drv][FILE] EuFdDisk.sys : C:\WINDOWS\system32\drivers\EuFdDisk.sys [-] --> FOUND
[Faked.Drv][FILE] EsgScanner.sys : C:\WINDOWS\system32\drivers\EsgScanner.sys [-] --> FOUND
[Faked.Drv][FILE] TrueSight.sys : C:\WINDOWS\system32\drivers\TrueSight.sys [-] --> FOUND
[Faked.Drv][FILE] WudfPf.sys : C:\WINDOWS\system32\drivers\WudfPf.sys [-] --> FOUND
[Faked.Drv][FILE] WudfRd.sys : C:\WINDOWS\system32\drivers\WudfRd.sys [-] --> FOUND
[Faked.Drv][FILE] wpdusb.sys : C:\WINDOWS\system32\drivers\wpdusb.sys [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xBA5E6700)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] e4e2811d5bb93111c3ab227b8f3278d4
[BSP] afd663b62beb710eabd66cab9e298a9d : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3200 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6554520 | Size: 16872 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 41110335 | Size: 18128 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02212013_02d1843.txt >>
RKreport[1]_S_02212013_02d1843.txt


----------



## Mark1956 (May 7, 2011)

Ok, once I see the ADWCleaner log I can put together a fix that will hopefully clear things up.

RogueKiller is showing a huge number of Fake drivers, the likes of which I have never seen before so we may have some work ahead of us to do.

I'm turning i now, it's 2am here, I'll be back in the morning GMT+1.


----------



## Rena30 (Jan 19, 2013)

Ok here it is. I also deleted Java update 6. Thanks for all you help. Talk to you in the am.

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 19:42:42
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Coletta Wade - SARENAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Coletta Wade\Desktop\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\bProtectorForWindows

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DA17D5A-5718-4130-A605-FC316C827836}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DA17D5A-5718-4130-A605-FC316C827836}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\SearchcoreMediabarTb
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S6].txt - [11802 octets] - [21/02/2013 19:42:42]

########## EOF - C:\AdwCleaner[S6].txt - [11863 octets] ##########


----------



## Mark1956 (May 7, 2011)

The drivers found by RogueKiller are fine as far as I can tell it is just the way it works on XP systems.

ADWCleaner has removed a lot more Adware on this run including that related file which has returned.

We need to run another scan to remove several items. When done reboot the system and tell me if the pop up is still appearing, then run ADWCleaner and RogueKiller again and post the new logs.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Services
:Files
c:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll
c:\windows\system32\searchplugins
c:\windows\system32\wbem\searchplugins
c:\documents and settings\coletta wade\searchplugins
C:\Documents and Settings\All Users\Application Data\bProtectorForWindows
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## Rena30 (Jan 19, 2013)

Good morning. Before I get started I would like to tell you something. My current browser is Google Chrome and this morning I double clicked the icon to go online and it was not my google chrome home page, it said search conduit. I immediately closed it and opened IE. Last night when I tried to open google chrome and a box popped up telling me that google chrome was corrupted, I didn't sign in but I was able to use it last night.


----------



## Mark1956 (May 7, 2011)

That is odd, the ADWCleaner log shows it removed Conduit. We can deal with Google later if the problem remains, the prime objective is to get rid of all the Adware and the SearchPlugin.

Anyway, carry on with the instructions above and the run ADWCleaner again and post both the logs.


----------



## Rena30 (Jan 19, 2013)

Here is the OTM scan log. And the folder is still appearing.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
DllUnregisterServer procedure not found in c:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll
File move failed. c:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
c:\windows\system32\searchplugins folder moved successfully.
c:\windows\system32\wbem\searchplugins folder moved successfully.
c:\documents and settings\coletta wade\searchplugins folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\bProtectorForWindows scheduled to be moved on reboot.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 58264 bytes

User: All Users

User: NetworkService

User: LocalService

User: Coletta Wade
->Flash cache emptied: 58792 bytes

User: Administrator
->Flash cache emptied: 56852 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 2439850 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1473407 bytes

User: Coletta Wade
->Temp folder emptied: 45793526 bytes
->Temporary Internet Files folder emptied: 20542612 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 19414888 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 1234 bytes
->Temporary Internet Files folder emptied: 325844 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500434 bytes
%systemroot%\System32 .tmp files removed: 3594257 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1898506 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 391256916 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1348325 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 468.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 02222013_095344
All processes killed

OTM by OldTimer - Version 3.1.21.0 log created on 02222013_095344
Files moved on Reboot...
File move failed. c:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\bProtectorForWindows scheduled to be moved on reboot.
Registry entries deleted on Reboot...


----------



## Rena30 (Jan 19, 2013)

When I run ADWcleaner do I run it under delete again?


----------



## Mark1956 (May 7, 2011)

Yes, but first, if you have not rebooted the system after running OTM please do so.


----------



## Rena30 (Jan 19, 2013)

Here is the ADWcleaner log and the RougeKiller log.

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 10:40:54
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Coletta Wade - SARENAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Coletta Wade\Desktop\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\All Users\Application Data\bProtectorForWindows
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DA17D5A-5718-4130-A605-FC316C827836}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S6].txt - [11933 octets] - [21/02/2013 19:42:42]
AdwCleaner[S7].txt - [2580 octets] - [22/02/2013 10:40:54]
########## EOF - C:\AdwCleaner[S7].txt - [2640 octets] ##########

RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Coletta Wade [Admin rights]
Mode : Scan -- Date : 02/22/2013 11:04:27
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\docume~1\alluse~1\applic~1\bprote~1\22463~1.83\protec~1.dll) [x] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys [-] --> FOUND
[Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys [-] --> FOUND
[Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys [-] --> FOUND
[Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys [-] --> FOUND
[Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys [-] --> FOUND
[Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys [-] --> FOUND
[Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys [-] --> FOUND
[Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys [-] --> FOUND
[Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys [-] --> FOUND
[Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys [-] --> FOUND
[Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys [-] --> FOUND
[Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys [-] --> FOUND
[Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys [-] --> FOUND
[Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys [-] --> FOUND
[Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys [-] --> FOUND
[Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys [-] --> FOUND
[Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys [-] --> FOUND
[Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys [-] --> FOUND
[Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys [-] --> FOUND
[Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys [-] --> FOUND
[Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys [-] --> FOUND
[Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys [-] --> FOUND
[Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys [-] --> FOUND
[Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys [-] --> FOUND
[Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys [-] --> FOUND
[Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys [-] --> FOUND
[Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys [-] --> FOUND
[Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys [-] --> FOUND
[Faked.Drv][FILE] usbprint.sys : C:\WINDOWS\system32\drivers\usbprint.sys [-] --> FOUND
[Faked.Drv][FILE] wmiacpi.sys : C:\WINDOWS\system32\drivers\wmiacpi.sys [-] --> FOUND
[Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys [-] --> FOUND
[Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys [-] --> FOUND
[Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys [-] --> FOUND
[Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys [-] --> FOUND
[Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys [-] --> FOUND
[Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys [-] --> FOUND
[Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys [-] --> FOUND
[Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys [-] --> FOUND
[Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys [-] --> FOUND
[Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys [-] --> FOUND
[Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys [-] --> FOUND
[Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys [-] --> FOUND
[Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys [-] --> FOUND
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> FOUND
[Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys [-] --> FOUND
[Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys [-] --> FOUND
[Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys [-] --> FOUND
[Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys [-] --> FOUND
[Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys [-] --> FOUND
[Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys [-] --> FOUND
[Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys [-] --> FOUND
[Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys [-] --> FOUND
[Faked.Drv][FILE] ENECBPTH.sys : C:\WINDOWS\system32\drivers\ENECBPTH.sys [-] --> FOUND
[Faked.Drv][FILE] mspqm.sys : C:\WINDOWS\system32\drivers\mspqm.sys [-] --> FOUND
[Faked.Drv][FILE] EUBKMON.sys : C:\WINDOWS\system32\drivers\EUBKMON.sys [-] --> FOUND
[Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys [-] --> FOUND
[Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys [-] --> FOUND
[Faked.Drv][FILE] ohci1394.sys : C:\WINDOWS\system32\drivers\ohci1394.sys [-] --> FOUND
[Faked.Drv][FILE] viaide.sys : C:\WINDOWS\system32\drivers\viaide.sys [-] --> FOUND
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys [-] --> FOUND
[Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys [-] --> FOUND
[Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys [-] --> FOUND
[Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys [-] --> FOUND
[Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys [-] --> FOUND
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys [-] --> FOUND
[Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys [-] --> FOUND
[Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys [-] --> FOUND
[Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys [-] --> FOUND
[Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys [-] --> FOUND
[Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys [-] --> FOUND
[Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys [-] --> FOUND
[Faked.Drv][FILE] agp440.sys : C:\WINDOWS\system32\drivers\agp440.sys [-] --> FOUND
[Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys [-] --> FOUND
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys [-] --> FOUND
[Faked.Drv][FILE] usbuhci.sys : C:\WINDOWS\system32\drivers\usbuhci.sys [-] --> FOUND
[Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys [-] --> FOUND
[Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys [-] --> FOUND
[Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys [-] --> FOUND
[Faked.Drv][FILE] usbstor.sys : C:\WINDOWS\system32\drivers\usbstor.sys [-] --> FOUND
[Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys [-] --> FOUND
[Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys [-] --> FOUND
[Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys [-] --> FOUND
[Faked.Drv][FILE] usbscan.sys : C:\WINDOWS\system32\drivers\usbscan.sys [-] --> FOUND
[Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys [-] --> FOUND
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys [-] --> FOUND
[Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys [-] --> FOUND
[Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys [-] --> FOUND
[Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys [-] --> FOUND
[Faked.Drv][FILE] amdagp.sys : C:\WINDOWS\system32\drivers\amdagp.sys [-] --> FOUND
[Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys [-] --> FOUND
[Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys [-] --> FOUND
[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys [-] --> FOUND
[Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys [-] --> FOUND
[Faked.Drv][FILE] battc.sys : C:\WINDOWS\system32\drivers\battc.sys [-] --> FOUND
[Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys [-] --> FOUND
[Faked.Drv][FILE] compbatt.sys : C:\WINDOWS\system32\drivers\compbatt.sys [-] --> FOUND
[Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys [-] --> FOUND
[Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys [-] --> FOUND
[Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys [-] --> FOUND
[Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys [-] --> FOUND
[Faked.Drv][FILE] intelide.sys : C:\WINDOWS\system32\drivers\intelide.sys [-] --> FOUND
[Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys [-] --> FOUND
[Faked.Drv][FILE] CCDECODE.sys : C:\WINDOWS\system32\drivers\CCDECODE.sys [-] --> FOUND
[Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys [-] --> FOUND
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys [-] --> FOUND
[Faked.Drv][FILE] usbccgp.sys : C:\WINDOWS\system32\drivers\usbccgp.sys [-] --> FOUND
[Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys [-] --> FOUND
[Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys [-] --> FOUND
[Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys [-] --> FOUND
[Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys [-] --> FOUND
[Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys [-] --> FOUND
[Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys [-] --> FOUND
[Faked.Drv][FILE] sffp_mmc.sys : C:\WINDOWS\system32\drivers\sffp_mmc.sys [-] --> FOUND
[Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys [-] --> FOUND
[Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys [-] --> FOUND
[Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys [-] --> FOUND
[Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys [-] --> FOUND
[Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys [-] --> FOUND
[Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys [-] --> FOUND
[Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys [-] --> FOUND
[Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys [-] --> FOUND
[Faked.Drv][FILE] i2omp.sys : C:\WINDOWS\system32\drivers\i2omp.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys [-] --> FOUND
[Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys [-] --> FOUND
[Faked.Drv][FILE] 1394bus.sys : C:\WINDOWS\system32\drivers\1394bus.sys [-] --> FOUND
[Faked.Drv][FILE] toside.sys : C:\WINDOWS\system32\drivers\toside.sys [-] --> FOUND
[Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys [-] --> FOUND
[Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys [-] --> FOUND
[Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys [-] --> FOUND
[Faked.Drv][FILE] sparrow.sys : C:\WINDOWS\system32\drivers\sparrow.sys [-] --> FOUND
[Faked.Drv][FILE] adpu160m.sys : C:\WINDOWS\system32\drivers\adpu160m.sys [-] --> FOUND
[Faked.Drv][FILE] irda.sys : C:\WINDOWS\system32\drivers\irda.sys [-] --> FOUND
[Faked.Drv][FILE] perc2hib.sys : C:\WINDOWS\system32\drivers\perc2hib.sys [-] --> FOUND
[Faked.Drv][FILE] aic78xx.sys : C:\WINDOWS\system32\drivers\aic78xx.sys [-] --> FOUND
[Faked.Drv][FILE] aha154x.sys : C:\WINDOWS\system32\drivers\aha154x.sys [-] --> FOUND
[Faked.Drv][FILE] CmBatt.sys : C:\WINDOWS\system32\drivers\CmBatt.sys [-] --> FOUND
[Faked.Drv][FILE] dpti2o.sys : C:\WINDOWS\system32\drivers\dpti2o.sys [-] --> FOUND
[Faked.Drv][FILE] aic78u2.sys : C:\WINDOWS\system32\drivers\aic78u2.sys [-] --> FOUND
[Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys [-] --> FOUND
[Faked.Drv][FILE] cpqarray.sys : C:\WINDOWS\system32\drivers\cpqarray.sys [-] --> FOUND
[Faked.Drv][FILE] symc810.sys : C:\WINDOWS\system32\drivers\symc810.sys [-] --> FOUND
[Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys [-] --> FOUND
[Faked.Drv][FILE] cd20xrnt.sys : C:\WINDOWS\system32\drivers\cd20xrnt.sys [-] --> FOUND
[Faked.Drv][FILE] hpn.sys : C:\WINDOWS\system32\drivers\hpn.sys [-] --> FOUND
[Faked.Drv][FILE] perc2.sys : C:\WINDOWS\system32\drivers\perc2.sys [-] --> FOUND
[Faked.Drv][FILE] sym_hi.sys : C:\WINDOWS\system32\drivers\sym_hi.sys [-] --> FOUND
[Faked.Drv][FILE] fetnd5.sys : C:\WINDOWS\system32\drivers\fetnd5.sys [-] --> FOUND
[Faked.Drv][FILE] symc8xx.sys : C:\WINDOWS\system32\drivers\symc8xx.sys [-] --> FOUND
[Faked.Drv][FILE] sym_u3.sys : C:\WINDOWS\system32\drivers\sym_u3.sys [-] --> FOUND
[Faked.Drv][FILE] enum1394.sys : C:\WINDOWS\system32\drivers\enum1394.sys [-] --> FOUND
[Faked.Drv][FILE] ql10wnt.sys : C:\WINDOWS\system32\drivers\ql10wnt.sys [-] --> FOUND
[Faked.Drv][FILE] ql1080.sys : C:\WINDOWS\system32\drivers\ql1080.sys [-] --> FOUND
[Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys [-] --> FOUND
[Faked.Drv][FILE] ql1240.sys : C:\WINDOWS\system32\drivers\ql1240.sys [-] --> FOUND
[Faked.Drv][FILE] ql12160.sys : C:\WINDOWS\system32\drivers\ql12160.sys [-] --> FOUND
[Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys [-] --> FOUND
[Faked.Drv][FILE] ql1280.sys : C:\WINDOWS\system32\drivers\ql1280.sys [-] --> FOUND
[Faked.Drv][FILE] hidusb.sys : C:\WINDOWS\system32\drivers\hidusb.sys [-] --> FOUND
[Faked.Drv][FILE] rasirda.sys : C:\WINDOWS\system32\drivers\rasirda.sys [-] --> FOUND
[Faked.Drv][FILE] mraid35x.sys : C:\WINDOWS\system32\drivers\mraid35x.sys [-] --> FOUND
[Faked.Drv][FILE] i2omgmt.sys : C:\WINDOWS\system32\drivers\i2omgmt.sys [-] --> FOUND
[Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys [-] --> FOUND
[Faked.Drv][FILE] dac2w2k.sys : C:\WINDOWS\system32\drivers\dac2w2k.sys [-] --> FOUND
[Faked.Drv][FILE] dac960nt.sys : C:\WINDOWS\system32\drivers\dac960nt.sys [-] --> FOUND
[Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys [-] --> FOUND
[Faked.Drv][FILE] asc3550.sys : C:\WINDOWS\system32\drivers\asc3550.sys [-] --> FOUND
[Faked.Drv][FILE] asc.sys : C:\WINDOWS\system32\drivers\asc.sys [-] --> FOUND
[Faked.Drv][FILE] asc3350p.sys : C:\WINDOWS\system32\drivers\asc3350p.sys [-] --> FOUND
[Faked.Drv][FILE] ABP480N5.SYS : C:\WINDOWS\system32\drivers\ABP480N5.SYS [-] --> FOUND
[Faked.Drv][FILE] amsint.sys : C:\WINDOWS\system32\drivers\amsint.sys [-] --> FOUND
[Faked.Drv][FILE] ini910u.sys : C:\WINDOWS\system32\drivers\ini910u.sys [-] --> FOUND
[Faked.Drv][FILE] aliide.sys : C:\WINDOWS\system32\drivers\aliide.sys [-] --> FOUND
[Faked.Drv][FILE] NABTSFEC.sys : C:\WINDOWS\system32\drivers\NABTSFEC.sys [-] --> FOUND
[Faked.Drv][FILE] ultra.sys : C:\WINDOWS\system32\drivers\ultra.sys [-] --> FOUND
[Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys [-] --> FOUND
[Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys [-] --> FOUND
[Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys [-] --> FOUND
[Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys [-] --> FOUND
[Faked.Drv][FILE] cmdide.sys : C:\WINDOWS\system32\drivers\cmdide.sys [-] --> FOUND
[Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys [-] --> FOUND
[Faked.Drv][FILE] srv.sys : C:\WINDOWS\system32\drivers\srv.sys [-] --> FOUND
[Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys [-] --> FOUND
[Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys [-] --> FOUND
[Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys [-] --> FOUND
[Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys [-] --> FOUND
[Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys [-] --> FOUND
[Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys [-] --> FOUND
[Faked.Drv][FILE] agpcpq.sys : C:\WINDOWS\system32\drivers\agpcpq.sys [-] --> FOUND
[Faked.Drv][FILE] alim1541.sys : C:\WINDOWS\system32\drivers\alim1541.sys [-] --> FOUND
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys [-] --> FOUND
[Faked.Drv][FILE] Rtlnicxp.sys : C:\WINDOWS\system32\drivers\Rtlnicxp.sys [-] --> FOUND
[Faked.Drv][FILE] BCMWL5.SYS : C:\WINDOWS\system32\drivers\BCMWL5.SYS [-] --> FOUND
[Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys [-] --> FOUND
[Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys [-] --> FOUND
[Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys [-] --> FOUND
[Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys [-] --> FOUND
[Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys [-] --> FOUND
[Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys [-] --> FOUND
[Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys [-] --> FOUND
[Faked.Drv][FILE] mskssrv.sys : C:\WINDOWS\system32\drivers\mskssrv.sys [-] --> FOUND
[Faked.Drv][FILE] mspclock.sys : C:\WINDOWS\system32\drivers\mspclock.sys [-] --> FOUND
[Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_CNXT.sys : C:\WINDOWS\system32\drivers\HSF_CNXT.sys [-] --> FOUND
[Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys [-] --> FOUND
[Faked.Drv][FILE] nscirda.sys : C:\WINDOWS\system32\drivers\nscirda.sys [-] --> FOUND
[Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys [-] --> FOUND
[Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys [-] --> FOUND
[Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys [-] --> FOUND
[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> FOUND
[Faked.Drv][FILE] kbdhid.sys : C:\WINDOWS\system32\drivers\kbdhid.sys [-] --> FOUND
[Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys [-] --> FOUND
[Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys [-] --> FOUND
[Faked.Drv][FILE] HSFHWICH.sys : C:\WINDOWS\system32\drivers\HSFHWICH.sys [-] --> FOUND
[Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys [-] --> FOUND
[Faked.Drv][FILE] MpFilter.sys : C:\WINDOWS\system32\drivers\MpFilter.sys [-] --> FOUND
[Faked.Drv][FILE] WSTCODEC.SYS : C:\WINDOWS\system32\drivers\WSTCODEC.SYS [-] --> FOUND
[Faked.Drv][FILE] pfc.sys : C:\WINDOWS\system32\drivers\pfc.sys [-] --> FOUND
[Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys [-] --> FOUND
[Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys [-] --> FOUND
[Faked.Drv][FILE] ialmnt5.sys : C:\WINDOWS\system32\drivers\ialmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys [-] --> FOUND
[Faked.Drv][FILE] eubakup.sys : C:\WINDOWS\system32\drivers\eubakup.sys [-] --> FOUND
[Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys [-] --> FOUND
[Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys [-] --> FOUND
[Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys [-] --> FOUND
[Faked.Drv][FILE] UBHelper.sys : C:\WINDOWS\system32\drivers\UBHelper.sys [-] --> FOUND
[Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys [-] --> FOUND
[Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys [-] --> FOUND
[Faked.Drv][FILE] ar5211.sys : C:\WINDOWS\system32\drivers\ar5211.sys [-] --> FOUND
[Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys [-] --> FOUND
[Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys [-] --> FOUND
[Faked.Drv][FILE] viaagp.sys : C:\WINDOWS\system32\drivers\viaagp.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_DP.sys : C:\WINDOWS\system32\drivers\HSF_DP.sys [-] --> FOUND
[Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys [-] --> FOUND
[Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys [-] --> FOUND
[Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys [-] --> FOUND
[Faked.Drv][FILE] eudskacs.sys : C:\WINDOWS\system32\drivers\eudskacs.sys [-] --> FOUND
[Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys [-] --> FOUND
[Faked.Drv][FILE] ac97intc.sys : C:\WINDOWS\system32\drivers\ac97intc.sys [-] --> FOUND
[Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys [-] --> FOUND
[Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys [-] --> FOUND
[Faked.Drv][FILE] RTL8192su.sys : C:\WINDOWS\system32\drivers\RTL8192su.sys [-] --> FOUND
[Faked.Drv][FILE] epm-psd.sys : C:\WINDOWS\system32\drivers\epm-psd.sys [-] --> FOUND
[Faked.Drv][FILE] epm-shd.sys : C:\WINDOWS\system32\drivers\epm-shd.sys [-] --> FOUND
[Faked.Drv][FILE] osaio.sys : C:\WINDOWS\system32\drivers\osaio.sys [-] --> FOUND
[Faked.Drv][FILE] osanbm.sys : C:\WINDOWS\system32\drivers\osanbm.sys [-] --> FOUND
[Faked.Drv][FILE] OsaFsLoc.sys : C:\WINDOWS\system32\drivers\OsaFsLoc.sys [-] --> FOUND
[Faked.Drv][FILE] NdisFilt.sys : C:\WINDOWS\system32\drivers\NdisFilt.sys [-] --> FOUND
[Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys [-] --> FOUND
[Faked.Drv][FILE] NETMNT.sys : C:\WINDOWS\system32\drivers\NETMNT.sys [-] --> FOUND
[Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys [-] --> FOUND
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys [-] --> FOUND
[Faked.Drv][FILE] sisagp.sys : C:\WINDOWS\system32\drivers\sisagp.sys [-] --> FOUND
[Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys [-] --> FOUND
[Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys [-] --> FOUND
[Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys [-] --> FOUND
[Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys [-] --> FOUND
[Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys [-] --> FOUND
[Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys [-] --> FOUND
[Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys [-] --> FOUND
[Faked.Drv][FILE] mouhid.sys : C:\WINDOWS\system32\drivers\mouhid.sys [-] --> FOUND
[Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys [-] --> FOUND
[Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys [-] --> FOUND
[Faked.Drv][FILE] SONYPVU1.SYS : C:\WINDOWS\system32\drivers\SONYPVU1.SYS [-] --> FOUND
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys [-] --> FOUND
[Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys [-] --> FOUND
[Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys [-] --> FOUND
[Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys [-] --> FOUND
[Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys [-] --> FOUND
[Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys [-] --> FOUND
[Faked.Drv][FILE] hdaudbus.sys : C:\WINDOWS\system32\drivers\hdaudbus.sys [-] --> FOUND
[Faked.Drv][FILE] gagp30kx.sys : C:\WINDOWS\system32\drivers\gagp30kx.sys [-] --> FOUND
[Faked.Drv][FILE] fltMgr.sys : C:\WINDOWS\system32\drivers\fltMgr.sys [-] --> FOUND
[Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys [-] --> FOUND
[Faked.Drv][FILE] SLIP.sys : C:\WINDOWS\system32\drivers\SLIP.sys [-] --> FOUND
[Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys [-] --> FOUND
[Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys [-] --> FOUND
[Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys [-] --> FOUND
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys [-] --> FOUND
[Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinbtxx.sys : C:\WINDOWS\system32\drivers\atinbtxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys [-] --> FOUND
[Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys [-] --> FOUND
[Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys [-] --> FOUND
[Faked.Drv][FILE] MSTEE.sys : C:\WINDOWS\system32\drivers\MSTEE.sys [-] --> FOUND
[Faked.Drv][FILE] GEARAspiWDM.sys : C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [-] --> FOUND
[Faked.Drv][FILE] RimSerial.sys : C:\WINDOWS\system32\drivers\RimSerial.sys [-] --> FOUND
[Faked.Drv][FILE] PCTSD.sys : C:\WINDOWS\system32\drivers\PCTSD.sys [-] --> FOUND
[Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys [-] --> FOUND
[Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys [-] --> FOUND
[Faked.Drv][FILE] BTHUSB.SYS : C:\WINDOWS\system32\drivers\BTHUSB.SYS [-] --> FOUND
[Faked.Drv][FILE] RimUsb.sys : C:\WINDOWS\system32\drivers\RimUsb.sys [-] --> FOUND
[Faked.Drv][FILE] StreamIP.sys : C:\WINDOWS\system32\drivers\StreamIP.sys [-] --> FOUND
[Faked.Drv][FILE] NdisIP.sys : C:\WINDOWS\system32\drivers\NdisIP.sys [-] --> FOUND
[Faked.Drv][FILE] AFGSp50.sys : C:\WINDOWS\system32\drivers\AFGSp50.sys [-] --> FOUND
[Faked.Drv][FILE] EuFdDisk.sys : C:\WINDOWS\system32\drivers\EuFdDisk.sys [-] --> FOUND
[Faked.Drv][FILE] WudfPf.sys : C:\WINDOWS\system32\drivers\WudfPf.sys [-] --> FOUND
[Faked.Drv][FILE] WudfRd.sys : C:\WINDOWS\system32\drivers\WudfRd.sys [-] --> FOUND
[Faked.Drv][FILE] wpdusb.sys : C:\WINDOWS\system32\drivers\wpdusb.sys [-] --> FOUND
[Faked.Drv][FILE] TrueSight.sys : C:\WINDOWS\system32\drivers\TrueSight.sys [-] --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] e4e2811d5bb93111c3ab227b8f3278d4
[BSP] afd663b62beb710eabd66cab9e298a9d : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3200 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6554520 | Size: 16872 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 41110335 | Size: 18128 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_S_02222013_02d1104.txt >>
RKreport[1]_S_02212013_02d1843.txt ; RKreport[2]_S_02222013_02d1104.txt


----------



## Rena30 (Jan 19, 2013)

After I ran the last 2 logs, I deleted the folder and as of now it does not seem to be reappearing.


----------



## Mark1956 (May 7, 2011)

Sounds good, but what folder did you delete?


----------



## Rena30 (Jan 19, 2013)

searchplugins, the one on my desktop. So I could see if it would reappear.


----------



## Mark1956 (May 7, 2011)

Have you rebooted?

I think it may be wise to run another scan which I hope will remove any other remnants.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## Rena30 (Jan 19, 2013)

yes, I have


----------



## Mark1956 (May 7, 2011)

The folder may not be coming back but RogueKiller still shows a Registry key pointing to it and consecutive runs of ADWCleaner keep showing its return. It's up to you if you want to stop now, but I am not convinced that just deleting the folder will have got rid of it, it can't be that easy.

Have a read of this: http://secure-computer-solutions.com/blog/2012/07/bprotector_for_windows_should.html

Lets see if it is still there by doing a file search for its two main executable files and the program name.

Please download *SystemLook* from one of the links below and save it to your Desktop.


*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*bprotector*
*bprotect*
*protector*
:reg
*bprotector*
*bprotect*
*protector*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Rena30 (Jan 19, 2013)

No I did not want to stop. I was just letting you know that it did not reappear. do you want me to do the defogger steps first or the system look?


----------



## Rena30 (Jan 19, 2013)

SystemLook 30.07.11 by jpshortstuff
Log created at 15:31 on 22/02/2013 by Coletta Wade
Administrator - Elevation successful

========== filefind ==========

Searching for "*bprotector*"
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotector web data	--a---- 782336 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] BB2C2C7B723C3904142769BF74448673
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences	--a---- 51094 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] 920A7FD988144C2E13439E85A498E4AF

Searching for "*bprotect*"
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotector web data	--a---- 782336 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] BB2C2C7B723C3904142769BF74448673
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences	--a---- 51094 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] 920A7FD988144C2E13439E85A498E4AF

Searching for "*protector*"
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotector web data	--a---- 782336 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] BB2C2C7B723C3904142769BF74448673
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences	--a---- 51094 bytes	[15:15 22/02/2013]	[15:16 22/02/2013] 920A7FD988144C2E13439E85A498E4AF
C:\Documents and Settings\Coletta Wade\Desktop\RK_Quarantine\protector.dll.vir	--a---- 2008096 bytes	[00:42 22/02/2013]	[00:43 22/02/2013] CA21A1620894A7F946106FEE592D3C0B
C:\_OTM\MovedFiles\02222013_095344\c_Documents and Settings\All Users\Application Data\bProtectorForWindows\2.2.463.83\protector.dll	--a---- 2008096 bytes	[23:40 05/07/2012]	[23:40 05/07/2012] 08C9A1133EED5FB45D9FC685F7A6F70F

========== reg ==========

[*bprotector*]
Hive unrecognized.

[*bprotect*]
Hive unrecognized.

[*protector*]
Hive unrecognized.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

A couple more files there to remove, please go ahead and run Combofix, lets see if it will detect it as that should help clean up.


----------



## Rena30 (Jan 19, 2013)

To download Combofix on an xp it says to install Recovery Console first. I do not have the xp cd, I bought this computer used. Is this necessary?


----------



## Rena30 (Jan 19, 2013)

Also do I need to complete steps 1 and 2 from post #102 in order to download Combofix?


----------



## Mark1956 (May 7, 2011)

Just follow both steps. STEP 1 is to make sure there are no CD emulation drivers active as they can interfere with Combofix when you run the scan.

If you read the Guide and Tutorial (the link is in the instructions) you will see that Combofix will install the Recovery Console for you when you run it. Having the Recovery Console installed is a safe guard in case something goes wrong so that you can boot to it and run repairs.


----------



## Rena30 (Jan 19, 2013)

Ok after completing step 1 I did not receive a reboot message. I am assuming that that means there was not any Cd emulation drivers active. Therefore I am continuing on to step 2.


----------



## Mark1956 (May 7, 2011)

You are correct.


----------



## Rena30 (Jan 19, 2013)

Alright, I saved Combofix to my desk top, then agreed to terms, it installed and the blue screen appeared, it successfully created a restore point. It proceeded to run through the stages (untouched). It never stated that it was preparing a log report. The desktop disappeared in in the blue screen it stated that it was "Deleting Folders/TEMP". And it stayed exactly like that all night long. In your instructions it stated that "Combofix will temporarily disable you desk top and if interrupted it may stay disabled. If this occurs please reboot to restore it." So this morning when I woke up and it was still stating that is was deleting folders, I rebooted my pc. And came straight here to message you.


----------



## Mark1956 (May 7, 2011)

Ok, not to worry, now and again we do come across a system where this happens.

We shall delete the remaining entries found above and then if you can do one more scan with ADWCleaner to make sure nothing has returned you should be good to go and we will just have to clean up the tools used.

Open OTM and use this script:


```
:Processes
explorer.exe
:Files
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotector web data 
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```
Post the log when done and the fresh one from ADWCleaner.


----------



## Rena30 (Jan 19, 2013)

Do I paste this OTM script in Instuctions for items to be moved or in Results?


----------



## Mark1956 (May 7, 2011)

Just follow the same instructions you used before in post 92.


----------



## Rena30 (Jan 19, 2013)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotector web data moved successfully.
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Coletta Wade
->Flash cache emptied: 506 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 25940 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Coletta Wade
->Temp folder emptied: 181183 bytes
->Temporary Internet Files folder emptied: 393618 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 17510875 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3030 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 02232013_111026

Files moved on Reboot...

Registry entries deleted on Reboot...

# AdwCleaner v2.112 - Logfile created 02/23/2013 at 11:22:27
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Coletta Wade - SARENAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Coletta Wade\Desktop\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DA17D5A-5718-4130-A605-FC316C827836}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S6].txt - [11933 octets] - [21/02/2013 19:42:42]
AdwCleaner[S7].txt - [2709 octets] - [22/02/2013 10:40:54]
AdwCleaner[S8].txt - [2545 octets] - [23/02/2013 11:22:27]

########## EOF - C:\AdwCleaner[S8].txt - [2605 octets] ##########


----------



## Mark1956 (May 7, 2011)

This is giving us the run around, the first and last entry under * [Registry] * have returned. So, something is recreating those registry entries.

Please click on Start and then type *services.msc* into the search box and hit enter. The services window will open, look down the list and see if there is an entry for *bProtector* if there is double click on it and change the Startup type to Disabled and let me know.


----------



## Rena30 (Jan 19, 2013)

I did not see it in the list.


----------



## Mark1956 (May 7, 2011)

Ok, now run RogueKiller, when the pre-scan completes hit the scan button.

It is most important that you deselect (clear the check boxes) next to all the entries under the *Files* tab or you will remove important System files. Make sure you scroll down the list and un-check everything.
Only when you are sure this is done hit the Delete button, then the Report button and post the log.


----------



## Rena30 (Jan 19, 2013)

There is no check boxes under the Files tab? There is under the Registry.


----------



## Rena30 (Jan 19, 2013)

I do not know what to do. I ran RogueKiller it did the prescan. I hit scan. When it was finished I clicked on the Files Tab, where I was instructed to clear all the check boxes. However, there is not any check boxes under the files tab. So I do not know what step to take next.


----------



## Mark1956 (May 7, 2011)

As long as there are no files listed under the Files tab then continue as instructed.


----------



## Rena30 (Jan 19, 2013)

There is alot of files under the Files tab. There is just not any boxes to check or uncheck next to them.


----------



## Mark1956 (May 7, 2011)

Could you send me a screenshot of the RK window showing the contents under the Files tab.

How to take a screenshot in XP

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the bottom of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## Rena30 (Jan 19, 2013)

Here it is.


----------



## Mark1956 (May 7, 2011)

I see the problem, first time I have had a log with Faked Files detected so was not aware there were no check boxes, we live and learn.

The way around this is to run RogueKiller, after the pre-scan completes uncheck the Check FAKED box just below the Report button, then hit the Scan button.

When the scan completes make sure there is nothing under the Files tab and then hit the Delete button, then the Report button and post the log.


----------



## Rena30 (Jan 19, 2013)

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Coletta Wade [Admin rights]
Mode : Remove -- Date : 02/25/2013 19:17:06
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] e4e2811d5bb93111c3ab227b8f3278d4
[BSP] afd663b62beb710eabd66cab9e298a9d : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3200 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6554520 | Size: 16872 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 41110335 | Size: 18128 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_D_02252013_02d1917.txt >>
RKreport[1]_S_02212013_02d1843.txt ; RKreport[2]_S_02222013_02d1104.txt ; RKreport[3]_S_02232013_02d1542.txt ; RKreport[4]_S_02252013_02d1540.txt ; RKreport[5]_S_02252013_02d1916.txt ; 
RKreport[6]_D_02252013_02d1917.txt


----------



## Mark1956 (May 7, 2011)

Looks like we have got it all, how are things at your end?

Please run this Security Check.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------



## Rena30 (Jan 19, 2013)

Its been a busy day, so I haven't been on the computer much. But here is the security check

Results of screen317's Security Check version 0.99.59 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
CCleaner 
Java 7 Update 15 
*Java version out of Date!* 
Adobe Flash Player 11.6.602.168 
Google Chrome 24.0.1312.57 
Google Chrome searchplugins... 
Google Chrome 25.0.1364.97 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 19% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

Java is not out of date as that is the most recent version, it only came out a short time ago so it is SecurityCheck that is out of date.

Your hard drive does need a defrag though, as long as it is not a Solid State drive follow this How to defragment the hard drive

Let me know how things go when you have time to run the machine for a good few hours, we then need to clean up all the tools used.


----------



## Rena30 (Jan 19, 2013)

Ok, well yesterday after I posted the security check, my computer added a new update. One quick question before I defrag. On the security check it says Google Chrome searchplugins, do you know what that means and will the defrag clean up?


----------



## Mark1956 (May 7, 2011)

That simply shows there are alternative Search Engines in Chrome, you can read about it here: http://www.chromeplugins.org/tips-tricks/custom-search-engines-in-google-chrome/

Defrag never removes any files from the hard drive it doesn't clean up, it tidies up.


----------



## Rena30 (Jan 19, 2013)

Ok, thanks, I just wanted to make sure it wasn't part of the virus. 
I have defraged.


----------



## Mark1956 (May 7, 2011)

Now we need to remove all the tools used, even though Combofix would not run correctly it still needs to be removed with the correct process.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.


The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click







> *Run... *and in the Open dialog box, type: *ComboFix /Uninstall*











Press *OK*.
*-- Vista/Windows 7* users refer to these instructions.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).


*Next*
Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.


----------



## Rena30 (Jan 19, 2013)

Ok, well I got everything deleted. I am not sure what kind of problems you meant, however my pc did turn completely off twice (not rebooted). and it is still hanging up. The searchplugins seems to be gone, but my original problem still remains. I can be online in a website, it will slow down and then hang up, when I try to close the window it doesn't close so I minimize the window and close it that way then, everything on my desktop briefly disappears. When I double click Google Chrome to get back online, it takes a very long time, then the window will open and it will flash unresponsive. It continues to do this, but when I push the standby button, and then try again and it will always connect to the internet this time. It will work for a few hours or so and then we do it all over again.


----------



## Mark1956 (May 7, 2011)

Ok, lets have a look at the most recent errors.

Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon









The window will open as shown below.

Click on each of the boxes as indicated in the list below, then click on the *GO* button.

Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•Flush DNS
•List content of Hosts
•List IP configuration
•List Winsock Entries
•List last 10 Event Viewer Errors
•List Devices Check options for *Only Problems*
•List Minidump Files


----------



## Rena30 (Jan 19, 2013)

MiniToolBox by Farbar Version:10-01-2013
Ran by Coletta Wade (administrator) on 28-02-2013 at 13:13:28
Running from "C:\Documents and Settings\Coletta Wade\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5005G Wireless Network Adapter = Wireless Network Connection (Disconnected)
Belkin USB Wireless Adaptor = Wireless Network Connection 3 (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp 
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Sarenah

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0A-E4-F9-10-CC

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Belkin USB Wireless Adaptor

Physical Address. . . . . . . . . : 08-86-3B-12-03-8C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Thursday, February 28, 2013 10:32:35 AM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 9:14:07 PM

Server: 
Address: 192.168.2.1

Name: google.com
Address: 74.125.225.46

Pinging google.com [74.125.225.46] with 32 bytes of data:

Reply from 74.125.225.46: bytes=32 time=719ms TTL=48

Reply from 74.125.225.46: bytes=32 time=923ms TTL=48

Ping statistics for 74.125.225.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 719ms, Maximum = 923ms, Average = 821ms

Server: 
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Address: 98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=1286ms TTL=43

Reply from 98.138.253.109: bytes=32 time=1726ms TTL=43

Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1286ms, Maximum = 1726ms, Average = 1506ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time=3ms TTL=64

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 3ms, Average = 1ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0a e4 f9 10 cc ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...08 86 3b 12 03 8c ...... Belkin USB Wireless Adaptor - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 2 1
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/27/2013 05:59:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/27/2013 05:48:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/22/2013 08:52:26 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/22/2013 01:58:18 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/22/2013 01:57:06 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/21/2013 08:02:59 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/21/2013 07:00:18 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x1000a960.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/20/2013 05:20:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/20/2013 04:22:22 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/20/2013 04:12:52 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

System errors:
=============
Error: (02/28/2013 10:34:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE

Error: (02/28/2013 10:34:08 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (02/27/2013 06:27:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE

Error: (02/27/2013 06:27:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (02/27/2013 06:16:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE

Error: (02/27/2013 06:16:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (02/27/2013 06:06:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE

Error: (02/27/2013 06:06:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (02/27/2013 05:43:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE

Error: (02/27/2013 05:43:04 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Microsoft Office Sessions:
=========================
Error: (02/27/2013 05:59:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (02/27/2013 05:48:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.2.223.0timeout1.1.9203.0fixed1 _ 20485 _ not bootNILNILNIL

Error: (02/22/2013 08:52:26 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (02/22/2013 01:58:18 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.9203.0fixed1 _ 20485 _ not bootNILNILNIL

Error: (02/22/2013 01:57:06 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.9203.0fixed1 _ 20485 _ not bootNILNILNIL

Error: (02/21/2013 08:02:59 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.9203.0fixed1 _ 20485 _ not bootNILNILNIL

Error: (02/21/2013 07:00:18 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.01000a960

Error: (02/20/2013 05:20:58 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (02/20/2013 04:22:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (02/20/2013 04:12:52 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.9203.0fixed1 _ 20485 _ not bootNILNILNIL

========================= Devices: ================================

Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5211
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: RkHit
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## Mark1956 (May 7, 2011)

Only one thing in that log that needs further investigation and I found something else in an earlier log that just might be causing a conflict with MSE.

I can also see you have a disabled Wireless Network adapter, I would suggest uninstalling this in Device Manager. Locate the Network Adapters in Device Manager and expand the list, right click on 'Atheros AR5005G Wireless Network Adapter' and select *Uninstall*.

There is a disabled service above called 'RkHit' which could be an infection, it is disabled but needs to be looked at and removed if found to be bad.

I can also see three services listed in the DDS logs 'Lbd', 'AWService' & 'SBRE' which come from Ad-Aware which we need to locate and remove.

There is also an item of software Spyhunter, it could be causing conflicts with MSE as I believe it has an active Anti Virus component. Please go into Add or Remove Programs and uninstall it.

Please run this and post the log:

Please download *SystemLook* from one of the links below and save it to your Desktop.


*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:filefind
*lbd*
*AWService*
*RkHit*
*SBRE*
:service
lbd
AWService
RkHit
SBRE
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Rena30 (Jan 19, 2013)

I did not see Spyhunter in the add or remove programs.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:08 on 28/02/2013 by Coletta Wade
Administrator - Elevation successful

========== filefind ==========

Searching for "*lbd*"
C:\I386\ARIALBD.TT_	--a---- 181190 bytes	[11:00 04/08/2004]	[11:00 04/08/2004] 121261F4AC97001772A231723C1A2A8F
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\lbd.inf	------- 3247 bytes	[05:34 05/04/2009]	[15:00 02/12/2008] C8D0295337A6BBE8954A995A3AF0ACCA
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.cat	------- 6460 bytes	[05:34 05/04/2009]	[20:06 09/03/2009] 8AE987AC2542D9891CEE62079D0251C5
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys	------- 64160 bytes	[05:34 05/04/2009]	[20:06 09/03/2009] 52320254D74EA11B6F129E7DF1016975
C:\WINDOWS\Fonts\arialbd.ttf	--a---- 352224 bytes	[11:00 04/08/2004]	[11:00 04/08/2004] CE4244A1FB311A47A5949948B2DC4EAB
C:\WINDOWS\ServicePackFiles\i386\arialbd.ttf	------- 352224 bytes	[15:54 27/09/2008]	[11:00 04/08/2004] CE4244A1FB311A47A5949948B2DC4EAB

Searching for "*AWService*"
No files found.

Searching for "*RkHit*[*]*SBRE*"
No files found.

-= EOF =-


----------



## Rena30 (Jan 19, 2013)

I am not sure that I had everything highlighted and copied, so I tried it again.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:13 on 28/02/2013 by Coletta Wade
Administrator - Elevation successful

========== filefind ==========

Searching for "*lbd*"
C:\I386\ARIALBD.TT_	--a---- 181190 bytes	[11:00 04/08/2004]	[11:00 04/08/2004] 121261F4AC97001772A231723C1A2A8F
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\lbd.inf	------- 3247 bytes	[05:34 05/04/2009]	[15:00 02/12/2008] C8D0295337A6BBE8954A995A3AF0ACCA
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.cat	------- 6460 bytes	[05:34 05/04/2009]	[20:06 09/03/2009] 8AE987AC2542D9891CEE62079D0251C5
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys	------- 64160 bytes	[05:34 05/04/2009]	[20:06 09/03/2009] 52320254D74EA11B6F129E7DF1016975
C:\WINDOWS\Fonts\arialbd.ttf	--a---- 352224 bytes	[11:00 04/08/2004]	[11:00 04/08/2004] CE4244A1FB311A47A5949948B2DC4EAB
C:\WINDOWS\ServicePackFiles\i386\arialbd.ttf	------- 352224 bytes	[15:54 27/09/2008]	[11:00 04/08/2004] CE4244A1FB311A47A5949948B2DC4EAB

Searching for "*AWService*"
No files found.

Searching for "*RkHit*"
No files found.

Searching for "*SBRE*"
C:\Program Files\UnThreat AntiVirus\SBRE.dll	--a---- 277360 bytes	[20:53 27/06/2012]	[19:21 19/12/2011] A7B312D8E3AAA89190D210E66B819DCD

========== service ==========

lbd
Lbd
"Ad-Aware mini-filter driver"
Current Status: Stopped
Startup Type: Boot
Error Control: Ignore
Binary: 
Group: FSFilter Activity Monitor
SafeBoot:
Dependencies:
->FltMgr
Dependant Services:
(none)

AWService
AdminWorks Agent X6
(No Description)
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: "C:\Acer\Empowering Technology\admServ.exe"
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

RkHit - Unable to open Service Handle.

SBRE
SBRE
(No Description)
Current Status: Stopped
Startup Type: System
Error Control: Normal
Binary: \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
Group: Base
SafeBoot: Minimal(Group) Network(Group)
Dependencies:
(none)
Dependant Services:
(none)

-= EOF =-


----------



## Mark1956 (May 7, 2011)

There are a lot of entries for Spyhunter, it was installed on 20th February this year, it shows in the installed programs list in the DDS log, it might be list under the company name as Enigma Software Group.

I'm just going to check through the above log, if I can stay awake long enough, or I will be back tomorrow.


----------



## Rena30 (Jan 19, 2013)

Ok, I do not know where it came from but I am going to find all files for Spyhunter and delete them. Thanks


----------



## Mark1956 (May 7, 2011)

Just deleting files may leave a lot of remnants, it would be best to first double check it is not in the Add/Remove programs list with the name Spyhunter or the company name I posted. It should be there as DDS listed it in the installed programs list.


----------



## Rena30 (Jan 19, 2013)

I looked again twice. It is not there.


----------



## Mark1956 (May 7, 2011)

Ok, we will have to do a search for it and take it from there, way past the time for me to turn in so will be back tomorrow.


----------



## Rena30 (Jan 19, 2013)

I have ran a search for Spyhunter and I do have a folder that has files in it, all related to Spyhunter. But I can not find how to uninstall it.


----------



## Mark1956 (May 7, 2011)

Sorry I have not been back sooner got sidetracked with life away from the PC.

This is the main program location c:\program files\enigma software group\*spyhunter*\SpyHunter4.exe

Open the folder in bold using Windows Explorer and post a screenshot of the contents, there might be an uninstaller in there.

I should have some more free time tomorrow to review all the recent scans and put together a script to remove all the unwanted stuff, there are a couple I still need to investigate.


----------



## Rena30 (Jan 19, 2013)

I am sorry, my mother came to visit and I have not had a chance to get this to you, but here it is.


----------



## Mark1956 (May 7, 2011)

Ok, Delete the entire Enigma Software Group folder and that should be the end of that.

There is no guarantee that the following file and service removal is going to change anything, but please let me know the outcome.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Services
SBRE
Lbd
:Files
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\lbd.inf
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.cat
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
C:\Program Files\UnThreat AntiVirus\SBRE.dll
C:\WINDOWS\system32\drivers\SBREdrv.sys

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## Rena30 (Jan 19, 2013)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service SBRE stopped successfully!
Service SBRE deleted successfully!
Service Lbd stopped successfully!
Service Lbd deleted successfully!
========== FILES ==========
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\lbd.inf moved successfully.
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.cat moved successfully.
C:\WINDOWS\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\UnThreat AntiVirus\SBRE.dll
C:\Program Files\UnThreat AntiVirus\SBRE.dll moved successfully.
File/Folder C:\WINDOWS\system32\drivers\SBREdrv.sys not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Coletta Wade
->Flash cache emptied: 291 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 74494 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Coletta Wade
->Temp folder emptied: 279642 bytes
->Temporary Internet Files folder emptied: 69488 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 192549539 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 654274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 185.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 03022013_185914

Files moved on Reboot...

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

Ok, that appears to have taken care of all the remnants that we can find, how is the system now, does it still show the same performance issues?


----------



## Rena30 (Jan 19, 2013)

It seems to be better, thus far. It has not acted up yet today.


----------



## Rena30 (Jan 19, 2013)

I went and did a search, to look for searchplugins. I didn't think there would be anything but there was so I took a screen shot and posted it below, they are probably just empty folders, but I wanted to check with you before deleting anything.


----------



## Mark1956 (May 7, 2011)

They search result says they are files which are probably legit but we had better check. I've included a folder search as well to be sure.

Run SystemLook and use the script below.


```
:filefind
searchplugins
:folderfind
searchplugins
```


----------



## Rena30 (Jan 19, 2013)

Well I have some bad news. Yesterday about an hour or so after I sent my last post the computer started acting up again. Just wanted to let you know. Here is the system look.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:44 on 04/03/2013 by Coletta Wade
Administrator - Elevation successful

========== filefind ==========

Searching for "searchplugins"
No files found.

========== folderfind ==========

Searching for "searchplugins"
C:\WINDOWS\system32\searchplugins	d------	[15:53 22/02/2013]
C:\WINDOWS\SoftwareDistribution\Download\searchplugins	d------	[19:00 05/02/2013]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\searchplugins	d------	[04:13 14/02/2013]
C:\WINDOWS\Prefetch\searchplugins	d------	[20:04 21/02/2013]
C:\Program Files\Internet Explorer\searchplugins	d------	[01:24 25/01/2013]
C:\Program Files\Java\jre7\searchplugins	d------	[17:41 05/02/2013]
C:\Program Files\FreeFileViewer\searchplugins	d------	[01:22 25/01/2013]
C:\Program Files\File Type Assistant\searchplugins	d------	[01:22 25/01/2013]
C:\Program Files\Google\Update\1.3.21.135\searchplugins	d------	[19:20 07/02/2013]
C:\Program Files\Google\Chrome\Application\searchplugins	d------	[21:05 20/02/2013]
C:\Program Files\Google\Chrome\Application\24.0.1312.57\searchplugins	d------	[21:05 20/02/2013]
C:\Program Files\CCleaner\searchplugins	d------	[01:13 25/01/2013]
C:\Program Files\EaseUS\Todo Backup\bin\searchplugins	d------	[15:37 02/02/2013]

-= EOF =-


----------



## Mark1956 (May 7, 2011)

All these entries are showing a searchplugins folder not a file, I have searched my own system and searchplugins only exists within Mozilla Firefox. I have looked in about half of these locations and there is no sign of a searchplugins folder in any of them. I can only speculate they are remnants of what we have already removed. You will note the creation dates are all recent so we shall remove all of them.



> the computer started acting up again.


Please describe what it was doing.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\WINDOWS\system32\searchplugins
C:\WINDOWS\SoftwareDistribution\Download\searchplugins
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\searchplugins
C:\WINDOWS\Prefetch\searchplugins
C:\Program Files\Internet Explorer\searchplugins
C:\Program Files\Java\jre7\searchplugins
C:\Program Files\FreeFileViewer\searchplugins
C:\Program Files\File Type Assistant\searchplugins
C:\Program Files\Google\Update\1.3.21.135\searchplugins
C:\Program Files\Google\Chrome\Application\searchplugins    
C:\Program Files\Google\Chrome\Application\24.0.1312.57\searchplugins    
C:\Program Files\CCleaner\searchplugins    
C:\Program Files\EaseUS\Todo Backup\bin\searchplugins
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## Rena30 (Jan 19, 2013)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\system32\searchplugins folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\searchplugins folder moved successfully.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\searchplugins folder moved successfully.
C:\WINDOWS\Prefetch\searchplugins folder moved successfully.
C:\Program Files\Internet Explorer\searchplugins folder moved successfully.
C:\Program Files\Java\jre7\searchplugins folder moved successfully.
C:\Program Files\FreeFileViewer\searchplugins folder moved successfully.
C:\Program Files\File Type Assistant\searchplugins folder moved successfully.
C:\Program Files\Google\Update\1.3.21.135\searchplugins folder moved successfully.
C:\Program Files\Google\Chrome\Application\searchplugins folder moved successfully.
C:\Program Files\Google\Chrome\Application\24.0.1312.57\searchplugins folder moved successfully.
C:\Program Files\CCleaner\searchplugins folder moved successfully.
C:\Program Files\EaseUS\Todo Backup\bin\searchplugins folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Coletta Wade
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 25172 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Coletta Wade
->Temp folder emptied: 181223 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9614857 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40580 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 03042013_162436

Files moved on Reboot...

Registry entries deleted on Reboot...


----------



## Rena30 (Jan 19, 2013)

I can be online in a website, it will slow down and then hang up, when I try to close the window it doesn't close so I minimize the window and close it that way then, everything on my desktop briefly disappears. When I double click Google Chrome to get back online, it takes a very long time, then the window will open and it will flash unresponsive. It continues to do this, but when I push the standby button, and then try again and it will always connect to the internet this time. It will work for a few hours or so and then we do it all over again. Also, whenever it is doing this, it does not just affect the internet. If I am trying to go to the control panell, my documents, my files, my programs, pretty much anything it will have to search for it, or everything will disappear from the desktop briefly and then whatever I was trying to open will just be blank.


----------



## Mark1956 (May 7, 2011)

Try running it in Safe Mode with Networking and see if there is any difference.

Start tapping the F8 key as soon as you boot up and then select *Safe Mode with Networking* from the menu.


----------



## Rena30 (Jan 19, 2013)

Ok, I will give it a shot and let you know the results tomorrow.


----------



## Mark1956 (May 7, 2011)

OK.


----------



## Rena30 (Jan 19, 2013)

Sorry it took me so long to get back to you, I just wanted to give it plenty of time. It seems to work just fine in Safe Mode.


----------



## Mark1956 (May 7, 2011)

That is good news as it tells us there is a process or service that runs in Normal mode that is causing the problem, unfortunately it can take a while to track down the culprit.

We need to start by running in Normal Mode with selective start up and see how that goes and then I'll take you through the process to identify the cause.

*Part 1*
*Selective Startup (Clean Boot)*
I would recommend you print out these instructions and follow them slowly, one line at a time, as it is very easy to get confused with this. Unfortunately this is probably the only way we can find what is causing your problem.


Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:











Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.











Now click on the General tab and check the boxes as shown:











When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.

Now run the system and check to see if the problem has been cured. Tell me the outcome in your next reply.


----------



## Rena30 (Jan 19, 2013)

Ok that did not seem to do any good.


----------



## Mark1956 (May 7, 2011)

It should give the same result as running in Safe Mode, are you saying it didn't, go back into msconfig and make quite sure all the settings are exactly as you set them.


----------



## Rena30 (Jan 19, 2013)

Ok, I have tried to do it several times. The settings do not seem to be staying. I am following your directions exactly, except after I uncheck the (load system services & load startup), I click apply but then it doesn't let me click ok the only option is close, so I close and then I get the notification window with the 2 options I chose restart and the it will restart. When it gets restarted this notification pops up:

When I go back System Configuration, the settings I had chosen before restarting are not still unchecked.


----------



## Rena30 (Jan 19, 2013)

I forgot to mention that I have tried both options after receiving the notification (the one in the screen shot). If I click ok it opens System Configuration and the settings are set as they were before restarting. If I check the box and go back manually into System Configuration the settings are still set as they were before restarting.


----------



## Mark1956 (May 7, 2011)

In post 167 you are saying _"the settings I had chosen before restarting are not still unchecked." _meaning that they have reverted to being checked. But the warning you are receiving would indicate that the settings have been saved_, _you should just click on OK when that warning appears.

In post 168 you are saying_ "the settings are set as they were before restarting" _meaning the settings have remained as set.

It sounds to me as if the settings are being saved and the system is set correctly to run in selective start up with minimal services and no startup items running. Please can you just confirm that the slow down is still happening with the system set this way.


----------



## Rena30 (Jan 19, 2013)

I am sorry for the misunderstanding. What I was trying to say in 167 and 168 was "the settings I had chosen before restarting are not still unchecked." If the settings were being saved in the system, then yes it was still slowing down.
Also, whenever that warning appears and I click ok it automatically opens System Configuration and "the settings I had chosen before restarting are not still unchecked."


----------



## Rena30 (Jan 19, 2013)

Ok, to overcome all this confusion, I went back into misconfig and clicked on normal startup. I restarted when the notification to do so popped up. After doing so I realized that it WAS running in selective startup and my settings were being saved. It is running really slow right now so I am going back to put it back in selective startup again. I apologize for the confusion.


----------



## Mark1956 (May 7, 2011)

Ok, let me know what happens.


----------



## Rena30 (Jan 19, 2013)

It is still doing the things. Not running any better in this startup mode.


----------



## Mark1956 (May 7, 2011)

You're original reply was: Well it seems to be running ok in this mode. It has not froze up or anything yet.

What happened?

Ok, lets have a deeper look at what is running on the system. Go back into msconfig and set it back to Normal Startup. Then run the scan below and post the log, it will be huge.


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## Rena30 (Jan 19, 2013)

Yes, as soon as I posted that and closed out of the techguys forum, it froze up and everything on my desktop disappeared. I had to put it in standby, so that it would connect back to the internet and then I came back on here and edited that post.


----------



## Mark1956 (May 7, 2011)

At this stage, where we are still not sure what the cause of the problem is, all information of what you are seeing at your end is important. It helps for me to have a complete picture of what the PC is doing.

If there is anything else happening that you have not mentioned then please do so even if you think the information may be of little use.

Please post the OTL log when ready.


----------



## Rena30 (Jan 19, 2013)

OTL logfile created on: 3/7/2013 4:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Coletta Wade\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.94% Memory free
2.33 Gb Paging File | 1.98 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): C:\pagefile.sys 500 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.47 Gb Total Space | 2.73 Gb Free Space | 16.60% Space Free | Partition Type: FAT32
Drive D: | 17.69 Gb Total Space | 17.35 Gb Free Space | 98.06% Space Free | Partition Type: FAT32

Computer Name: SARENAH | User Name: Coletta Wade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Coletta Wade\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Acer\Empowering Technology\NetMonitor.dll ()
MOD - C:\Acer\Empowering Technology\ServiceControl.dll ()

========== Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SynTP) -- system32\DRIVERS\SynTP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (JL2005C) -- File not found
DRV - (HSF_DPV) -- File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (ALCXWDM) -- File not found
DRV - (AFGMp50) -- File not found
DRV - (MpKsl600ca65a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2477131B-CCC6-4C3A-BC3B-898D2C64C4B1}\MpKsl600ca65a.sys (Microsoft Corporation)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (ENECBPTH) -- C:\WINDOWS\System32\drivers\ENECBPTH.sys (EnE Technology Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C DA 11 AF 0F 11 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{28334C7C-06AF-470B-856F-977151AB52BE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
IE - HKCU\..\SearchScopes\{8F435A8D-B43A-4E48-AED2-8894BF7703EA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=17264370-241A-4A64-A4DC-EB26375D7F9B&apn_sauid=CFBD8077-7535-4AD9-B2B3-841E5BDCF163
IE - HKCU\..\SearchScopes\{A2061B42-2C08-4DF0-868A-76149291DBDA}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptnrS=ZUxdm080YYus&si=CNawrNO20bACFQjf4AodvDXtoQ&ptb=5FFD5F3C-F891-49F9-8E95-BEA5036F1269&ind=2012061519&n=77ed9f4f&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{BF1599DD-A0B9-433A-811C-9F922DD23AEF}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120623,6901,0,8,0
IE - HKCU\..\SearchScopes\{F654E92D-E5E0-4399-81EC-3DEFDD9066C4}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/05 01:01:12 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2013/03/04 16:24:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [epm-dm] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetup = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupIDPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupSecurityPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340400378484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2903CD53-31CE-4D73-A5C2-8E21836F709B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/20 16:15:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/07 16:07:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Coletta Wade\Desktop\OTL.exe
[2013/03/06 14:49:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Coletta Wade\Recent
[2013/03/06 13:01:02 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013/03/02 18:59:14 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/02 18:56:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Coletta Wade\Desktop\OTM.exe
[2013/02/28 13:06:12 | 000,752,287 | ---- | C] (Farbar) -- C:\Documents and Settings\Coletta Wade\Desktop\MiniToolBox.exe
[2013/02/27 18:34:55 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013/02/22 21:24:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/22 21:19:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/21 19:18:49 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/21 19:17:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/21 19:17:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/21 19:17:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/21 18:19:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\snack
[2013/02/21 16:18:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/02/21 16:18:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Coletta Wade\My Documents\My Videos
[2013/02/20 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/19 14:36:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

========== Files - Modified Within 30 Days ==========

[2013/03/07 19:05:02 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34523BDB-6BEB-49DA-9C53-0ED8BEDABA01}.job
[2013/03/07 18:42:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/07 16:36:24 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/07 16:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Coletta Wade\Desktop\OTL.exe
[2013/03/07 16:03:42 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2013/03/07 16:00:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/03/07 16:00:22 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/03/07 16:00:22 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2013/03/07 16:00:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/07 16:00:00 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 15:59:32 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2013/03/07 15:59:20 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2013/03/07 15:01:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/03/07 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Anti Malware Scan.job
[2013/03/06 20:44:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/03/06 18:41:24 | 000,033,704 | ---- | M] () -- C:\Documents and Settings\Coletta Wade\My Documents\screen shot 4.JPG
[2013/03/05 20:09:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/04 13:00:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\Reg-Tool Scan.job
[2013/03/03 14:28:30 | 000,088,150 | ---- | M] () -- C:\Documents and Settings\Coletta Wade\My Documents\screenshot 3.JPG
[2013/03/03 12:00:02 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2013/03/02 18:56:38 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Coletta Wade\Desktop\OTM.exe
[2013/03/02 17:11:00 | 000,068,449 | ---- | M] () -- C:\Documents and Settings\Coletta Wade\My Documents\screen shot2.JPG
[2013/02/28 16:07:16 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Coletta Wade\Desktop\SystemLook.exe
[2013/02/28 13:06:30 | 000,752,287 | ---- | M] (Farbar) -- C:\Documents and Settings\Coletta Wade\Desktop\MiniToolBox.exe
[2013/02/27 18:25:56 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/26 16:09:18 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/02/25 15:40:46 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys.dump
[2013/02/25 15:40:44 | 000,082,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\WudfRd.sys.dump
[2013/02/25 15:40:44 | 000,077,568 | ---- | M] () -- C:\WINDOWS\System32\drivers\WudfPf.sys.dump
[2013/02/25 15:40:44 | 000,038,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\wpdusb.sys.dump
[2013/02/25 15:40:42 | 000,185,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\EuFdDisk.sys.dump
[2013/02/25 15:40:42 | 000,027,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\AFGSp50.sys.dump
[2013/02/25 15:40:42 | 000,010,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\NdisIP.sys.dump
[2013/02/25 15:40:40 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\BTHUSB.SYS.dump
[2013/02/25 15:40:40 | 000,015,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\StreamIP.sys.dump
[2013/02/25 15:40:38 | 000,265,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\http.sys.dump
[2013/02/25 15:40:38 | 000,226,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcpip6.sys.dump
[2013/02/25 15:40:38 | 000,092,928 | ---- | M] () -- C:\WINDOWS\System32\drivers\ksecdd.sys.dump
[2013/02/25 15:40:36 | 000,203,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCTSD.sys.dump
[2013/02/25 15:40:36 | 000,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\MSTEE.sys.dump
[2013/02/25 15:40:34 | 000,056,623 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1btxx.sys.dump
[2013/02/25 15:40:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndproxy.sys.dump
[2013/02/25 15:40:34 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\amdk7.sys.dump
[2013/02/25 15:40:34 | 000,011,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.dump
[2013/02/25 15:40:32 | 000,063,663 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.dump
[2013/02/25 15:40:32 | 000,030,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1raxx.sys.dump
[2013/02/25 15:40:32 | 000,012,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.dump
[2013/02/25 15:40:30 | 000,036,463 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.dump
[2013/02/25 15:40:30 | 000,029,455 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.dump
[2013/02/25 15:40:30 | 000,026,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1snxx.sys.dump
[2013/02/25 15:40:30 | 000,021,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.dump
[2013/02/25 15:40:28 | 000,701,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati2mtag.sys.dump
[2013/02/25 15:40:28 | 000,327,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.dump
[2013/02/25 15:40:28 | 000,034,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.dump
[2013/02/25 15:40:26 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys.dump
[2013/02/25 15:40:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys.dump
[2013/02/25 15:40:26 | 000,013,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys.dump
[2013/02/25 15:40:24 | 000,104,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys.dump
[2013/02/25 15:40:24 | 000,052,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinraxx.sys.dump
[2013/02/25 15:40:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinsnxx.sys.dump
[2013/02/25 15:40:22 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\atintuxx.sys.dump
[2013/02/25 15:40:22 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys.dump
[2013/02/25 15:40:22 | 000,031,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinxbxx.sys.dump
[2013/02/25 15:40:22 | 000,013,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\atinttxx.sys.dump
[2013/02/25 15:40:20 | 000,101,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\bthpan.sys.dump
[2013/02/25 15:40:20 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\bthmodem.sys.dump
[2013/02/25 15:40:20 | 000,017,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\bthenum.sys.dump
[2013/02/25 15:40:18 | 000,129,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\fltMgr.sys.dump
[2013/02/25 15:40:18 | 000,046,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\gagp30kx.sys.dump
[2013/02/25 15:40:18 | 000,036,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\bthprint.sys.dump
[2013/02/25 15:40:18 | 000,011,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\SLIP.sys.dump
[2013/02/25 15:40:16 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\hidbth.sys.dump
[2013/02/25 15:40:16 | 000,019,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\hidir.sys.dump
[2013/02/25 15:40:12 | 001,309,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys.dump
[2013/02/25 15:40:12 | 000,126,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.dump
[2013/02/25 15:40:12 | 000,015,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\mssmbios.sys.dump
[2013/02/25 15:40:10 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\mtxparhm.sys.dump
[2013/02/25 15:40:10 | 000,012,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\mutohpen.sys.dump
[2013/02/25 15:40:08 | 000,180,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.dump
[2013/02/25 15:40:08 | 000,012,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouhid.sys.dump
[2013/02/25 15:40:06 | 000,059,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\rfcomm.sys.dump
[2013/02/25 15:40:06 | 000,030,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\rndismpx.sys.dump
[2013/02/25 15:40:06 | 000,013,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\recagent.sys.dump
[2013/02/25 15:40:04 | 000,404,990 | ---- | M] () -- C:\WINDOWS\System32\drivers\slntamr.sys.dump
[2013/02/25 15:40:04 | 000,129,535 | ---- | M] () -- C:\WINDOWS\System32\drivers\slnt7554.sys.dump
[2013/02/25 15:40:04 | 000,011,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sffdisk.sys.dump
[2013/02/25 15:40:04 | 000,011,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\sffp_sd.sys.dump
[2013/02/25 15:40:02 | 000,095,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\slnthal.sys.dump
[2013/02/25 15:40:02 | 000,012,106 | ---- | M] () -- C:\WINDOWS\System32\drivers\OsaFsLoc.sys.dump
[2013/02/25 15:40:02 | 000,009,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\NETMNT.sys.dump
[2013/02/25 15:40:02 | 000,004,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\NdisFilt.sys.dump
[2013/02/25 15:40:00 | 000,599,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTL8192su.sys.dump
[2013/02/25 15:40:00 | 000,078,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\epm-shd.sys.dump
[2013/02/25 15:40:00 | 000,007,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\osaio.sys.dump
[2013/02/25 15:40:00 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\epm-psd.sys.dump
[2013/02/25 15:40:00 | 000,004,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\osanbm.sys.dump
[2013/02/25 15:39:58 | 000,384,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\update.sys.dump
[2013/02/25 15:39:58 | 000,013,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\slwdmsup.sys.dump
[2013/02/25 15:39:58 | 000,012,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\tunmp.sys.dump
[2013/02/25 15:39:56 | 000,121,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbvideo.sys.dump
[2013/02/25 15:39:56 | 000,030,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbehci.sys.dump
[2013/02/25 15:39:56 | 000,014,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\eudskacs.sys.dump
[2013/02/25 15:39:54 | 001,038,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\HSF_DP.sys.dump
[2013/02/25 15:39:54 | 000,042,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\viaagp.sys.dump
[2013/02/25 15:39:54 | 000,014,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\wacompen.sys.dump
[2013/02/25 15:39:54 | 000,011,807 | ---- | M] () -- C:\WINDOWS\System32\drivers\wadv07nt.sys.dump
[2013/02/25 15:39:52 | 000,449,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\ar5211.sys.dump
[2013/02/25 15:39:52 | 000,011,295 | ---- | M] () -- C:\WINDOWS\System32\drivers\wadv08nt.sys.dump
[2013/02/25 15:39:50 | 000,120,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\pcmcia.sys.dump
[2013/02/25 15:39:50 | 000,022,271 | ---- | M] () -- C:\WINDOWS\System32\drivers\watv06nt.sys.dump
[2013/02/25 15:39:50 | 000,011,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\wadv11nt.sys.dump
[2013/02/25 15:39:50 | 000,011,871 | ---- | M] () -- C:\WINDOWS\System32\drivers\wadv09nt.sys.dump
[2013/02/25 15:39:48 | 000,187,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\acpi.sys.dump
[2013/02/25 15:39:48 | 000,139,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\rdpwd.sys.dump
[2013/02/25 15:39:48 | 000,050,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\eubakup.sys.dump
[2013/02/25 15:39:46 | 000,153,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\dmio.sys.dump
[2013/02/25 15:39:46 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys.dump
[2013/02/25 15:39:46 | 000,010,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\pfc.sys.dump
[2013/02/25 15:39:44 | 000,207,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\HSFHWICH.sys.dump
[2013/02/25 15:39:44 | 000,193,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\MpFilter.sys.dump
[2013/02/25 15:39:44 | 000,024,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\hidparse.sys.dump
[2013/02/25 15:39:44 | 000,020,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipinip.sys.dump
[2013/02/25 15:39:44 | 000,019,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS.dump
[2013/02/25 15:39:42 | 000,172,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmixer.sys.dump
[2013/02/25 15:39:42 | 000,052,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\DMusic.sys.dump
[2013/02/25 15:39:42 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\kbdclass.sys.dump
[2013/02/25 15:39:42 | 000,014,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\kbdhid.sys.dump
[2013/02/25 15:39:40 | 000,180,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\mrxdav.sys.dump
[2013/02/25 15:39:40 | 000,042,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\mountmgr.sys.dump
[2013/02/25 15:39:38 | 000,703,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys.dump
[2013/02/25 15:39:38 | 000,060,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\drmk.sys.dump
[2013/02/25 15:39:38 | 000,035,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\msgpc.sys.dump
[2013/02/25 15:39:38 | 000,007,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\mskssrv.sys.dump
[2013/02/25 15:39:38 | 000,005,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\mspclock.sys.dump
[2013/02/25 15:39:36 | 000,203,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\RMCast.sys.dump
[2013/02/25 15:39:36 | 000,068,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\pci.sys.dump
[2013/02/25 15:39:36 | 000,048,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\raspptp.sys.dump
[2013/02/25 15:39:36 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\asyncmac.sys.dump
[2013/02/25 15:39:36 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\usb8023x.sys.dump
[2013/02/25 15:39:36 | 000,003,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\pciide.sys.dump
[2013/02/25 15:39:34 | 000,369,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\BCMWL5.SYS.dump
[2013/02/25 15:39:34 | 000,196,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\rdpdr.sys.dump
[2013/02/25 15:39:34 | 000,070,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Rtlnicxp.sys.dump
[2013/02/25 15:39:34 | 000,019,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\partmgr.sys.dump
[2013/02/25 15:39:34 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\irenum.sys.dump
[2013/02/25 15:39:32 | 000,044,928 | ---- | M] () -- C:\WINDOWS\System32\drivers\agpcpq.sys.dump
[2013/02/25 15:39:32 | 000,042,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\alim1541.sys.dump
[2013/02/25 15:39:32 | 000,037,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\isapnp.sys.dump
[2013/02/25 15:39:32 | 000,030,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\modem.sys.dump
[2013/02/25 15:39:32 | 000,025,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\sonydcam.sys.dump
[2013/02/25 15:39:30 | 000,357,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\srv.sys.dump
[2013/02/25 15:39:30 | 000,175,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\rdbss.sys.dump
[2013/02/25 15:39:30 | 000,125,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ftdisk.sys.dump
[2013/02/25 15:39:30 | 000,073,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\sr.sys.dump
[2013/02/25 15:39:28 | 000,056,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\swmidi.sys.dump
[2013/02/25 15:39:28 | 000,049,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\stream.sys.dump
[2013/02/25 15:39:28 | 000,014,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\tape.sys.dump
[2013/02/25 15:39:28 | 000,006,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\splitter.sys.dump
[2013/02/25 15:39:28 | 000,004,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\swenum.sys.dump
[2013/02/25 15:39:26 | 000,085,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\NABTSFEC.sys.dump
[2013/02/25 15:39:26 | 000,016,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ini910u.sys.dump
[2013/02/25 15:39:26 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\amsint.sys.dump
[2013/02/25 15:39:24 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\ABP480N5.SYS.dump
[2013/02/25 15:39:24 | 000,022,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\asc3350p.sys.dump
[2013/02/25 15:39:24 | 000,014,720 | ---- | M] () -- C:\WINDOWS\System32\drivers\dac960nt.sys.dump
[2013/02/25 15:39:24 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\audstub.sys.dump
[2013/02/25 15:39:22 | 000,105,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\mup.sys.dump
[2013/02/25 15:39:22 | 000,019,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\rasirda.sys.dump
[2013/02/25 15:39:22 | 000,010,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\hidusb.sys.dump
[2013/02/25 15:39:22 | 000,008,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\i2omgmt.sys.dump
[2013/02/25 15:39:20 | 000,075,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipsec.sys.dump
[2013/02/25 15:39:20 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\ql1240.sys.dump
[2013/02/25 15:39:20 | 000,030,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\npfs.sys.dump
[2013/02/25 15:39:18 | 000,033,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\ql10wnt.sys.dump
[2013/02/25 15:39:18 | 000,027,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\perc2.sys.dump
[2013/02/25 15:39:18 | 000,006,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\enum1394.sys.dump
[2013/02/25 15:39:16 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmlane.sys.dump
[2013/02/25 15:39:16 | 000,055,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\aic78u2.sys.dump
[2013/02/25 15:39:16 | 000,049,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\classpnp.sys.dump
[2013/02/25 15:39:16 | 000,025,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\hpn.sys.dump
[2013/02/25 15:39:16 | 000,014,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpqarray.sys.dump
[2013/02/25 15:39:16 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\cd20xrnt.sys.dump
[2013/02/25 15:39:14 | 000,088,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\irda.sys.dump
[2013/02/25 15:39:14 | 000,056,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\aic78xx.sys.dump
[2013/02/25 15:39:14 | 000,020,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\dpti2o.sys.dump
[2013/02/25 15:39:14 | 000,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\CmBatt.sys.dump
[2013/02/25 15:39:14 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\aha154x.sys.dump
[2013/02/25 15:39:14 | 000,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\perc2hib.sys.dump
[2013/02/25 15:39:12 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\hidclass.sys.dump
[2013/02/25 15:39:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\flpydisk.sys.dump
[2013/02/25 15:39:12 | 000,019,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\tdi.sys.dump
[2013/02/25 15:39:12 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\toside.sys.dump
[2013/02/25 15:39:10 | 000,088,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.dump
[2013/02/25 15:39:10 | 000,053,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\1394bus.sys.dump
[2013/02/25 15:39:10 | 000,025,471 | ---- | M] () -- C:\WINDOWS\System32\drivers\watv10nt.sys.dump
[2013/02/25 15:39:10 | 000,021,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\tdtcp.sys.dump
[2013/02/25 15:39:10 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\i2omp.sys.dump
[2013/02/25 15:39:10 | 000,012,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\tdpipe.sys.dump
[2013/02/25 15:39:08 | 000,066,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\udfs.sys.dump
[2013/02/25 15:39:08 | 000,060,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\sysaudio.sys.dump
[2013/02/25 15:39:08 | 000,044,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\uagp35.sys.dump
[2013/02/25 15:39:08 | 000,040,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\termdd.sys.dump
[2013/02/25 15:39:08 | 000,011,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfloppy.sys.dump
[2013/02/25 15:39:08 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\sffp_mmc.sys.dump
[2013/02/25 15:39:08 | 000,005,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\smbali.sys.dump
[2013/02/25 15:39:06 | 000,166,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\s3gnbm.sys.dump
[2013/02/25 15:39:06 | 000,079,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdbus.sys.dump
[2013/02/25 15:39:06 | 000,057,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\redbook.sys.dump
[2013/02/25 15:39:06 | 000,030,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\rndismp.sys.dump
[2013/02/25 15:39:06 | 000,025,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbcamd2.sys.dump
[2013/02/25 15:39:06 | 000,024,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\pciidex.sys.dump
[2013/02/25 15:39:04 | 000,574,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys.dump
[2013/02/25 15:39:04 | 000,162,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\netbt.sys.dump
[2013/02/25 15:39:04 | 000,061,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\nic1394.sys.dump
[2013/02/25 15:39:04 | 000,059,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbhub.sys.dump
[2013/02/25 15:39:04 | 000,032,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbccgp.sys.dump
[2013/02/25 15:39:04 | 000,017,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys.dump
[2013/02/25 15:39:02 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\bthport.sys.dump
[2013/02/25 15:39:02 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys.dump
[2013/02/25 15:39:02 | 000,015,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbintel.sys.dump
[2013/02/25 15:39:02 | 000,014,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\diskdump.sys.dump
[2013/02/25 15:39:02 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\compbatt.sys.dump
[2013/02/25 15:39:02 | 000,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelide.sys.dump
[2013/02/25 15:39:00 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys.dump
[2013/02/25 15:39:00 | 000,071,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\bridge.sys.dump
[2013/02/25 15:39:00 | 000,060,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\arp1394.sys.dump
[2013/02/25 15:39:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmarpc.sys.dump
[2013/02/25 15:39:00 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\amdk6.sys.dump
[2013/02/25 15:39:00 | 000,014,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\battc.sys.dump
[2013/02/25 15:38:58 | 000,456,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys.dump
[2013/02/25 15:38:58 | 000,146,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\portcls.sys.dump
[2013/02/25 15:38:58 | 000,143,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbport.sys.dump
[2013/02/25 15:38:58 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\disk.sys.dump
[2013/02/25 15:38:58 | 000,010,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndistapi.sys.dump
[2013/02/25 15:38:56 | 000,071,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\dxg.sys.dump
[2013/02/25 15:38:56 | 000,052,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\i8042prt.sys.dump
[2013/02/25 15:38:56 | 000,034,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\netbios.sys.dump
[2013/02/25 15:38:56 | 000,026,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbstor.sys.dump
[2013/02/25 15:38:56 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\vga.sys.dump
[2013/02/25 15:38:56 | 000,015,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbscan.sys.dump
[2013/02/25 15:38:56 | 000,002,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\drmkaud.sys.dump
[2013/02/25 15:38:54 | 000,152,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipnat.sys.dump
[2013/02/25 15:38:54 | 000,064,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\serial.sys.dump
[2013/02/25 15:38:54 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\fips.sys.dump
[2013/02/25 15:38:54 | 000,042,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys.dump
[2013/02/25 15:38:54 | 000,020,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbuhci.sys.dump
[2013/02/25 15:38:54 | 000,019,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\msfs.sys.dump
[2013/02/25 15:38:52 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\psched.sys.dump
[2013/02/25 15:38:52 | 000,063,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdfs.sys.dump
[2013/02/25 15:38:52 | 000,051,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\rasl2tp.sys.dump
[2013/02/25 15:38:52 | 000,041,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\raspppoe.sys.dump
[2013/02/25 15:38:52 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\processr.sys.dump
[2013/02/25 15:38:52 | 000,014,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndisuio.sys.dump
[2013/02/25 15:38:50 | 000,143,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\fastfat.sys.dump
[2013/02/25 15:38:50 | 000,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\scsiport.sys.dump
[2013/02/25 15:38:50 | 000,063,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\mf.sys.dump
[2013/02/25 15:38:50 | 000,042,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\p3.sys.dump
[2013/02/25 15:38:50 | 000,015,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\serenum.sys.dump
[2013/02/25 15:38:48 | 000,081,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\videoprt.sys.dump
[2013/02/25 15:38:48 | 000,061,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\ohci1394.sys.dump
[2013/02/25 15:38:48 | 000,040,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys.dump
[2013/02/25 15:38:48 | 000,040,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\nmnt.sys.dump
[2013/02/25 15:38:48 | 000,006,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\ENECBPTH.sys.dump
[2013/02/25 15:38:48 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\mspqm.sys.dump
[2013/02/25 15:38:46 | 000,361,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcpip.sys.dump
[2013/02/25 15:38:46 | 000,138,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\afd.sys.dump
[2013/02/25 15:38:46 | 000,083,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\wdmaud.sys.dump
[2013/02/25 15:38:46 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\volsnap.sys.dump
[2013/02/25 15:38:46 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\wanarp.sys.dump
[2013/02/25 15:38:46 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys.dump
[2013/02/25 15:38:44 | 000,799,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\dmboot.sys.dump
[2013/02/25 15:38:44 | 000,141,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ks.sys.dump
[2013/02/25 15:38:44 | 000,062,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys.dump
[2013/02/25 15:38:44 | 000,042,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\imapi.sys.dump
[2013/02/25 15:38:44 | 000,036,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\crusoe.sys.dump
[2013/02/25 15:38:44 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\ip6fw.sys.dump
[2013/02/25 15:38:42 | 000,058,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdmindvd.sys.dump
[2013/02/25 15:38:42 | 000,012,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsvga.sys.dump
[2013/02/25 15:38:42 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\ws2ifsl.sys.dump
[2013/02/25 15:38:42 | 000,011,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\acpiec.sys.dump
[2013/02/25 15:38:42 | 000,004,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbd.sys.dump
[2013/02/25 15:38:42 | 000,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\mnmdd.sys.dump
[2013/02/25 15:38:42 | 000,003,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\oprghdlr.sys.dump
[2013/02/25 15:38:40 | 000,051,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\tosdvd.sys.dump
[2013/02/25 15:38:40 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbcamd.sys.dump
[2013/02/25 15:38:40 | 000,021,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tsbvcap.sys.dump
[2013/02/25 15:38:40 | 000,014,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\smclib.sys.dump
[2013/02/25 15:38:40 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\usb8023.sys.dump
[2013/02/25 15:38:40 | 000,008,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys.dump
[2013/02/25 15:38:40 | 000,005,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootmdm.sys.dump
[2013/02/25 15:38:38 | 000,063,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnknb.sys.dump
[2013/02/25 15:38:38 | 000,055,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.dump
[2013/02/25 15:38:38 | 000,034,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\rawwan.sys.dump
[2013/02/25 15:38:38 | 000,032,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys.dump
[2013/02/25 15:38:38 | 000,025,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbprint.sys.dump
[2013/02/25 15:38:38 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\riodrv.sys.dump
[2013/02/25 15:38:38 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\rio8drv.sys.dump
[2013/02/25 15:38:36 | 000,032,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys.dump
[2013/02/25 15:38:36 | 000,012,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkflt.sys.dump
[2013/02/25 15:38:36 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\nikedrv.sys.dump
[2013/02/25 15:38:36 | 000,011,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpqdap01.sys.dump
[2013/02/25 15:38:36 | 000,010,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\dxapi.sys.dump
[2013/02/25 15:38:36 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\mcd.sys.dump
[2013/02/25 15:38:34 | 000,352,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmuni.sys.dump
[2013/02/25 15:38:34 | 000,262,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\cinemst2.sys.dump
[2013/02/25 15:38:34 | 000,031,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmepvc.sys.dump
[2013/02/25 15:38:34 | 000,027,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\fdc.sys.dump
[2013/02/25 15:38:34 | 000,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\cbidf2k.sys.dump
[2013/02/25 15:38:34 | 000,006,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\parvdm.sys.dump
[2013/02/25 15:38:34 | 000,003,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\dxgthk.sys.dump
[2013/02/25 15:38:32 | 000,091,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndiswan.sys.dump
[2013/02/25 15:38:32 | 000,018,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdaudio.sys.dump
[2013/02/25 15:38:32 | 000,008,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\rasacd.sys.dump
[2013/02/25 15:38:32 | 000,007,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\fs_rec.sys.dump
[2013/02/25 15:38:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\rdpcdd.sys.dump
[2013/02/25 15:38:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys.dump
[2013/02/25 15:38:32 | 000,002,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys.dump
[2013/02/25 15:38:30 | 000,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys.dump
[2013/02/25 15:38:30 | 000,080,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\parport.sys.dump
[2013/02/25 15:38:30 | 000,016,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\raspti.sys.dump
[2013/02/25 15:38:30 | 000,005,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\dmload.sys.dump
[2013/02/25 15:38:30 | 000,004,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\wmilib.sys.dump
[2013/02/23 09:48:36 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/21 18:41:44 | 000,019,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys.dump
[2013/02/20 16:15:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/19 14:35:58 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/19 14:35:54 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/19 14:35:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/19 14:35:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/19 14:35:54 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/19 14:35:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/19 14:35:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/18 16:38:54 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/18 16:38:54 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/13 22:13:06 | 000,446,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 22:13:06 | 000,073,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/07 13:20:42 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/07 13:20:40 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

========== Files Created - No Company Name ==========

[2013/03/07 11:57:24 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/06 18:41:21 | 000,033,704 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\My Documents\screen shot 4.JPG
[2013/03/03 14:28:29 | 000,088,150 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\My Documents\screenshot 3.JPG
[2013/03/02 17:10:59 | 000,068,449 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\My Documents\screen shot2.JPG
[2013/02/28 16:07:13 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\Desktop\SystemLook.exe
[2013/02/26 16:18:47 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/02/22 21:24:09 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2013/02/22 21:24:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/21 18:41:59 | 000,038,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\wpdusb.sys.dump
[2013/02/21 18:41:55 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WudfRd.sys.dump
[2013/02/21 18:41:51 | 000,077,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\WudfPf.sys.dump
[2013/02/21 18:41:47 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys.dump
[2013/02/21 18:41:43 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys.dump
[2013/02/21 18:41:38 | 000,185,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\EuFdDisk.sys.dump
[2013/02/21 18:41:34 | 000,027,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\AFGSp50.sys.dump
[2013/02/21 18:41:30 | 000,010,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\NdisIP.sys.dump
[2013/02/21 18:41:25 | 000,015,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\StreamIP.sys.dump
[2013/02/21 18:41:21 | 000,022,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\RimUsb.sys.dump
[2013/02/21 18:41:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTHUSB.SYS.dump
[2013/02/21 18:41:14 | 000,092,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\ksecdd.sys.dump
[2013/02/21 18:41:10 | 000,226,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcpip6.sys.dump
[2013/02/21 18:41:05 | 000,265,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\http.sys.dump
[2013/02/21 18:41:02 | 000,203,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTSD.sys.dump
[2013/02/21 18:40:58 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\RimSerial.sys.dump
[2013/02/21 18:40:54 | 000,023,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys.dump
[2013/02/21 18:40:50 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\MSTEE.sys.dump
[2013/02/21 18:40:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndproxy.sys.dump
[2013/02/21 18:40:42 | 000,037,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\amdk7.sys.dump
[2013/02/21 18:40:38 | 000,056,623 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1btxx.sys.dump
[2013/02/21 18:40:34 | 000,011,615 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.dump
[2013/02/21 18:40:30 | 000,012,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.dump
[2013/02/21 18:40:25 | 000,030,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1raxx.sys.dump
[2013/02/21 18:40:20 | 000,063,663 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.dump
[2013/02/21 18:40:16 | 000,026,367 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1snxx.sys.dump
[2013/02/21 18:40:12 | 000,021,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.dump
[2013/02/21 18:40:06 | 000,036,463 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.dump
[2013/02/21 18:40:02 | 000,029,455 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.dump
[2013/02/21 18:39:57 | 000,034,735 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.dump
[2013/02/21 18:39:53 | 000,327,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.dump
[2013/02/21 18:39:48 | 000,701,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati2mtag.sys.dump
[2013/02/21 18:39:44 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys.dump
[2013/02/21 18:39:39 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys.dump
[2013/02/21 18:39:34 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys.dump
[2013/02/21 18:39:31 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys.dump
[2013/02/21 18:39:25 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys.dump
[2013/02/21 18:39:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinsnxx.sys.dump
[2013/02/21 18:39:16 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys.dump
[2013/02/21 18:39:11 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys.dump
[2013/02/21 18:39:06 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxbxx.sys.dump
[2013/02/21 18:39:02 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys.dump
[2013/02/21 18:38:58 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\bthenum.sys.dump
[2013/02/21 18:38:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\bthmodem.sys.dump
[2013/02/21 18:38:50 | 000,101,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\bthpan.sys.dump
[2013/02/21 18:38:45 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\SLIP.sys.dump
[2013/02/21 18:38:41 | 000,036,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\bthprint.sys.dump
[2013/02/21 18:38:37 | 000,129,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\fltMgr.sys.dump
[2013/02/21 18:38:33 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\gagp30kx.sys.dump
[2013/02/21 18:38:30 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\hdaudbus.sys.dump
[2013/02/21 18:38:26 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\hidbth.sys.dump
[2013/02/21 18:38:22 | 000,019,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\hidir.sys.dump
[2013/02/21 18:38:18 | 000,220,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys.dump
[2013/02/21 18:38:14 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfcxts2.sys.dump
[2013/02/21 18:38:09 | 001,041,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys.dump
[2013/02/21 18:38:05 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\mssmbios.sys.dump
[2013/02/21 18:38:01 | 000,126,686 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.dump
[2013/02/21 18:37:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys.dump
[2013/02/21 18:37:51 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys.dump
[2013/02/21 18:37:46 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS.dump
[2013/02/21 18:37:41 | 000,452,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtxparhm.sys.dump
[2013/02/21 18:37:36 | 000,012,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\mutohpen.sys.dump
[2013/02/21 18:37:32 | 000,012,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouhid.sys.dump
[2013/02/21 18:37:27 | 000,180,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.dump
[2013/02/21 18:37:23 | 001,897,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\nv4_mini.sys.dump
[2013/02/21 18:37:18 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\recagent.sys.dump
[2013/02/21 18:37:14 | 000,059,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\rfcomm.sys.dump
[2013/02/21 18:37:10 | 000,030,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\rndismpx.sys.dump
[2013/02/21 18:37:05 | 000,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sffdisk.sys.dump
[2013/02/21 18:37:01 | 000,011,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\sffp_sd.sys.dump
[2013/02/21 18:36:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\sisagp.sys.dump
[2013/02/21 18:36:54 | 000,129,535 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnt7554.sys.dump
[2013/02/21 18:36:49 | 000,404,990 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys.dump
[2013/02/21 18:36:45 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys.dump
[2013/02/21 18:36:41 | 000,095,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnthal.sys.dump
[2013/02/21 18:36:37 | 000,004,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\NdisFilt.sys.dump
[2013/02/21 18:36:33 | 000,012,106 | ---- | C] () -- C:\WINDOWS\System32\drivers\OsaFsLoc.sys.dump
[2013/02/21 18:36:29 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\osanbm.sys.dump
[2013/02/21 18:36:25 | 000,007,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\osaio.sys.dump
[2013/02/21 18:36:22 | 000,078,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\epm-shd.sys.dump
[2013/02/21 18:36:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\epm-psd.sys.dump
[2013/02/21 18:36:14 | 000,599,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTL8192su.sys.dump
[2013/02/21 18:36:09 | 000,013,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\slwdmsup.sys.dump
[2013/02/21 18:36:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\tunmp.sys.dump
[2013/02/21 18:36:01 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\ac97intc.sys.dump
[2013/02/21 18:35:57 | 000,384,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\update.sys.dump
[2013/02/21 18:35:53 | 000,014,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\eudskacs.sys.dump
[2013/02/21 18:35:49 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbehci.sys.dump
[2013/02/21 18:35:45 | 000,013,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdmxsdk.sys.dump
[2013/02/21 18:35:41 | 000,121,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbvideo.sys.dump
[2013/02/21 18:35:37 | 001,038,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_DP.sys.dump
[2013/02/21 18:35:33 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\viaagp.sys.dump
[2013/02/21 18:35:27 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\wacompen.sys.dump
[2013/02/21 18:35:23 | 000,011,807 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv07nt.sys.dump
[2013/02/21 18:35:19 | 000,449,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5211.sys.dump
[2013/02/21 18:35:15 | 000,011,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv08nt.sys.dump
[2013/02/21 18:35:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTIDrvr.sys.dump
[2013/02/21 18:35:06 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys.dump
[2013/02/21 18:35:03 | 000,120,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\pcmcia.sys.dump
[2013/02/21 18:34:59 | 000,011,871 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv09nt.sys.dump
[2013/02/21 18:34:55 | 000,011,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv11nt.sys.dump
[2013/02/21 18:34:51 | 000,022,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv06nt.sys.dump
[2013/02/21 18:34:47 | 000,187,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\acpi.sys.dump
[2013/02/21 18:34:43 | 000,050,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\eubakup.sys.dump
[2013/02/21 18:34:39 | 000,139,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpwd.sys.dump
[2013/02/21 18:34:35 | 001,052,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ialmnt5.sys.dump
[2013/02/21 18:34:30 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys.dump
[2013/02/21 18:34:25 | 000,153,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys.dump
[2013/02/21 18:34:18 | 000,010,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc.sys.dump
[2013/02/21 18:34:15 | 000,019,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS.dump
[2013/02/21 18:34:11 | 000,193,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\MpFilter.sys.dump
[2013/02/21 18:34:07 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\hidparse.sys.dump
[2013/02/21 18:34:03 | 000,207,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFHWICH.sys.dump
[2013/02/21 18:33:59 | 000,020,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipinip.sys.dump
[2013/02/21 18:33:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys.dump
[2013/02/21 18:33:51 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdhid.sys.dump
[2013/02/21 18:33:47 | 000,172,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmixer.sys.dump
[2013/02/21 18:33:43 | 000,052,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\DMusic.sys.dump
[2013/02/21 18:33:39 | 000,042,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\mountmgr.sys.dump
[2013/02/21 18:33:35 | 000,180,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxdav.sys.dump
[2013/02/21 18:33:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\nscirda.sys.dump
[2013/02/21 18:33:27 | 000,060,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\drmk.sys.dump
[2013/02/21 18:33:22 | 000,703,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys.dump
[2013/02/21 18:33:18 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\msgpc.sys.dump
[2013/02/21 18:33:14 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\mspclock.sys.dump
[2013/02/21 18:33:10 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\mskssrv.sys.dump
[2013/02/21 18:33:06 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\pci.sys.dump
[2013/02/21 18:33:02 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\asyncmac.sys.dump
[2013/02/21 18:32:58 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciide.sys.dump
[2013/02/21 18:32:54 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb8023x.sys.dump
[2013/02/21 18:32:50 | 000,048,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\raspptp.sys.dump
[2013/02/21 18:32:46 | 000,203,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\RMCast.sys.dump
[2013/02/21 18:32:42 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\irenum.sys.dump
[2013/02/21 18:32:38 | 000,019,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\partmgr.sys.dump
[2013/02/21 18:32:34 | 000,369,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\BCMWL5.SYS.dump
[2013/02/21 18:32:30 | 000,070,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rtlnicxp.sys.dump
[2013/02/21 18:32:26 | 000,196,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpdr.sys.dump
[2013/02/21 18:32:22 | 000,042,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\alim1541.sys.dump
[2013/02/21 18:32:18 | 000,044,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\agpcpq.sys.dump
[2013/02/21 18:32:13 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys.dump
[2013/02/21 18:32:09 | 000,025,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonydcam.sys.dump
[2013/02/21 18:32:04 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\modem.sys.dump
[2013/02/21 18:32:00 | 000,175,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdbss.sys.dump
[2013/02/21 18:31:57 | 000,073,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sr.sys.dump
[2013/02/21 18:31:53 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys.dump
[2013/02/21 18:31:48 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\srv.sys.dump
[2013/02/21 18:31:43 | 000,049,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\stream.sys.dump
[2013/02/21 18:31:40 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmdide.sys.dump
[2013/02/21 18:31:36 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys.dump
[2013/02/21 18:31:33 | 000,004,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\swenum.sys.dump
[2013/02/21 18:31:29 | 000,056,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys.dump
[2013/02/21 18:31:25 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\tape.sys.dump
[2013/02/21 18:31:21 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\ultra.sys.dump
[2013/02/21 18:31:18 | 000,085,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\NABTSFEC.sys.dump
[2013/02/21 18:31:14 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aliide.sys.dump
[2013/02/21 18:31:10 | 000,016,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ini910u.sys.dump
[2013/02/21 18:31:06 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\amsint.sys.dump
[2013/02/21 18:31:03 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\ABP480N5.SYS.dump
[2013/02/21 18:30:59 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc3350p.sys.dump
[2013/02/21 18:30:54 | 000,026,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc.sys.dump
[2013/02/21 18:30:49 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc3550.sys.dump
[2013/02/21 18:30:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\audstub.sys.dump
[2013/02/21 18:30:41 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\dac960nt.sys.dump
[2013/02/21 18:30:36 | 000,179,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dac2w2k.sys.dump
[2013/02/21 18:30:32 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\mup.sys.dump
[2013/02/21 18:30:28 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\i2omgmt.sys.dump
[2013/02/21 18:30:25 | 000,017,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mraid35x.sys.dump
[2013/02/21 18:30:21 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasirda.sys.dump
[2013/02/21 18:30:17 | 000,010,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\hidusb.sys.dump
[2013/02/21 18:30:13 | 000,049,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql1280.sys.dump
[2013/02/21 18:30:10 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys.dump
[2013/02/21 18:30:05 | 000,045,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql12160.sys.dump
[2013/02/21 18:30:01 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql1240.sys.dump
[2013/02/21 18:29:57 | 000,030,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\npfs.sys.dump
[2013/02/21 18:29:53 | 000,040,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql1080.sys.dump
[2013/02/21 18:29:49 | 000,033,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql10wnt.sys.dump
[2013/02/21 18:29:46 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\enum1394.sys.dump
[2013/02/21 18:29:40 | 000,030,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\sym_u3.sys.dump
[2013/02/21 18:29:36 | 000,032,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\symc8xx.sys.dump
[2013/02/21 18:29:31 | 000,027,165 | ---- | C] () -- C:\WINDOWS\System32\drivers\fetnd5.sys.dump
[2013/02/21 18:29:25 | 000,028,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sym_hi.sys.dump
[2013/02/21 18:29:21 | 000,027,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\perc2.sys.dump
[2013/02/21 18:29:16 | 000,025,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpn.sys.dump
[2013/02/21 18:29:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\cd20xrnt.sys.dump
[2013/02/21 18:29:08 | 000,049,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\classpnp.sys.dump
[2013/02/21 18:29:04 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\symc810.sys.dump
[2013/02/21 18:29:00 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpqarray.sys.dump
[2013/02/21 18:28:53 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmlane.sys.dump
[2013/02/21 18:28:50 | 000,055,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\aic78u2.sys.dump
[2013/02/21 18:28:45 | 000,020,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\dpti2o.sys.dump
[2013/02/21 18:28:41 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\CmBatt.sys.dump
[2013/02/21 18:28:37 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\aha154x.sys.dump
[2013/02/21 18:28:34 | 000,056,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\aic78xx.sys.dump
[2013/02/21 18:28:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\perc2hib.sys.dump
[2013/02/21 18:28:26 | 000,088,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\irda.sys.dump
[2013/02/21 18:28:22 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\adpu160m.sys.dump
[2013/02/21 18:28:17 | 000,019,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sparrow.sys.dump
[2013/02/21 18:28:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\hidclass.sys.dump
[2013/02/21 18:28:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\flpydisk.sys.dump
[2013/02/21 18:28:04 | 000,019,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdi.sys.dump
[2013/02/21 18:28:01 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\toside.sys.dump
[2013/02/21 18:27:57 | 000,053,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\1394bus.sys.dump
[2013/02/21 18:27:53 | 000,025,471 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv10nt.sys.dump
[2013/02/21 18:27:49 | 000,088,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.dump
[2013/02/21 18:27:45 | 000,018,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\i2omp.sys.dump
[2013/02/21 18:27:41 | 000,012,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdpipe.sys.dump
[2013/02/21 18:27:36 | 000,021,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdtcp.sys.dump
[2013/02/21 18:27:32 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\udfs.sys.dump
[2013/02/21 18:27:28 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys.dump
[2013/02/21 18:27:25 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\smbali.sys.dump
[2013/02/21 18:27:21 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\uagp35.sys.dump
[2013/02/21 18:27:17 | 000,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysaudio.sys.dump
[2013/02/21 18:27:12 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfloppy.sys.dump
[2013/02/21 18:27:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\sffp_mmc.sys.dump
[2013/02/21 18:27:04 | 000,079,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdbus.sys.dump
[2013/02/21 18:27:01 | 000,025,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbcamd2.sys.dump
[2013/02/21 18:26:57 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\s3gnbm.sys.dump
[2013/02/21 18:26:53 | 000,030,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\rndismp.sys.dump
[2013/02/21 18:26:49 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys.dump
[2013/02/21 18:26:45 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciidex.sys.dump
[2013/02/21 18:26:41 | 000,574,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys.dump
[2013/02/21 18:26:38 | 000,032,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys.dump
[2013/02/21 18:26:34 | 000,061,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\nic1394.sys.dump
[2013/02/21 18:26:30 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys.dump
[2013/02/21 18:26:27 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys.dump
[2013/02/21 18:26:23 | 000,059,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbhub.sys.dump
[2013/02/21 18:26:19 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelide.sys.dump
[2013/02/21 18:26:15 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys.dump
[2013/02/21 18:26:11 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\bthport.sys.dump
[2013/02/21 18:26:08 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbintel.sys.dump
[2013/02/21 18:26:04 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\diskdump.sys.dump
[2013/02/21 18:26:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\compbatt.sys.dump
[2013/02/21 18:25:57 | 000,071,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\bridge.sys.dump
[2013/02/21 18:25:53 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\battc.sys.dump
[2013/02/21 18:25:50 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmarpc.sys.dump
[2013/02/21 18:25:45 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys.dump
[2013/02/21 18:25:40 | 000,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\arp1394.sys.dump
[2013/02/21 18:25:37 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\amdk6.sys.dump
[2013/02/21 18:25:32 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\amdagp.sys.dump
[2013/02/21 18:25:28 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndistapi.sys.dump
[2013/02/21 18:25:24 | 000,146,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\portcls.sys.dump
[2013/02/21 18:25:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys.dump
[2013/02/21 18:25:17 | 000,456,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys.dump
[2013/02/21 18:25:13 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbport.sys.dump
[2013/02/21 18:25:09 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys.dump
[2013/02/21 18:25:05 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\drmkaud.sys.dump
[2013/02/21 18:25:00 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\dxg.sys.dump
[2013/02/21 18:24:56 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys.dump
[2013/02/21 18:24:52 | 000,026,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbstor.sys.dump
[2013/02/21 18:24:49 | 000,034,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbios.sys.dump
[2013/02/21 18:24:45 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\vga.sys.dump
[2013/02/21 18:24:40 | 000,152,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipnat.sys.dump
[2013/02/21 18:24:36 | 000,020,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbuhci.sys.dump
[2013/02/21 18:24:33 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys.dump
[2013/02/21 18:24:28 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\fips.sys.dump
[2013/02/21 18:24:23 | 000,042,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys.dump
[2013/02/21 18:24:18 | 000,019,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\msfs.sys.dump
[2013/02/21 18:24:15 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\processr.sys.dump
[2013/02/21 18:24:11 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\raspppoe.sys.dump
[2013/02/21 18:24:07 | 000,051,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasl2tp.sys.dump
[2013/02/21 18:24:04 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisuio.sys.dump
[2013/02/21 18:23:59 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\psched.sys.dump
[2013/02/21 18:23:56 | 000,063,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdfs.sys.dump
[2013/02/21 18:23:52 | 000,042,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\p3.sys.dump
[2013/02/21 18:23:48 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\scsiport.sys.dump
[2013/02/21 18:23:44 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\serenum.sys.dump
[2013/02/21 18:23:39 | 000,143,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\fastfat.sys.dump
[2013/02/21 18:23:35 | 000,063,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\mf.sys.dump
[2013/02/21 18:23:32 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\viaide.sys.dump
[2013/02/21 18:23:29 | 000,061,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sys.dump
[2013/02/21 18:23:25 | 000,081,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\videoprt.sys.dump
[2013/02/21 18:23:21 | 000,040,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\nmnt.sys.dump
[2013/02/21 18:23:18 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys.dump
[2013/02/21 18:23:14 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\mspqm.sys.dump
[2013/02/21 18:23:11 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ENECBPTH.sys.dump
[2013/02/21 18:23:07 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys.dump
[2013/02/21 18:23:04 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\wanarp.sys.dump
[2013/02/21 18:23:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys.dump
[2013/02/21 18:22:55 | 000,361,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcpip.sys.dump
[2013/02/21 18:22:51 | 000,083,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmaud.sys.dump
[2013/02/21 18:22:47 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys.dump
[2013/02/21 18:22:44 | 000,141,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ks.sys.dump
[2013/02/21 18:22:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\ip6fw.sys.dump
[2013/02/21 18:22:36 | 000,799,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmboot.sys.dump
[2013/02/21 18:22:32 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys.dump
[2013/02/21 18:22:28 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\crusoe.sys.dump
[2013/02/21 18:22:24 | 000,042,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\imapi.sys.dump
[2013/02/21 18:22:21 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbd.sys.dump
[2013/02/21 18:22:17 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\oprghdlr.sys.dump
[2013/02/21 18:22:13 | 000,011,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\acpiec.sys.dump
[2013/02/21 18:22:08 | 000,012,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsvga.sys.dump
[2013/02/21 18:22:05 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\mnmdd.sys.dump
[2013/02/21 18:22:01 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\ws2ifsl.sys.dump
[2013/02/21 18:21:56 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdmindvd.sys.dump
[2013/02/21 18:21:53 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbcamd.sys.dump
[2013/02/21 18:21:49 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb8023.sys.dump
[2013/02/21 18:21:45 | 000,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tsbvcap.sys.dump
[2013/02/21 18:21:41 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\tosdvd.sys.dump
[2013/02/21 18:21:36 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\smclib.sys.dump
[2013/02/21 18:21:32 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootmdm.sys.dump
[2013/02/21 18:21:29 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys.dump
[2013/02/21 18:21:25 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys.dump
[2013/02/21 18:21:21 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\riodrv.sys.dump
[2013/02/21 18:21:17 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\rio8drv.sys.dump
[2013/02/21 18:21:12 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\rawwan.sys.dump
[2013/02/21 18:21:07 | 000,055,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.dump
[2013/02/21 18:21:01 | 000,063,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnknb.sys.dump
[2013/02/21 18:20:57 | 000,032,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys.dump
[2013/02/21 18:20:53 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkflt.sys.dump
[2013/02/21 18:20:49 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\nikedrv.sys.dump
[2013/02/21 18:20:45 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\mcd.sys.dump
[2013/02/21 18:20:42 | 000,032,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys.dump
[2013/02/21 18:20:38 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\dxapi.sys.dump
[2013/02/21 18:20:34 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpqdap01.sys.dump
[2013/02/21 18:20:29 | 000,262,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\cinemst2.sys.dump
[2013/02/21 18:20:26 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\cbidf2k.sys.dump
[2013/02/21 18:20:20 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmuni.sys.dump
[2013/02/21 18:20:16 | 000,031,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmepvc.sys.dump
[2013/02/21 18:20:13 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\parvdm.sys.dump
[2013/02/21 18:20:09 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\dxgthk.sys.dump
[2013/02/21 18:20:05 | 000,027,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdc.sys.dump
[2013/02/21 18:20:02 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasacd.sys.dump
[2013/02/21 18:19:59 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpcdd.sys.dump
[2013/02/21 18:19:55 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys.dump
[2013/02/21 18:19:51 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys.dump
[2013/02/21 18:19:48 | 000,007,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\fs_rec.sys.dump
[2013/02/21 18:19:44 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdaudio.sys.dump
[2013/02/21 18:19:40 | 000,091,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndiswan.sys.dump
[2013/02/21 18:19:36 | 000,016,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\raspti.sys.dump
[2013/02/21 18:19:33 | 000,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\ptilink.sys.dump
[2013/02/21 18:19:29 | 000,182,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys.dump
[2013/02/21 18:19:26 | 000,080,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\parport.sys.dump
[2013/02/21 18:19:22 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmload.sys.dump
[2013/02/21 18:19:19 | 000,004,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmilib.sys.dump
[2013/02/20 16:15:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/26 14:05:48 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2013/01/22 12:04:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012/09/01 18:48:48 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/06/26 17:56:47 | 000,062,175 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\Application Data\userenv.xml.urlencode
[2012/06/26 17:56:46 | 000,046,382 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\Application Data\userenv.xml
[2012/06/22 00:35:43 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/21 23:52:43 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2012/06/21 22:35:27 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\Application Data\result.db
[2012/06/05 18:03:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/14 17:34:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/04 23:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/06/08 13:13:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/03/23 15:31:35 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/12 23:09:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/02/29 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2008/03/06 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/03/06 18:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/03/19 18:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/20 22:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/08 12:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/04/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2012/04/06 13:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/04/07 17:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberDefender
[2012/05/01 11:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/05/18 13:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2012/06/22 17:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/06/25 15:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/26 17:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2012/06/27 21:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/03 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/07/05 20:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/07/15 13:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/09/30 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/30 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/23 22:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/02/29 00:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\Acer
[2012/10/23 22:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\Avanquest
[2008/05/25 11:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\Uniblue
[2008/07/27 17:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\Juniper Networks
[2012/06/04 17:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\MusicOasis
[2009/10/18 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\AntiMalware
[2010/03/04 16:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/02 14:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\Anti Malware
[2013/01/22 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\SystemRequirementsLab
[2012/06/27 21:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\TestApp
[2012/07/03 11:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\DriverCure
[2012/07/05 20:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\PCPro
[2012/07/05 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\PC Cleaners
[2012/09/12 10:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\FreeFileViewer
[2012/04/03 00:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\MSNInstaller
[2012/05/05 18:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coletta Wade\Application Data\ElevatedDiagnostics

========== Purity Check ==========

< End of report >


----------



## Rena30 (Jan 19, 2013)

OTL Extras logfile created on: 3/7/2013 4:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Coletta Wade\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.94% Memory free
2.33 Gb Paging File | 1.98 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): C:\pagefile.sys 500 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.47 Gb Total Space | 2.73 Gb Free Space | 16.60% Space Free | Partition Type: FAT32
Drive D: | 17.69 Gb Total Space | 17.35 Gb Free Space | 98.06% Space Free | Partition Type: FAT32

Computer Name: SARENAH | User Name: Coletta Wade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management 
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\System32\MSIEXEC.EXE" = C:\WINDOWS\System32\MSIEXEC.EXE:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB25040-2D43-4868-930C-F08B812F2BF8}" = Acer eDataSecurity Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeFileViewer_is1" = Free File Viewer 2012
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Info Center_is1" = Info Center 1.0.0.10
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"MyWebExPC" = WebEx PCNow
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2013 3:57:06 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2013 3:58:18 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2013 10:52:26 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 2/27/2013 7:48:28 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/27/2013 7:59:23 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 3/7/2013 8:06:08 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 8:09:15 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 8:58:18 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 9:02:34 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 9:07:16 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 3/7/2013 1:27:25 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter

Error - 3/7/2013 1:56:44 PM | Computer Name = SARENAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/7/2013 1:59:12 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:02:56 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:37:44 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:41:54 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:53:21 PM | Computer Name = SARENAH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.985.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240017 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/7/2013 2:55:38 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 6:01:59 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 6:14:46 PM | Computer Name = SARENAH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.985.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

< End of report >


----------



## Rena30 (Jan 19, 2013)

OTL Extras logfile created on: 3/7/2013 4:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Coletta Wade\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.94% Memory free
2.33 Gb Paging File | 1.98 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): C:\pagefile.sys 500 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.47 Gb Total Space | 2.73 Gb Free Space | 16.60% Space Free | Partition Type: FAT32
Drive D: | 17.69 Gb Total Space | 17.35 Gb Free Space | 98.06% Space Free | Partition Type: FAT32

Computer Name: SARENAH | User Name: Coletta Wade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management 
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\System32\MSIEXEC.EXE" = C:\WINDOWS\System32\MSIEXEC.EXE:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB25040-2D43-4868-930C-F08B812F2BF8}" = Acer eDataSecurity Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeFileViewer_is1" = Free File Viewer 2012
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Info Center_is1" = Info Center 1.0.0.10
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"MyWebExPC" = WebEx PCNow
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2013 3:57:06 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2013 3:58:18 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2013 10:52:26 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 2/27/2013 7:48:28 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/27/2013 7:59:23 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 3/7/2013 8:06:08 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 8:09:15 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 8:58:18 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 9:02:34 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2013 9:07:16 PM | Computer Name = SARENAH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 3/7/2013 1:27:25 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter

Error - 3/7/2013 1:56:44 PM | Computer Name = SARENAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/7/2013 1:59:12 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:02:56 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:37:44 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:41:54 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 2:53:21 PM | Computer Name = SARENAH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.985.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240017 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/7/2013 2:55:38 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 6:01:59 PM | Computer Name = SARENAH | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/7/2013 6:14:46 PM | Computer Name = SARENAH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.985.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

< End of report >


----------



## Rena30 (Jan 19, 2013)

Post #159 describes it all the best way that I know how. It runs slow, acts like it is locked up. When you close all windows, everything on the desktop disappears (briefly), when you try to connect to the internet again it will not connect. I do not know why, but when you put it in standby and then return it will let you connect again. Then it will work normally for a little bit and then it will just do it all over again.


----------



## Mark1956 (May 7, 2011)

The OTL log is not showing anything I can see that would explain the problem.

I'd like you to follow this guide below to reinstall Service Pack 3, it will replace any system files that might be missing or corrupt.

Do you have or can you borrow a retail copy of Windows XP Home, ideally with Service Pack 3 included, but if not we can slipstream the Service Pack into a copy and then if the instructions below don't fix it we can run a Repair Install.

Please download this and save it to your desktop: XP SP3 .ISO download

You then need to burn the .ISO image to a CD. You must use an ISO burning program, just copying the file to a CD will not work.

If you do not have an ISO burner then please follow this:

Download this and save it to your desktop: ImgBurn

Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you wish to burn. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Boot the PC and then when at the desktop insert the CD.
Open Windows Explorer and then double click on My Computer in the left pane.
In the right pane double click on your CD drive.
Then in the right pane double click on the AUTORUN icon and follow the prompts.


----------



## Rena30 (Jan 19, 2013)

I do not know anyone that I could borrow that from. I also do not have any blank cd's. So I guess I will need to go purchase some and I do not know when I will be able to do so. 
Is it possible to use a music burned cd?


----------



## Mark1956 (May 7, 2011)

Unfortunately you cannot use a CD that has already been burned unless it is re-recordable and you delete the contents before using it.

Your only other option is to use the Recovery partition to reset the PC to Factory defaults which will wipe everything off your hard drive and put it back to the state it was in when new. In view of what we have done so far that may be the only option left if the re-install of SP3 does not work.


----------



## Rena30 (Jan 19, 2013)

Ok, the guy that was working with me on this thread before was suggesting going back to factory settings. I know that will wipe away everything including pictures and files, but what about my email addresses? I also have alot of post on craigslist, will that wipe those away as well?


----------



## Mark1956 (May 7, 2011)

I'm not familiar with Craigslist so can't answer that one, email addresses will be saved on the email server. I only use Hotmail and all my saved emails and addresses are all stored by default on the server. If you have any doubts about your data then you will need to make back-ups.

A full re-install may be avoided if you can get some blank CD's to continue with the diagnosis.


----------



## Rena30 (Jan 19, 2013)

Ok well give me a couple of days and when I get off to the store I will get some. Sorry for any inconvenience.


----------



## Mark1956 (May 7, 2011)

Ok, no problem with the delay.


----------



## Rena30 (Jan 19, 2013)

Ok I have some cd's now. Should I just follow the steps from post 181?


----------



## Mark1956 (May 7, 2011)

Yup .


----------



## Rena30 (Jan 19, 2013)

My computer is acting really bad now, as soon as it gets started up it freezes and I am having to go into standby like every 5 mins. Can I do the steps in post 181 in safe mode?


----------



## Mark1956 (May 7, 2011)

I am not 100% sure if it will work, but should not do any harm, so give it a go.


----------



## Rena30 (Jan 19, 2013)

Ok thanks. I will let you know.


----------



## Rena30 (Jan 19, 2013)

Ok I got both things downloaded. But I haven't ran anything yet. I am wondering at what point do I put the cd (that I want to burn on) into my computer. And does it take long to burn the image?


----------



## Mark1956 (May 7, 2011)

First you need to install ImgBurn by double clicking on the downloaded file on your desktop.

Put the blank CD into the CD drive and then follow the instructions I gave at the top of this page to use Imgburn to burn the disk. I made one a while back and think it only took about 5 to 10 minutes, it will tell you when it is complete, do not interrupt it once the process has started and to be on the safe side do not use the PC for anything else while the disk is burning.


----------



## Rena30 (Jan 19, 2013)

Ok I did as I was instructed and after the image burn completed its operation, I received a prompt saying "Verify Failed, Reason: layouts do not match" below was just an ok button. I clicked ok. Then I closed everything and rebooted. When it got to the desktop I inserted the cd. I opened windows explorer. and there was not any place to double click on my computer or to double click on Autorun.


----------



## Mark1956 (May 7, 2011)

When you open Windows Explorer in XP, My Computer should be visible in the left hand pane of the window, if you click on the Start button do you see My Computer listed there on the right hand side of the window. As ImgBurn told you the verification failed something may have gone wrong with the CD burning.


----------



## Rena30 (Jan 19, 2013)

Yes, when I click the start button I do see my computer. But when I double click it there is not an autorun icon. Should I try to burn it again?


----------



## Mark1956 (May 7, 2011)

When you click on My Computer you should see a list of drives including your CD drive. Double click on the CD drive and it should show the contents of the CD, if it did burn correctly you will see the file autorun.exe in the list.

If not I would recommend you try to burn the CD on another 'fully functional' PC.


----------



## Rena30 (Jan 19, 2013)

Ok I do not have anywhere that I can go and copy that on another computer. It might not have worked because I was in safe mode. When I go to my computer I see the cd drive if I double click it, it say E: is not accessible. If I right click on it there is not an AutoRun option. So my only option is to try to burn the image in regular startup. If that does not work can you just tell me how to save my files and then go back to factory settings?


----------



## Mark1956 (May 7, 2011)

It may be worth a try in Normal mode, but I am not aware of any reason why it should not burn correctly in Safe mode having never tried it. Right clicking on the CD drive is not going to give you the Auto Run option. AutoRun is a file that should appear in the list of contents when you open the burned CD to view what is on it, if you had been able to get to that and double clicked on it the CD would run, there is no other way I know of to use it.

You will have to refer to your PC's instruction manual to run the Factory Restore, but on some systems if you use the F8 key, as you would to go into Safe mode, you may find the option in the menu. If not, the instruction manual will tell you what key or key combination you have to use.

Also, with some systems there is an option available when you run the Factory Restore to save all your existing files which will appear as Windows.old when the restore is complete.

It is always advisable to keep back ups of all your important data to an external hard drive or CD/DVD's, if you don't have an external hard drive you will have to burn all your important data to CD/DVD's.


----------



## Rena30 (Jan 19, 2013)

It will not open the cd drive, when I double click it, it says E: is not accessible, incorrect function. It does that in safe mode and in normal startup. I do not have a manual I bought this computer used. I will try the F8 and see if the option is there. I am running out of options and I am afraid that if I do not do something quick my pc is going to be messed up for good. Yesterday it was running extremely slow in safe mode and would not really run at all in normal.


----------



## Mark1956 (May 7, 2011)

Sounds like things are going from bad to worse and you have a problem with the CD drive being recognized by the system or it is giving that message because it can't read the CD due to a corrupt burn operation. Try putting in an Audio CD and see if it will open it. Unfortunately to run some of the scans that might help identify the problem the CD drive is required so we are a bit stuck in a corner.

Can you get DDS to run and post both the DDS.txt log and the Attach.txt log, this may give me a clue as to what might be going on. The link to download it is Here

It would be best to run it in Normal Mode but Safe mode will do.

If nothing is working it would be worth a try to do this.

Start tapping the F8 key as soon as you switch on, at the menu select Last Known Good Configuration and see if that brings the system back to life again.

If not do this: 
Start tapping the F8 key immediately after starting the PC. This will take you to the "Advanced Boot Options".
Select "Safe Mode", the safe mode desktop will open with a message, select "No", the desktop will appear followed by the System Restore screen.

Click on Next and you will see if there are any Restore Points available or it will tell you there aren't.
If there are any take it back to the one Combofix created.

This will undo all the file removals and changes we made with and after Combofix was run but may be worth it if it gets the PC up and running again. If that Restore Point fails to improve things take it back to the earliest one you have.

Let me know how it goes.


----------



## Rena30 (Jan 19, 2013)

The Audio cd did work. It would load it in Safe mode but not play it (it seems there is no sound in Safe mode). However it did play it in normal mode. I will try to get those logs and have them ready for you in the am. Thank you


----------



## Rena30 (Jan 19, 2013)

DDS (Ver_2012-11-20.01) - FAT32_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by Coletta Wade at 17:13:09 on 2013-03-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1512 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\alg.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [epm-dm] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-System: NoSecCPL = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
uPolicies-System: NoDevMgrPage = dword:0
uPolicies-System: NoConfigPage = dword:0
uPolicies-System: NoVirtMemPage = dword:0
uPolicies-System: NoFileSysPage = dword:0
uPolicies-System: NoNetSetup = dword:0
uPolicies-System: NoNetSetupIDPage = dword:0
uPolicies-System: NoNetSetupSecurityPage = dword:0
uPolicies-System: NoWorkgroupContents = dword:0
uPolicies-System: NoEntireNetwork = dword:0
uPolicies-System: NoFileSharingControl = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - d:\programs\micros~1\office11\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400378484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2903CD53-31CE-4D73-A5C2-8E21836F709B} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.160\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R1 MpKslb6f1c40b;MpKslb6f1c40b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6481acd5-95db-4227-a42b-0b7002a4f1e6}\MpKslb6f1c40b.sys [2013-3-13 29904]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2012-4-2 599936]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-19 19:35:52	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-19 19:35:52	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-18 21:38:54	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 21:38:54	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-30 09:53:22	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-26 02:55:44	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-20 20:59:04	195296	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-07 20:43:52	464024	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-07 00:16:02	2193024	------w-	c:\windows\system32\ntoskrnl.exe
2013-01-06 23:36:58	2069760	------w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 00:20:00	1867264	------w-	c:\windows\system32\win32k.sys
2013-01-02 05:49:10	148992	------w-	c:\windows\system32\mpg2splt.ax
2013-01-02 05:49:10	1292288	------w-	c:\windows\system32\quartz.dll
2012-12-26 19:16:30	916480	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 19:16:28	43520	------w-	c:\windows\system32\licmgr10.dll
2012-12-26 19:16:28	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-12-24 05:41:00	385024	------w-	c:\windows\system32\html.iec
2012-12-20 03:53:58	185032	----a-w-	c:\windows\system32\drivers\EuFdDisk.sys
2012-12-20 03:53:56	40648	----a-w-	c:\windows\system32\drivers\EUBKMON.sys
2012-12-20 03:53:52	14920	----a-w-	c:\windows\system32\drivers\eudskacs.sys
2012-12-20 03:53:50	50248	----a-w-	c:\windows\system32\drivers\eubakup.sys
2012-12-16 11:24:00	290560	----a-w-	c:\windows\system32\atmfd.dll
.
============= FINISH: 17:14:23.32 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/29/2008 12:44:49 AM
System Uptime: 3/13/2013 4:58:40 PM (1 hours ago)
.
Motherboard: Acer | | Garda-910 
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 16 GiB total, 1.842 GiB free.
D: is FIXED (FAT32) - 18 GiB total, 17.351 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Service: AR5211
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_BEEP\XX_RKHIT_XX
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_BEEP\XX_RKHIT_XX
Service: RkHit
.
==== System Restore Points ===================
.
RP1046: 2/27/2013 6:00:20 PM - System Checkpoint
RP1047: 2/28/2013 6:38:52 PM - Software Distribution Service 3.0
RP1048: 3/1/2013 8:37:00 PM - System Checkpoint
RP1049: 3/1/2013 9:11:04 PM - Software Distribution Service 3.0
RP1050: 3/2/2013 6:59:26 PM - OTM Restore Point
RP1051: 3/3/2013 10:52:52 AM - Software Distribution Service 3.0
RP1052: 3/4/2013 11:24:09 AM - Software Distribution Service 3.0
RP1053: 3/4/2013 4:24:42 PM - OTM Restore Point
RP1054: 3/6/2013 4:42:43 PM - System Checkpoint
RP1055: 3/7/2013 4:36:13 PM - Software Distribution Service 3.0
RP1056: 3/8/2013 6:54:18 PM - Software Distribution Service 3.0
RP1057: 3/11/2013 3:12:21 PM - Software Distribution Service 3.0
RP1058: 3/13/2013 5:13:54 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
Driver Manager
File Type Assistant
Free File Viewer 2012
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
ImgBurn
Info Center 1.0.0.10
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 15
Java Auto Updater
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master 2
PowerDirector Express
PreReq
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923789)
SoftV90 Data Fax Modem with SmartCP
System Requirements Lab for Intel
TurboTax 2008 WinPerReleaseEngine
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx PCNow
WebFldrs XP
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
3/9/2013 3:32:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/8/2013 6:39:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1321.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/7/2013 4:14:46 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/7/2013 12:53:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240017 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/6/2013 12:25:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/6/2013 11:04:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/6/2013 11:04:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/6/2013 10:55:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
3/6/2013 10:54:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/6/2013 10:52:25 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
3/13/2013 3:43:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024001f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/13/2013 2:22:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/13/2013 10:16:52 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/12/2013 6:15:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/12/2013 1:09:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/11/2013 12:19:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1385.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/11/2013 11:21:14 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1385.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/11/2013 11:21:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1385.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
3/10/2013 11:21:18 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1385.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 
.
==== End Of File ===========================


----------



## Rena30 (Jan 19, 2013)

I posted both logs together. I did not realize how big they were. In case you are not aware the dds log ends where it says finished and the there is the attach log. 

Should I continue with your instructions from post #202 or just wait and see what you can find?


----------



## Mark1956 (May 7, 2011)

I am checking the logs now. As for the CD drive it sounds like it is ok reading discs but there could just be a problem with burning them, Audio drivers are not loaded in Safe Mode so that is why it would not play.

I'll be back shortly.


----------



## Mark1956 (May 7, 2011)

The logs are not telling me much, but it looks like Microsoft Security Essentials is having a problem updating, there is also an error showing that the Bits service could not run which may relate to the problem with MSE. Please download the attached file and save it on the desktop, extract the file and then double click on the reg file and allow it to merge with the registry.

When done please open MSE and click on the Update tab and then the Update button and see if it works without showing an error, if it does run a Full system scan with it and remove anything it finds, report back with a list of any detections it made.

Then please try and run this and post the log.


Click on *Start* then *Run* and type *cmd* in the search box and hit *Enter*. At the *C:* prompt, type *chkdsk /r *exactly as written here with the gap before the slash, then hit* Enter*.
You will then see a message *"Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)" *
Type *Y* for yes, and hit *Enter*. Then reboot the computer. The disc check will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The disc check process may take an hour or more to finish and may appear to freeze which is normal.)
When the disc check is done, it will finish loading Windows.
When finished click on *Start* then *Run* and type: *eventvwr.msc* and hit *Enter*.
When *Event Viewer* opens, click on* Application* in the left pane. In the main pane scroll down until you find *Winlogon* under the *Source* column and double-click on it.
This is the log created after running the disc check. Click *once* on the *Copy* button








Come back here and* right click* on the message box, select *Paste* from the pop up menu and the log will appear. Then submit the post.


----------



## Mark1956 (May 7, 2011)

I have been looking back through the thread to the earlier logs and spotted something odd in the RogueKiller log, it says the PC has an Acer Master Boot Record, but the recovery partition shows Compaq which is a different manufacturer to Acer. We had better run this check below so I can see exactly what is there, this will also confirm your Windows licence to make sure it has not been blocked.


To run the tool, click on this link: MGADiag
In the File Download - Security Warning dialog box, click Run.
In the Internet Explorer - Security Warning dialog box, click Run.
In the Microsoft Genuine Advantage Diagnostic Tool dialog box, click *Continue*.
When the MGADIAG tool finishes, ensure it is displaying the information under the *Windows* tab and click* Copy*.
Come back to this thread and right click on the message box and select *Paste* from the pop up menu and the results will appear, then submit the message.


----------



## Rena30 (Jan 19, 2013)

Ok, after extracting the Bits folder and mergeing, I went to MSE and updated, I did not receive any error. I ran a full scan. It took it all night but when I woke up the scan was complete, I went to history and it did not show that it detected anything. There was the Update icon shield saying updates were ready for my pc. I clicked on it and installed updates, I think it installed 3. I havent had a chance to do the CMD log yet but here is the MGADIAG log.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-36J2P-HT3T3-QPMFB
Windows Product Key Hash: +NNF346DA3Rr/gGjXZtwAv8AQuM=
Windows Product ID: 76477-OEM-2111907-00100
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {E4D6BD01-D74B-4A50-ADB8-426B7BE28BEE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E4D6BD01-D74B-4A50-ADB8-426B7BE28BEE}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QPMFB</PKey><PID>76477-OEM-2111907-00100</PID><PIDType>2</PIDType><SID>S-1-5-21-3787212781-3330114376-3725252112</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>TravelMate 2420</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.03 </Version><SMBIOSVersion major="2" minor="31"/><Date>20060206000000.000000+000</Date><SLPBIOS>AcerSystem ,AcerSystem </SLPBIOS></BIOS><HWID>E27A3507018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Acer Inc.</name><model>AcerSystem</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 178A0:Acer Incorporated|14E3C:Acer Incorporated
Marker string from OEMBIOS.DAT: AcerSystem ,AcerSystem 
OEM Activation 2.0 Data-->
N/A


----------



## Rena30 (Jan 19, 2013)

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 3/14/2013
Time: 12:44:45 PM
User: N/A
Computer:	SARENAH
Description:
Checking file system on C:
The type of the file system is FAT32.

A disk check has been scheduled.
Windows will now check the disk. 
Volume Serial Number is 1568-13FD
Windows is verifying free space...
Free space verification is complete.
Windows has checked the file system and found no problems.
17269440 KB total disk space.
2697520 KB in 1241 hidden files.
75520 KB in 4638 folders.
12911392 KB in 43073 files.
1584992 KB are available.

16384 bytes in each allocation unit.
1079340 total allocation units on disk.
99062 allocation units available on disk.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Rena30 (Jan 19, 2013)

Do I need to follow these steps? I have not done them yet? 

Start tapping the F8 key as soon as you switch on, at the menu select Last Known Good Configuration and see if that brings the system back to life again.

If not do this: 
Start tapping the F8 key immediately after starting the PC. This will take you to the "Advanced Boot Options".
Select "Safe Mode", the safe mode desktop will open with a message, select "No", the desktop will appear followed by the System Restore screen.

Click on Next and you will see if there are any Restore Points available or it will tell you there aren't.
If there are any take it back to the one Combofix created.

This will undo all the file removals and changes we made with and after Combofix was run but may be worth it if it gets the PC up and running again. If that Restore Point fails to improve things take it back to the earliest one you have.

Let me know how it goes.


----------



## Mark1956 (May 7, 2011)

Whats the latest on the systems performance in Normal Mode?


----------



## Rena30 (Jan 19, 2013)

I am still having to go into standby. It seems to be working a little bit better than the other day. But it still remains about the same.


----------



## Mark1956 (May 7, 2011)

There is not much left that we can try apart from what I suggested earlier when there appears to be a problem with burning CD's correctly. You could try to burn the SP3 CD again or there is an option to uninstall it and then re-install. But, as you don't have any of your important data backed up, if something goes wrong, there is a risk you may loose some or possibly all of it.

I think what you should be thinking about before going any further is trying to back up all your data, either by burning it to CD/DVD's (which may fail) or with an external hard drive. If your problem is due to a failing hard drive, which it could be, it may fail completely without warning.

It is a golden rule of having a PC that you should always keep back ups because every computer will let you down at some point in time, none of them are built or expected to last forever.


----------



## Rena30 (Jan 19, 2013)

Can you give me some instructions on how to back up my data (for both options, hard drive and burning)?


----------



## Mark1956 (May 7, 2011)

Have you any idea how much data you have, in Windows Explorer right click on your My Documents folder and then select Properties, it will show you how big it is.


----------



## Rena30 (Jan 19, 2013)

I really do not have alot and it really wouldn't hurt my feelings if I lost what I do have. The lady that I bought the computer from had so much stuff on here, I didn't know what I needed to keep and what I didn't need at all. Really my only concern is I sell alot of items on craigslist (it's like a local ebay site). And I do not know if I will loose all of that or if it stays to the website. Like I have a few gmail addresses and a yahoo address as long as I dont lose that stuff, then I'm not worried. I just what to try to fix it, whatever it takes.


----------



## Mark1956 (May 7, 2011)

Anything that is stored in your account at Craigslist will remain safe. If the email addresses are stored there they should also be safe, but if they are crucial and you are not sure if they are saved on your PC or on the site I would suggest you write them down.

Please follow this guide to uninstall SP3: http://support.microsoft.com/kb/950249

Then go here: http://support.microsoft.com/kb/322389 to download and re-install SP3.


----------



## Rena30 (Jan 19, 2013)

I had some work to do this morning. When I turned on my pc this afternoon, it did a file check scan. I went back to your prior instructions and posted you the log. I wanted you to have a look at it before I uninstall service pack 3. I think Google Chrome might be infected. I am not sure what all of that means so I just wanted to run it by you first.

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 3/15/2013
Time: 1:18:14 PM
User: N/A
Computer: SARENAH
Description:
Checking file system on C:
The type of the file system is FAT32.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk. 
Volume Serial Number is 1568-13FD
\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Local State.bad first allocation unit is not valid. The entry will be truncated.
\Documents and Settings\Coletta Wade\Local Settings\Temp\etilqs_xg4Sa5uVEU8aZRW first allocation unit is not valid. The entry will be truncated.
\Documents and Settings\Coletta Wade\Local Settings\Temp\etilqs_ahnwY2PEV74vvbV first allocation unit is not valid. The entry will be truncated.
\Documents and Settings\Coletta Wade\Local Settings\Temp\etilqs_PKJPyiPzkdMlzQY first allocation unit is not valid. The entry will be truncated.
Convert lost chains to files (Y/N)? Yes
64 KB in 1 recovered files.
Windows has made corrections to the file system.
17269440 KB total disk space.
610416 KB in 1277 hidden files.
75696 KB in 4653 folders.
12932576 KB in 42749 files.
3650736 KB are available.
16384 bytes in each allocation unit.
1079340 total allocation units on disk.
228171 allocation units available on disk.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Mark1956 (May 7, 2011)

Those are not necessarily infected files, if they were they should have been detected by previous scans.

But better safe than sorry so please run this tool which will take care of three of those items as they are in a temporary folder.

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.
=======================

Go to one of the following online services that analyzes suspicious files:

*Jotti's virusscan*
*VirusTotal*
*VirSCAN*

In the "*File to Scan*" (Upload or Submit) box, click the "*browse*" button and locate the following file:

C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\*Local State.bad* _<- this file_

Click "*Open*", then click the "*Submit*" button. If you get a message saying "_File has already been analyzed_", click *Reanalyze* or *Scan again*.
-- Post back with the results of the file analysis in your next reply.


----------



## Rena30 (Jan 19, 2013)

I have been working in Safe Mode because it works so much better. After your last post I turned my pc off, and tried to go back to normal mode. Each time it started up it did a file check and as soon as everything on the desktop would load it would shut completely off. It did that 3 or 4 times. Finally I gave up and went back to safe mode. I am going to try to follow your instructions in this mode.


----------



## Rena30 (Jan 19, 2013)

Well I finally got it to work in normal mode. While I was browsing for the file I could only find: 
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Local State

It kept saying that this file did not exist:
C:\Documents and Settings\Coletta Wade\Local Settings\Application Data\Google\Chrome\User Data\Local State.bad <- this file

So I just scanned the first one, but it did not find anything. I did take a screen shot of the results if you need it just let me know.


----------



## Rena30 (Jan 19, 2013)

Ok, well I have tried to uninstall XP SP3. When you go to your link there is 4 different methods. Method 1 did not work because it was not in the list. Method 2 did not work, I received this error:

"c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe
refers to a location that is unavailable. It could be on the hard drive of this computer, or on a network. Check to make sure the disk is properly inserted, or that you are connected to the internet, or your network, and then try again. If it still cannot be located, the information might have been moved to a different location."

Method 4 requires the Cd. 
So that only leaves method 3, however, I do not know the date that SP3 was installed. 
What do you suggest that I should do?


----------



## Mark1956 (May 7, 2011)

With all the disk checks running at start up it suggests there is a problem with your hard drive. The best check for that uses a burned CD, but as you appear to have a problem burning CD's then the best bet would be to run a hard drive diagnosis from within Windows.

Click on this link Seatools for Windows and download Seatools for Windows, the instructions are on the page. You must accept the licence agreement before you can get the download.

Let me know the result.


----------



## Rena30 (Jan 19, 2013)

I am not sure what I am supposed to do. I had to download something from microsoft in order for Sea Tools to work. I got it downloaded and then I opened Sea tools it stated that it was searching for drivers. when it was finished this popped up, I left it for along time thinking that I should just let it do what it does, but apparently I am supposed to do something to make it work?


----------



## Mark1956 (May 7, 2011)

Click on the small box next to your hard drive and then move the mouse pointer over Basic Tests and click on Long Generic and let it run to completion. It will show the result at the end of the test.


----------



## Rena30 (Jan 19, 2013)

It says it passed.


----------



## Mark1956 (May 7, 2011)

Ok, that is a good result. The only remaining choice now is to either try and burn the SP3 CD again or go for a full Factory Restore using the Recovery partition. You could also try using System Restore, but we will then have to run the clean up again.

We have run a multitude of scans which have not turned up anything specific which we have not already dealt with. If there is an infection at the route of the problem we have not been able to find it, but there is a chance this may be a hardware problem that is causing disk corruption or the registry is corrupt and not repairable. The SP3 re-install might fix the problem if you can do a successful burn of the CD, but there is no guarantee, burning the disk on a fully functional PC would certainly help.

I will have to leave you to make the final decision, if it was my PC I think I would just go for the Factory re-install and then see if the problem has been fixed. If problems persist after doing that it would be highly likely that there is a hardware fault causing the problem.


----------



## Rena30 (Jan 19, 2013)

Ok, well I think I would just like to do the factory Re-install. Yesterday when I turned off my pc It said "installing updates 1 of 8 Do not turn of your pc or unplug your computer" Well it downloaded all 8 updates and I thought maybe it would have done some good but it is still running exactly the same this morning. So Factory Re-Install it is. If you can give me the instructions I will do it as soon as I am finished with my errands today.


----------



## Mark1956 (May 7, 2011)

If you start tapping the F8 key at startup and look in the menu for Factory Restore (or similar) that will get you there, if it isn't in that menu there will be specific keys to press at boot up to launch the recovery partition. If you don't have the instruction manual please tell me the make and model number of the PC. I suspect that you have already posted that information but there is a lot of posts to look back through.


----------



## Rena30 (Jan 19, 2013)

Sorry I have been gone all day. Is this the information you need?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) M processor 1.50GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 16864 MB, Free - 2892 MB; D: Total - 18119 MB, Free - 17767 MB;
Motherboard: Acer, Garda-910
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

Under General Tab:
System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

Registerd to:
Coletta Wade
76477-OEM-0011903-00100
Acer Inc
Acer System
Intel (R) Celeron (R)M
processor 1.50Ghz
1.50GHz. 1.99GB of RAM
Physical Address Extension


----------



## Mark1956 (May 7, 2011)

Not quite, that information does include the manufacturer, but I need the model number, it should be written on a sticker somewhere on the machine it should also show a model name as well.


----------



## Rena30 (Jan 19, 2013)

Acer, TravelMate 2420 - Model # MS2180


----------



## Mark1956 (May 7, 2011)

Ok, as you switch on the PC hold down the Alt and the F10 keys. This will launch eRecovery, select Restore to Factory settings (or similar).


----------



## Rena30 (Jan 19, 2013)

Ok do I need to do anything else before doing this?


----------



## Mark1956 (May 7, 2011)

As long as you are sure there is no data you need to save then carry on.


----------



## Rena30 (Jan 19, 2013)

Ok I will be back to let you know the result thank you.


----------



## Mark1956 (May 7, 2011)

Ok, best of luck.


----------



## Rena30 (Jan 19, 2013)

Ok, it did reset everything back. When I turn on my pc there is a little red box saying that there is no antivirus turned on. On my desktop there is an icon for Norton Antivirus but it is from 2005. I was afaid to use it without having one turned on so I went into safe mode and came here to ask you, if I should install this or would you suggest a more up to date one? Also what browser to you consider to be the safest?


----------



## Mark1956 (May 7, 2011)

I would not use the Norton product as it will be a trial version which you will have to pay for when the trial period ends. Delete the icon and if it appears in Add/Remove Programs uninstall it then run the Norton Uninstall Tool

I would recommend this: Microsoft Security Essentials

Something else I would highly recommend, if everything is working ok and your CD drive is functional that you make a set of Recovery discs as these would be well worth having in the event of a complete system failure, i.e. the hard drive fails. This will create a copy of the Recovery partition.

As for browsers I would suggest Firefox or Google Chrome, Internet Explorer should also be updated to version 8 for increased security even if you do not use it, Windows Update uses it so it should be updated. Version 10 is available but with XP you can only go up to version 8.


----------



## Rena30 (Jan 19, 2013)

Ok I finally got microsoft essentials, I had to download alot of updates to get it, including Service Pack 2. However I was trying to download servise pack 3 and I kept getting an error telling me to download Service Pack 2 which I already did. Can you tell me where I can get Service Pack 3?

Also I wanted to tell you that after I got Microsoft Essentials it did a scan and detected- BrowserModifier:Win32/Istabar.F ActiveToolBand.dll
I removed it but I thought this might have something to do with my original problem.

Oh and I did upgrade internet explorer to IE8.


----------



## Mark1956 (May 7, 2011)

The detection by MSE is highly likely to be a false positive, i.e. a browser item that is included in the Factory restore. After a Factory restore there will be nothing left behind from the previous installation.

Follow this to get SP3 installed, you will then find there will ba a lot of updates to follow, could be 100+.


Go Here and click on How to get Windows XP SP3
Then click on Download the Service Pack manually.
Then click on Download the Windows XP Service Pack 3 package now
On the next page click on the *DOWNLOAD* button.
Follow the instructions lower down the page to start the installation immediately.


----------



## Rena30 (Jan 19, 2013)

Ok thank you. I shall return.


----------



## Mark1956 (May 7, 2011)

You're welcome.


----------



## Rena30 (Jan 19, 2013)

Ok, it did not work. It keeps saying it is not a valid Win32 Application. I tried it 3 times.


----------



## Mark1956 (May 7, 2011)

Go into Windows Update and make sure there are no more updates available, some more may be required before SP3 will install.


----------



## Rena30 (Jan 19, 2013)

Ok I went to tools and down to Windows Update. I followed the instructions and then I got this error message "The Website has encountered a problem and can not display the page you are trying to view." I tried that way 3 different times as well.


----------



## Rena30 (Jan 19, 2013)

The error message number is 0x80244019. Maybe that will help.


----------



## Mark1956 (May 7, 2011)

Go here: http://support.microsoft.com/kb/949104 an automatic Fixit will pop up on the screen, run it and follow the prompts.


----------



## Rena30 (Jan 19, 2013)

I received this message - 
"ADDITION SOFTWARE IS REQUIRED TO RUN THIS TROUBLE SHOOTER 
1. Please install the software updates from Windows update.
2. Then visit http;//www.microsoft.com/fixit"

I went to Windows up date, followed the prompts and received the same error message as before.
Error:not a valid Win32 Application
Error number 0x80244019


----------



## Mark1956 (May 7, 2011)

Try this:


Click on *Start*, then *Run* and type *services.msc* into the run box, and hit *Enter*. Scroll down the list to *Automatic Updates*, right click on it and select stop. Close the windows.
Click on *Start*, then *Run* type this into the run box *%windir%\SoftwareDistribution*, hit *Enter*.
Right click on the *Download* folder, select *Rename* and change the name to *Download.old*.
Go back and turn the *Windows Update* service back on.
Now, open *Control Panel *and click on *Windows Update*.
In the *Automatic Updates* window click on *Windows Update Web Site*, this will launch *IE* and open the web page.
Click on the *Express* button and it will check your system for required updates.
Just follow the links to get all the updates that are available, optional updates are not required.
It may say you need an *ActiveX* component to be installed, accept it and continue.

*NOTE*
If this resolves the problem you can go back and delete the *Download.old* folder and you're done.
If this fails to resolve the problem, click on *Start*, then *Run* and type *%windir%\WindowsUpdate.log* into the run box and hit *Enter*.
*Copy & Paste* the last 100-150 lines into your next reply.


----------



## Rena30 (Jan 19, 2013)

Ok, I followed the instructions and I received the same error message. 
(right after clicking the express button). Here is the log:

2004-09-14 13:03:37-0700 272 38c CreateService for wuauserv succeeded
2004-09-14 13:09:08-0700 1016 5e8 Service Main starts
2004-09-14 13:09:09-0700 1016 5e8 Using BatchFlushAge = 15769.
2004-09-14 13:09:09-0700 1016 5e8 Using SamplingValue = 501.
2004-09-14 13:09:09-0700 1016 5e8 Successfully loaded event namespace dictionary.
2004-09-14 13:09:09-0700 1016 5e8 Successfully loaded client event namespace descriptor.
2004-09-14 13:09:09-0700 1016 5e8 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2004-09-14 13:09:09-0700 1016 5e8 Successfully initialized NT event logger.
2004-09-14 13:09:09-0700 1016 5e8 Successfully initialized event uploader 0.
2004-09-14 13:09:09-0700 1016 5e8 Successfully initialized event uploader 1.
2004-09-14 13:09:10-0700 1016 5e8 WU client with version 5.4.3790.2180 successfully initialized
2004-09-14 13:09:10-0700 1016 5e8 Service status is now SERVICE_RUNNING
2004-09-14 13:09:17-0700 1016 3fc Service received connect notification
2004-09-14 13:09:19-0700 1016 3fc Service received logon notification
2004-09-14 13:09:55-0700 1016 5e8 start delayed initialization of WU client
2004-09-14 13:09:55-0700 128 88 Trying to make out of proc datastore active
2004-09-14 13:09:58-0700 128 88 Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 added
2004-09-14 13:09:58-0700 128 88 Service 9482F4B4-E343-43B6-B170-9A65BC822C77 added
2004-09-14 13:09:58-0700 128 88 Data store successfully created
2004-09-14 13:09:58-0700 128 88 Out of proc datastore is now active
2004-09-14 13:09:58-0700 1016 5e8 Client Call Recorder finished delayed initialization
2004-09-14 13:09:58-0700 1016 5e8 AU is not configured yet, generating timeout to launch setup wizard
2004-09-14 13:09:58-0700 1016 5e8 AU finished delayed initialization
2004-09-14 13:14:58-0700 128 88 Out of proc datastore is shutting down
2004-09-14 13:14:59-0700 128 88 Out of proc datastore is now inactive
2004-09-14 15:09:41-0700 1016 3fc Service received logoff notification
2004-09-14 15:09:41-0700 1016 5e8 AU received event of 3
2004-09-14 15:09:42-0700 1016 474 AU Restart required....
2004-09-14 15:09:42-0700 1016 5e8 AU received event of 1
2004-09-14 15:09:42-0700 652 7d0 WUAutoUpdateAtShutdown failed, hr=8024A000
2004-09-14 15:09:42-0700 1016 5e8 AU is paused, not initializing any handlers
2004-09-14 15:09:44-0700 1016 3fc Service received SERVICE_CONTROL_SHUTDOWN control
2004-09-14 15:09:44-0700 1016 5e8 Exiting Service Main
2004-09-14 15:09:45-0700 1016 5e8 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:04:26-0700 704 3fc Service Main starts
2005-06-20 02:04:27-0700 704 3fc Using BatchFlushAge = 15769.
2005-06-20 02:04:27-0700 704 3fc Using SamplingValue = 501.
2005-06-20 02:04:27-0700 704 3fc Successfully loaded event namespace dictionary.
2005-06-20 02:04:27-0700 704 3fc Successfully loaded client event namespace descriptor.
2005-06-20 02:04:27-0700 704 3fc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:04:27-0700 704 3fc Successfully initialized NT event logger.
2005-06-20 02:04:27-0700 704 3fc Successfully initialized event uploader 0.
2005-06-20 02:04:27-0700 704 3fc Successfully initialized event uploader 1.
2005-06-20 02:04:27-0700 704 3fc WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:04:27-0700 704 3fc Service status is now SERVICE_RUNNING
2005-06-20 02:05:12-0700 704 3fc start delayed initialization of WU client
2005-06-20 02:05:14-0700 1076 560 Trying to make out of proc datastore active
2005-06-20 02:05:15-0700 1076 560 Out of proc datastore is now active
2005-06-20 02:05:15-0700 704 3fc Client Call Recorder finished delayed initialization
2005-06-20 02:05:15-0700 704 3fc AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:05:15-0700 704 3fc AU finished delayed initialization
2005-06-20 02:05:15-0700 704 3fc AU received event of 1
2005-06-20 02:05:43-0700 704 2c4 Service received logon notification
2005-06-20 02:05:43-0700 704 3fc AU received event of 3
2005-06-20 02:05:43-0700 704 2c4 Service received connect notification
2005-06-20 02:05:43-0700 704 3fc AU received event of 3
2005-06-20 02:07:00-0700 704 2c4 Service received logoff notification
2005-06-20 02:07:00-0700 704 3fc AU received event of 3
2005-06-20 02:07:01-0700 704 4a0 AU Restart required....
2005-06-20 02:07:01-0700 704 3fc AU received event of 1
2005-06-20 02:07:01-0700 408 6fc WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:07:01-0700 704 3fc AU is paused, not initializing any handlers
2005-06-20 02:07:02-0700 704 2c4 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:07:02-0700 704 3fc Exiting Service Main
2005-06-20 02:07:03-0700 1076 560 Out of proc datastore is shutting down
2005-06-20 02:07:03-0700 704 3fc WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:07:04-0700 1076 560 Out of proc datastore is now inactive
2005-06-20 02:07:29-0700 952 5e4 Service Main starts
2005-06-20 02:07:29-0700 952 5e4 Using BatchFlushAge = 15769.
2005-06-20 02:07:29-0700 952 5e4 Using SamplingValue = 501.
2005-06-20 02:07:29-0700 952 5e4 Successfully loaded event namespace dictionary.
2005-06-20 02:07:29-0700 952 5e4 Successfully loaded client event namespace descriptor.
2005-06-20 02:07:29-0700 952 5e4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:07:29-0700 952 5e4 Successfully initialized NT event logger.
2005-06-20 02:07:29-0700 952 5e4 Successfully initialized event uploader 0.
2005-06-20 02:07:29-0700 952 5e4 Successfully initialized event uploader 1.
2005-06-20 02:07:29-0700 952 5e4 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:07:29-0700 952 5e4 Service status is now SERVICE_RUNNING
2005-06-20 02:07:35-0700 952 3bc Service received logon notification
2005-06-20 02:07:36-0700 952 3bc Service received connect notification
2005-06-20 02:08:14-0700 952 5e4 start delayed initialization of WU client
2005-06-20 02:08:14-0700 1812 730 Trying to make out of proc datastore active
2005-06-20 02:08:15-0700 1812 730 Out of proc datastore is now active
2005-06-20 02:08:16-0700 952 5e4 Client Call Recorder finished delayed initialization
2005-06-20 02:08:16-0700 952 5e4 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:08:16-0700 952 5e4 AU finished delayed initialization
2005-06-20 02:08:16-0700 952 5e4 AU received event of 1
2005-06-20 02:08:16-0700 952 3bc Service received logoff notification
2005-06-20 02:08:16-0700 952 5e4 AU received event of 3
2005-06-20 02:08:16-0700 952 644 AU Restart required....
2005-06-20 02:08:16-0700 952 5e4 AU received event of 1
2005-06-20 02:08:16-0700 644 7fc WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:08:16-0700 952 5e4 AU is paused, not initializing any handlers
2005-06-20 02:08:17-0700 952 3bc Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:08:17-0700 952 5e4 Exiting Service Main
2005-06-20 02:08:17-0700 1812 730 Out of proc datastore is shutting down
2005-06-20 02:08:18-0700 952 5e4 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:08:19-0700 1812 730 Out of proc datastore is now inactive
2005-06-20 02:08:45-0700 944 5e4 Service Main starts
2005-06-20 02:08:45-0700 944 5e4 Using BatchFlushAge = 15769.
2005-06-20 02:08:45-0700 944 5e4 Using SamplingValue = 501.
2005-06-20 02:08:45-0700 944 5e4 Successfully loaded event namespace dictionary.
2005-06-20 02:08:45-0700 944 5e4 Successfully loaded client event namespace descriptor.
2005-06-20 02:08:45-0700 944 5e4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:08:45-0700 944 5e4 Successfully initialized NT event logger.
2005-06-20 02:08:45-0700 944 5e4 Successfully initialized event uploader 0.
2005-06-20 02:08:45-0700 944 5e4 Successfully initialized event uploader 1.
2005-06-20 02:08:45-0700 944 5e4 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:08:45-0700 944 5e4 Service status is now SERVICE_RUNNING
2005-06-20 02:08:50-0700 944 3b4 Service received logon notification
2005-06-20 02:08:50-0700 944 3b4 Service received connect notification
2005-06-20 02:09:30-0700 944 5e4 start delayed initialization of WU client
2005-06-20 02:09:33-0700 1856 744 Trying to make out of proc datastore active
2005-06-20 02:09:34-0700 1856 744 Out of proc datastore is now active
2005-06-20 02:09:34-0700 944 5e4 Client Call Recorder finished delayed initialization
2005-06-20 02:09:34-0700 944 5e4 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:09:34-0700 944 5e4 AU finished delayed initialization
2005-06-20 02:09:34-0700 944 5e4 AU received event of 1
2005-06-20 02:14:07-0700 944 3b4 Service received logoff notification
2005-06-20 02:14:07-0700 944 5e4 AU received event of 3
2005-06-20 02:14:11-0700 944 564 AU Restart required....
2005-06-20 02:14:11-0700 944 5e4 AU received event of 1
2005-06-20 02:14:11-0700 644 678 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:14:11-0700 944 5e4 AU is paused, not initializing any handlers
2005-06-20 02:14:12-0700 944 3b4 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:14:12-0700 944 5e4 Exiting Service Main
2005-06-20 02:14:13-0700 1856 744 Out of proc datastore is shutting down
2005-06-20 02:14:13-0700 944 5e4 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:14:14-0700 1856 744 Out of proc datastore is now inactive
2005-06-20 02:14:40-0700 952 5e4 Service Main starts
2005-06-20 02:14:40-0700 952 5e4 Using BatchFlushAge = 15769.
2005-06-20 02:14:40-0700 952 5e4 Using SamplingValue = 501.
2005-06-20 02:14:40-0700 952 5e4 Successfully loaded event namespace dictionary.
2005-06-20 02:14:40-0700 952 5e4 Successfully loaded client event namespace descriptor.
2005-06-20 02:14:40-0700 952 5e4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:14:40-0700 952 5e4 Successfully initialized NT event logger.
2005-06-20 02:14:40-0700 952 5e4 Successfully initialized event uploader 0.
2005-06-20 02:14:40-0700 952 5e4 Successfully initialized event uploader 1.
2005-06-20 02:14:40-0700 952 5e4 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:14:40-0700 952 5e4 Service status is now SERVICE_RUNNING
2005-06-20 02:14:46-0700 952 3bc Service received logon notification
2005-06-20 02:14:47-0700 952 3bc Service received connect notification
2005-06-20 02:15:25-0700 952 5e4 start delayed initialization of WU client
2005-06-20 02:15:26-0700 596 25c Trying to make out of proc datastore active
2005-06-20 02:15:26-0700 596 25c Out of proc datastore is now active
2005-06-20 02:15:26-0700 952 5e4 Client Call Recorder finished delayed initialization
2005-06-20 02:15:26-0700 952 5e4 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:15:26-0700 952 5e4 AU finished delayed initialization
2005-06-20 02:15:26-0700 952 5e4 AU received event of 1
2005-06-20 02:15:31-0700 952 3bc Service received logoff notification
2005-06-20 02:15:31-0700 952 5e4 AU received event of 3
2005-06-20 02:15:35-0700 952 520 AU Restart required....
2005-06-20 02:15:35-0700 952 5e4 AU received event of 1
2005-06-20 02:15:35-0700 652 ec WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:15:35-0700 952 5e4 AU is paused, not initializing any handlers
2005-06-20 02:15:36-0700 952 3bc Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:15:36-0700 952 5e4 Exiting Service Main
2005-06-20 02:15:36-0700 596 25c Out of proc datastore is shutting down
2005-06-20 02:15:37-0700 952 5e4 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:15:38-0700 596 25c Out of proc datastore is now inactive
2005-06-20 02:16:05-0700 952 5e8 Service Main starts
2005-06-20 02:16:05-0700 952 5e8 Using BatchFlushAge = 15769.
2005-06-20 02:16:05-0700 952 5e8 Using SamplingValue = 501.
2005-06-20 02:16:05-0700 952 5e8 Successfully loaded event namespace dictionary.
2005-06-20 02:16:05-0700 952 5e8 Successfully loaded client event namespace descriptor.
2005-06-20 02:16:05-0700 952 5e8 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:16:05-0700 952 5e8 Successfully initialized NT event logger.
2005-06-20 02:16:05-0700 952 5e8 Successfully initialized event uploader 0.
2005-06-20 02:16:05-0700 952 5e8 Successfully initialized event uploader 1.
2005-06-20 02:16:05-0700 952 5e8 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:16:05-0700 952 5e8 Service status is now SERVICE_RUNNING
2005-06-20 02:16:10-0700 952 3bc Service received logon notification
2005-06-20 02:16:10-0700 952 3bc Service received connect notification
2005-06-20 02:16:50-0700 952 5e8 start delayed initialization of WU client
2005-06-20 02:16:51-0700 1708 6b0 Trying to make out of proc datastore active
2005-06-20 02:16:52-0700 1708 6b0 Out of proc datastore is now active
2005-06-20 02:16:52-0700 952 5e8 Client Call Recorder finished delayed initialization
2005-06-20 02:16:52-0700 952 5e8 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:16:52-0700 952 5e8 AU finished delayed initialization
2005-06-20 02:16:52-0700 952 5e8 AU received event of 1
2005-06-20 02:20:13-0700 952 3bc Service received logoff notification
2005-06-20 02:20:13-0700 952 5e8 AU received event of 3
2005-06-20 02:20:17-0700 952 f08 AU Restart required....
2005-06-20 02:20:17-0700 952 5e8 AU received event of 1
2005-06-20 02:20:17-0700 652 160 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:20:17-0700 952 5e8 AU is paused, not initializing any handlers
2005-06-20 02:20:21-0700 952 3bc Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:20:21-0700 952 5e8 Exiting Service Main
2005-06-20 02:20:23-0700 1708 6b0 Out of proc datastore is shutting down
2005-06-20 02:20:23-0700 952 5e8 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:20:24-0700 1708 6b0 Out of proc datastore is now inactive
2005-06-20 02:20:53-0700 956 6a8 Service Main starts
2005-06-20 02:20:53-0700 956 6a8 Using BatchFlushAge = 15769.
2005-06-20 02:20:53-0700 956 6a8 Using SamplingValue = 501.
2005-06-20 02:20:53-0700 956 6a8 Successfully loaded event namespace dictionary.
2005-06-20 02:20:53-0700 956 6a8 Successfully loaded client event namespace descriptor.
2005-06-20 02:20:53-0700 956 6a8 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:20:53-0700 956 6a8 Successfully initialized NT event logger.
2005-06-20 02:20:53-0700 956 6a8 Successfully initialized event uploader 0.
2005-06-20 02:20:53-0700 956 6a8 Successfully initialized event uploader 1.
2005-06-20 02:20:53-0700 956 6a8 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:20:53-0700 956 6a8 Service status is now SERVICE_RUNNING
2005-06-20 02:20:58-0700 956 3c0 Service received connect notification
2005-06-20 02:21:38-0700 956 6a8 start delayed initialization of WU client
2005-06-20 02:21:38-0700 1936 324 Trying to make out of proc datastore active
2005-06-20 02:21:39-0700 1936 324 Out of proc datastore is now active
2005-06-20 02:21:39-0700 956 6a8 Client Call Recorder finished delayed initialization
2005-06-20 02:21:39-0700 956 6a8 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:21:39-0700 956 6a8 AU finished delayed initialization
2005-06-20 02:21:39-0700 956 6a8 AU received event of 1
2005-06-20 02:26:39-0700 1936 324 Out of proc datastore is shutting down
2005-06-20 02:26:40-0700 1936 324 Out of proc datastore is now inactive
2005-06-20 02:34:56-0700 956 3c0 Service received logoff notification
2005-06-20 02:34:56-0700 956 6a8 AU received event of 3
2005-06-20 02:35:00-0700 956 59c AU Restart required....
2005-06-20 02:35:00-0700 956 6a8 AU received event of 1
2005-06-20 02:35:00-0700 652 624 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:35:00-0700 956 6a8 AU is paused, not initializing any handlers
2005-06-20 02:35:01-0700 956 3c0 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:35:01-0700 956 6a8 Exiting Service Main
2005-06-20 02:35:01-0700 956 6a8 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:35:32-0700 956 6b8 Service Main starts
2005-06-20 02:35:32-0700 956 6b8 Using BatchFlushAge = 15769.
2005-06-20 02:35:32-0700 956 6b8 Using SamplingValue = 501.
2005-06-20 02:35:32-0700 956 6b8 Successfully loaded event namespace dictionary.
2005-06-20 02:35:32-0700 956 6b8 Successfully loaded client event namespace descriptor.
2005-06-20 02:35:32-0700 956 6b8 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:35:32-0700 956 6b8 Successfully initialized NT event logger.
2005-06-20 02:35:32-0700 956 6b8 Successfully initialized event uploader 0.
2005-06-20 02:35:32-0700 956 6b8 Successfully initialized event uploader 1.
2005-06-20 02:35:32-0700 956 6b8 WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:35:32-0700 956 6b8 Service status is now SERVICE_RUNNING
2005-06-20 02:35:35-0700 956 3c0 Service received connect notification
2005-06-20 02:36:17-0700 956 6b8 start delayed initialization of WU client
2005-06-20 02:36:17-0700 376 198 Trying to make out of proc datastore active
2005-06-20 02:36:18-0700 376 198 Out of proc datastore is now active
2005-06-20 02:36:18-0700 956 6b8 Client Call Recorder finished delayed initialization
2005-06-20 02:36:18-0700 956 6b8 AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:36:18-0700 956 6b8 AU finished delayed initialization
2005-06-20 02:36:18-0700 956 6b8 AU received event of 1
2005-06-20 02:37:40-0700 956 3c0 Service received logoff notification
2005-06-20 02:37:40-0700 956 6b8 AU received event of 3
2005-06-20 02:37:45-0700 956 708 AU Restart required....
2005-06-20 02:37:45-0700 956 6b8 AU received event of 1
2005-06-20 02:37:45-0700 652 7ac WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-20 02:37:45-0700 956 6b8 AU is paused, not initializing any handlers
2005-06-20 02:37:47-0700 956 3c0 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-20 02:37:48-0700 956 6b8 Exiting Service Main
2005-06-20 02:37:48-0700 376 198 Out of proc datastore is shutting down
2005-06-20 02:37:49-0700 956 6b8 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:37:50-0700 376 198 Out of proc datastore is now inactive
2005-06-20 02:38:25-0700 960 64c Service Main starts
2005-06-20 02:38:25-0700 960 64c Using BatchFlushAge = 15769.
2005-06-20 02:38:25-0700 960 64c Using SamplingValue = 501.
2005-06-20 02:38:25-0700 960 64c Successfully loaded event namespace dictionary.
2005-06-20 02:38:25-0700 960 64c Successfully loaded client event namespace descriptor.
2005-06-20 02:38:25-0700 960 64c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-20 02:38:25-0700 960 64c Successfully initialized NT event logger.
2005-06-20 02:38:25-0700 960 64c Successfully initialized event uploader 0.
2005-06-20 02:38:25-0700 960 64c Successfully initialized event uploader 1.
2005-06-20 02:38:25-0700 960 64c WU client with version 5.4.3790.2180 successfully initialized
2005-06-20 02:38:25-0700 960 64c Service status is now SERVICE_RUNNING
2005-06-20 02:38:29-0700 960 3c4 Service received logon notification
2005-06-20 02:38:30-0700 960 3c4 Service received connect notification
2005-06-20 02:39:10-0700 960 64c start delayed initialization of WU client
2005-06-20 02:39:10-0700 1104 b8 Trying to make out of proc datastore active
2005-06-20 02:39:11-0700 1104 b8 Out of proc datastore is now active
2005-06-20 02:39:11-0700 960 64c Client Call Recorder finished delayed initialization
2005-06-20 02:39:11-0700 960 64c AU is not configured yet, generating timeout to launch setup wizard
2005-06-20 02:39:11-0700 960 64c AU finished delayed initialization
2005-06-20 02:39:11-0700 960 64c AU received event of 1
2005-06-20 02:42:14-0700 960 3c4 Service received SERVICE_CONTROL_STOP control
2005-06-20 02:42:14-0700 960 64c Exiting Service Main
2005-06-20 02:42:15-0700 1104 b8 Out of proc datastore is shutting down
2005-06-20 02:42:16-0700 960 64c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-20 02:42:17-0700 1104 b8 Out of proc datastore is now inactive
2005-06-20 02:42:23-0700 652 458 WUAutoUpdateAtShutdown failed, hr=8024000C
2005-06-24 10:38:29-0700 956 61c Service Main starts
2005-06-24 10:38:29-0700 956 61c Using BatchFlushAge = 15769.
2005-06-24 10:38:29-0700 956 61c Using SamplingValue = 501.
2005-06-24 10:38:29-0700 956 61c Successfully loaded event namespace dictionary.
2005-06-24 10:38:29-0700 956 61c Successfully loaded client event namespace descriptor.
2005-06-24 10:38:29-0700 956 61c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-24 10:38:29-0700 956 61c Successfully initialized NT event logger.
2005-06-24 10:38:29-0700 956 61c Successfully initialized event uploader 0.
2005-06-24 10:38:29-0700 956 61c Successfully initialized event uploader 1.
2005-06-24 10:38:29-0700 956 61c WU client with version 5.4.3790.2180 successfully initialized
2005-06-24 10:38:29-0700 956 61c Service status is now SERVICE_RUNNING
2005-06-24 10:38:34-0700 956 3c0 Service received logon notification
2005-06-24 10:38:34-0700 956 3c0 Service received connect notification
2005-06-24 10:39:14-0700 956 61c start delayed initialization of WU client
2005-06-24 10:39:15-0700 2028 7f8 Trying to make out of proc datastore active
2005-06-24 10:39:15-0700 2028 7f8 Out of proc datastore is now active
2005-06-24 10:39:15-0700 956 61c Client Call Recorder finished delayed initialization
2005-06-24 10:39:15-0700 956 61c AU is not configured yet, generating timeout to launch setup wizard
2005-06-24 10:39:15-0700 956 61c AU finished delayed initialization
2005-06-24 10:39:15-0700 956 61c AU received event of 1
2005-06-24 10:43:53-0700 956 3c0 Service received logoff notification
2005-06-24 10:43:53-0700 956 61c AU received event of 3
2005-06-24 10:43:57-0700 956 508 AU Restart required....
2005-06-24 10:43:57-0700 956 61c AU received event of 1
2005-06-24 10:43:57-0700 652 714 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-24 10:43:57-0700 956 61c AU is paused, not initializing any handlers
2005-06-24 10:43:59-0700 956 3c0 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-24 10:43:59-0700 956 61c Exiting Service Main
2005-06-24 10:43:59-0700 2028 7f8 Out of proc datastore is shutting down
2005-06-24 10:43:59-0700 956 61c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-24 10:44:00-0700 2028 7f8 Out of proc datastore is now inactive
2005-06-24 10:44:29-0700 960 6c0 Service Main starts
2005-06-24 10:44:29-0700 960 6c0 Using BatchFlushAge = 15769.
2005-06-24 10:44:29-0700 960 6c0 Using SamplingValue = 501.
2005-06-24 10:44:29-0700 960 6c0 Successfully loaded event namespace dictionary.
2005-06-24 10:44:29-0700 960 6c0 Successfully loaded client event namespace descriptor.
2005-06-24 10:44:29-0700 960 6c0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-24 10:44:29-0700 960 6c0 Successfully initialized NT event logger.
2005-06-24 10:44:29-0700 960 6c0 Successfully initialized event uploader 0.
2005-06-24 10:44:29-0700 960 6c0 Successfully initialized event uploader 1.
2005-06-24 10:44:29-0700 960 6c0 WU client with version 5.4.3790.2180 successfully initialized
2005-06-24 10:44:29-0700 960 6c0 Service status is now SERVICE_RUNNING
2005-06-24 10:44:34-0700 960 3c4 Service received connect notification
2005-06-24 10:45:14-0700 960 6c0 start delayed initialization of WU client
2005-06-24 10:45:15-0700 1936 7b8 Trying to make out of proc datastore active
2005-06-24 10:45:15-0700 1936 7b8 Out of proc datastore is now active
2005-06-24 10:45:15-0700 960 6c0 Client Call Recorder finished delayed initialization
2005-06-24 10:45:15-0700 960 6c0 AU is not configured yet, generating timeout to launch setup wizard
2005-06-24 10:45:15-0700 960 6c0 AU finished delayed initialization
2005-06-24 10:45:15-0700 960 6c0 AU received event of 1
2005-06-24 10:48:12-0700 960 3c4 Service received logoff notification
2005-06-24 10:48:12-0700 960 6c0 AU received event of 3
2005-06-24 10:48:16-0700 960 6e0 AU Restart required....
2005-06-24 10:48:16-0700 960 6c0 AU received event of 1
2005-06-24 10:48:16-0700 656 470 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-06-24 10:48:16-0700 960 6c0 AU is paused, not initializing any handlers
2005-06-24 10:48:16-0700 960 3c4 Service received SERVICE_CONTROL_SHUTDOWN control
2005-06-24 10:48:16-0700 960 6c0 Exiting Service Main
2005-06-24 10:48:17-0700 1936 7b8 Out of proc datastore is shutting down
2005-06-24 10:48:17-0700 960 6c0 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-24 10:48:18-0700 1936 7b8 Out of proc datastore is now inactive
2005-06-24 10:48:48-0700 960 704 Service Main starts
2005-06-24 10:48:48-0700 960 704 Using BatchFlushAge = 15769.
2005-06-24 10:48:48-0700 960 704 Using SamplingValue = 501.
2005-06-24 10:48:48-0700 960 704 Successfully loaded event namespace dictionary.
2005-06-24 10:48:48-0700 960 704 Successfully loaded client event namespace descriptor.
2005-06-24 10:48:48-0700 960 704 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-06-24 10:48:48-0700 960 704 Successfully initialized NT event logger.
2005-06-24 10:48:48-0700 960 704 Successfully initialized event uploader 0.
2005-06-24 10:48:48-0700 960 704 Successfully initialized event uploader 1.
2005-06-24 10:48:48-0700 960 704 WU client with version 5.4.3790.2180 successfully initialized
2005-06-24 10:48:48-0700 960 704 Service status is now SERVICE_RUNNING
2005-06-24 10:48:53-0700 960 3c4 Service received connect notification
2005-06-24 10:49:33-0700 960 704 start delayed initialization of WU client
2005-06-24 10:49:34-0700 540 218 Trying to make out of proc datastore active
2005-06-24 10:49:34-0700 540 218 Out of proc datastore is now active
2005-06-24 10:49:34-0700 960 704 Client Call Recorder finished delayed initialization
2005-06-24 10:49:34-0700 960 704 AU is not configured yet, generating timeout to launch setup wizard
2005-06-24 10:49:34-0700 960 704 AU finished delayed initialization
2005-06-24 10:49:34-0700 960 704 AU received event of 1
2005-06-24 10:54:09-0700 960 3c4 Service received SERVICE_CONTROL_STOP control
2005-06-24 10:54:09-0700 960 704 Exiting Service Main
2005-06-24 10:54:10-0700 540 218 Out of proc datastore is shutting down
2005-06-24 10:54:10-0700 960 704 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-06-24 10:54:12-0700 540 218 Out of proc datastore is now inactive
2005-06-24 10:54:18-0700 656 7ac WUAutoUpdateAtShutdown failed, hr=8024000C
2005-11-10 18:54:05-0800 960 5e0 Service Main starts
2005-11-10 18:54:05-0800 960 5e0 Using BatchFlushAge = 15769.
2005-11-10 18:54:05-0800 960 5e0 Using SamplingValue = 501.
2005-11-10 18:54:05-0800 960 5e0 Successfully loaded event namespace dictionary.
2005-11-10 18:54:05-0800 960 5e0 Successfully loaded client event namespace descriptor.
2005-11-10 18:54:05-0800 960 5e0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 18:54:05-0800 960 5e0 Successfully initialized NT event logger.
2005-11-10 18:54:05-0800 960 5e0 Successfully initialized event uploader 0.
2005-11-10 18:54:05-0800 960 5e0 Successfully initialized event uploader 1.
2005-11-10 18:54:05-0800 960 5e0 WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 18:54:05-0800 960 5e0 Service status is now SERVICE_RUNNING
2005-11-10 18:54:11-0800 960 3c4 Service received logon notification
2005-11-10 18:54:11-0800 960 3c4 Service received connect notification
2005-11-10 18:54:50-0800 960 5e0 start delayed initialization of WU client
2005-11-10 18:54:50-0800 2040 8c Trying to make out of proc datastore active
2005-11-10 18:54:51-0800 2040 8c Out of proc datastore is now active
2005-11-10 18:54:51-0800 960 5e0 Client Call Recorder finished delayed initialization
2005-11-10 18:54:51-0800 960 5e0 AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 18:54:51-0800 960 5e0 AU finished delayed initialization
2005-11-10 18:54:51-0800 960 5e0 AU received event of 1
2005-11-10 18:56:37-0800 960 3c4 Service received logoff notification
2005-11-10 18:56:37-0800 960 5e0 AU received event of 3
2005-11-10 18:56:38-0800 960 b88 AU Restart required....
2005-11-10 18:56:38-0800 960 5e0 AU received event of 1
2005-11-10 18:56:38-0800 656 d64 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 18:56:38-0800 960 5e0 AU is paused, not initializing any handlers
2005-11-10 18:56:39-0800 960 3c4 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 18:56:39-0800 960 5e0 Exiting Service Main
2005-11-10 18:56:39-0800 2040 8c Out of proc datastore is shutting down
2005-11-10 18:56:39-0800 960 5e0 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 18:56:40-0800 2040 8c Out of proc datastore is now inactive
2005-11-10 18:57:11-0800 956 69c Service Main starts
2005-11-10 18:57:13-0800 956 69c Using BatchFlushAge = 15769.
2005-11-10 18:57:13-0800 956 69c Using SamplingValue = 501.
2005-11-10 18:57:13-0800 956 69c Successfully loaded event namespace dictionary.
2005-11-10 18:57:13-0800 956 69c Successfully loaded client event namespace descriptor.
2005-11-10 18:57:13-0800 956 69c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 18:57:13-0800 956 69c Successfully initialized NT event logger.
2005-11-10 18:57:13-0800 956 69c Successfully initialized event uploader 0.
2005-11-10 18:57:13-0800 956 69c Successfully initialized event uploader 1.
2005-11-10 18:57:13-0800 956 69c WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 18:57:13-0800 956 69c Service status is now SERVICE_RUNNING
2005-11-10 18:57:16-0800 956 3c0 Service received connect notification
2005-11-10 18:57:58-0800 956 69c start delayed initialization of WU client
2005-11-10 18:57:58-0800 1808 600 Trying to make out of proc datastore active
2005-11-10 18:57:59-0800 1808 600 Out of proc datastore is now active
2005-11-10 18:57:59-0800 956 69c Client Call Recorder finished delayed initialization
2005-11-10 18:57:59-0800 956 69c AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 18:57:59-0800 956 69c AU finished delayed initialization
2005-11-10 18:57:59-0800 956 69c AU received event of 1
2005-11-10 18:58:09-0800 956 3c0 Service received logoff notification
2005-11-10 18:58:09-0800 956 69c AU received event of 3
2005-11-10 18:58:10-0800 956 75c AU Restart required....
2005-11-10 18:58:10-0800 956 69c AU received event of 1
2005-11-10 18:58:10-0800 652 708 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 18:58:10-0800 956 69c AU is paused, not initializing any handlers
2005-11-10 18:58:11-0800 956 3c0 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 18:58:11-0800 956 69c Exiting Service Main
2005-11-10 18:58:11-0800 1808 600 Out of proc datastore is shutting down
2005-11-10 18:58:11-0800 956 69c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 18:58:12-0800 1808 600 Out of proc datastore is now inactive
2005-11-10 18:58:43-0800 948 698 Service Main starts
2005-11-10 18:58:43-0800 948 698 Using BatchFlushAge = 15769.
2005-11-10 18:58:43-0800 948 698 Using SamplingValue = 501.
2005-11-10 18:58:43-0800 948 698 Successfully loaded event namespace dictionary.
2005-11-10 18:58:43-0800 948 698 Successfully loaded client event namespace descriptor.
2005-11-10 18:58:43-0800 948 698 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 18:58:43-0800 948 698 Successfully initialized NT event logger.
2005-11-10 18:58:43-0800 948 698 Successfully initialized event uploader 0.
2005-11-10 18:58:43-0800 948 698 Successfully initialized event uploader 1.
2005-11-10 18:58:44-0800 948 698 WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 18:58:44-0800 948 698 Service status is now SERVICE_RUNNING
2005-11-10 18:58:47-0800 948 3b8 Service received connect notification
2005-11-10 18:59:29-0800 948 698 start delayed initialization of WU client
2005-11-10 18:59:29-0800 1352 438 Trying to make out of proc datastore active
2005-11-10 18:59:29-0800 1352 438 Out of proc datastore is now active
2005-11-10 18:59:29-0800 948 698 Client Call Recorder finished delayed initialization
2005-11-10 18:59:29-0800 948 698 AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 18:59:29-0800 948 698 AU finished delayed initialization
2005-11-10 18:59:29-0800 948 698 AU received event of 1
2005-11-10 19:00:10-0800 948 3b8 Service received logoff notification
2005-11-10 19:00:10-0800 948 698 AU received event of 3
2005-11-10 19:00:10-0800 948 53c AU Restart required....
2005-11-10 19:00:10-0800 948 698 AU received event of 1
2005-11-10 19:00:10-0800 644 414 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 19:00:10-0800 948 698 AU is paused, not initializing any handlers
2005-11-10 19:00:11-0800 948 3b8 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 19:00:11-0800 948 698 Exiting Service Main
2005-11-10 19:00:12-0800 1352 438 Out of proc datastore is shutting down
2005-11-10 19:00:12-0800 948 698 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:00:13-0800 1352 438 Out of proc datastore is now inactive
2005-11-10 19:07:42-0800 760 51c Service Main starts
2005-11-10 19:07:42-0800 760 51c Using BatchFlushAge = 15769.
2005-11-10 19:07:42-0800 760 51c Using SamplingValue = 501.
2005-11-10 19:07:42-0800 760 51c Successfully loaded event namespace dictionary.
2005-11-10 19:07:42-0800 760 51c Successfully loaded client event namespace descriptor.
2005-11-10 19:07:42-0800 760 51c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 19:07:42-0800 760 51c Successfully initialized NT event logger.
2005-11-10 19:07:42-0800 760 51c Successfully initialized event uploader 0.
2005-11-10 19:07:42-0800 760 51c Successfully initialized event uploader 1.
2005-11-10 19:07:42-0800 760 51c WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 19:07:42-0800 760 51c Service status is now SERVICE_RUNNING
2005-11-10 19:07:46-0800 760 2fc Service received connect notification
2005-11-10 19:08:27-0800 760 51c start delayed initialization of WU client
2005-11-10 19:08:28-0800 708 314 Trying to make out of proc datastore active
2005-11-10 19:08:28-0800 708 314 Out of proc datastore is now active
2005-11-10 19:08:28-0800 760 51c Client Call Recorder finished delayed initialization
2005-11-10 19:08:28-0800 760 51c AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 19:08:28-0800 760 51c AU finished delayed initialization
2005-11-10 19:08:28-0800 760 51c AU received event of 1
2005-11-10 19:09:04-0800 760 2fc Service received logoff notification
2005-11-10 19:09:04-0800 760 51c AU received event of 3
2005-11-10 19:09:04-0800 760 5cc AU Restart required....
2005-11-10 19:09:04-0800 760 51c AU received event of 1
2005-11-10 19:09:04-0800 476 6cc WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 19:09:04-0800 760 51c AU is paused, not initializing any handlers
2005-11-10 19:09:05-0800 760 2fc Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 19:09:05-0800 760 51c Exiting Service Main
2005-11-10 19:09:05-0800 708 314 Out of proc datastore is shutting down
2005-11-10 19:09:05-0800 760 51c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:09:06-0800 708 314 Out of proc datastore is now inactive
2005-11-10 19:09:37-0800 756 51c Service Main starts
2005-11-10 19:09:37-0800 756 51c Using BatchFlushAge = 15769.
2005-11-10 19:09:37-0800 756 51c Using SamplingValue = 501.
2005-11-10 19:09:37-0800 756 51c Successfully loaded event namespace dictionary.
2005-11-10 19:09:37-0800 756 51c Successfully loaded client event namespace descriptor.
2005-11-10 19:09:37-0800 756 51c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 19:09:37-0800 756 51c Successfully initialized NT event logger.
2005-11-10 19:09:37-0800 756 51c Successfully initialized event uploader 0.
2005-11-10 19:09:37-0800 756 51c Successfully initialized event uploader 1.
2005-11-10 19:09:37-0800 756 51c WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 19:09:37-0800 756 51c Service status is now SERVICE_RUNNING
2005-11-10 19:09:40-0800 756 2f8 Service received connect notification
2005-11-10 19:10:22-0800 756 51c start delayed initialization of WU client
2005-11-10 19:10:27-0800 1640 470 Trying to make out of proc datastore active
2005-11-10 19:10:28-0800 1640 470 Out of proc datastore is now active
2005-11-10 19:10:28-0800 756 51c Client Call Recorder finished delayed initialization
2005-11-10 19:10:28-0800 756 51c AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 19:10:28-0800 756 51c AU finished delayed initialization
2005-11-10 19:10:28-0800 756 51c AU received event of 1
2005-11-10 19:10:43-0800 756 2f8 Service received logoff notification
2005-11-10 19:10:43-0800 756 51c AU received event of 3
2005-11-10 19:10:47-0800 756 3d4 AU Restart required....
2005-11-10 19:10:47-0800 756 51c AU received event of 1
2005-11-10 19:10:47-0800 476 274 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 19:10:47-0800 756 51c AU is paused, not initializing any handlers
2005-11-10 19:10:47-0800 756 2f8 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 19:10:47-0800 756 51c Exiting Service Main
2005-11-10 19:10:48-0800 1640 470 Out of proc datastore is shutting down
2005-11-10 19:10:48-0800 756 51c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:10:49-0800 1640 470 Out of proc datastore is now inactive
2005-11-10 19:11:19-0800 776 568 Service Main starts
2005-11-10 19:11:19-0800 776 568 Using BatchFlushAge = 15769.
2005-11-10 19:11:19-0800 776 568 Using SamplingValue = 501.
2005-11-10 19:11:19-0800 776 568 Successfully loaded event namespace dictionary.
2005-11-10 19:11:19-0800 776 568 Successfully loaded client event namespace descriptor.
2005-11-10 19:11:19-0800 776 568 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 19:11:19-0800 776 568 Successfully initialized NT event logger.
2005-11-10 19:11:19-0800 776 568 Successfully initialized event uploader 0.
2005-11-10 19:11:19-0800 776 568 Successfully initialized event uploader 1.
2005-11-10 19:11:19-0800 776 568 WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 19:11:19-0800 776 568 Service status is now SERVICE_RUNNING
2005-11-10 19:11:22-0800 776 30c Service received connect notification
2005-11-10 19:12:04-0800 776 568 start delayed initialization of WU client
2005-11-10 19:12:05-0800 1012 358 Trying to make out of proc datastore active
2005-11-10 19:12:05-0800 1012 358 Out of proc datastore is now active
2005-11-10 19:12:05-0800 776 568 Client Call Recorder finished delayed initialization
2005-11-10 19:12:05-0800 776 568 AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 19:12:05-0800 776 568 AU finished delayed initialization
2005-11-10 19:12:05-0800 776 568 AU received event of 1
2005-11-10 19:12:48-0800 776 30c Service received logoff notification
2005-11-10 19:12:48-0800 776 568 AU received event of 3
2005-11-10 19:12:52-0800 776 5a8 AU Restart required....
2005-11-10 19:12:52-0800 776 568 AU received event of 1
2005-11-10 19:12:52-0800 488 a40 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 19:12:52-0800 776 568 AU is paused, not initializing any handlers
2005-11-10 19:12:52-0800 776 30c Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 19:12:52-0800 776 568 Exiting Service Main
2005-11-10 19:12:53-0800 1012 358 Out of proc datastore is shutting down
2005-11-10 19:12:53-0800 776 568 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:12:54-0800 1012 358 Out of proc datastore is now inactive
2005-11-10 19:13:42-0800 768 52c Service Main starts
2005-11-10 19:13:43-0800 768 52c Using BatchFlushAge = 15769.
2005-11-10 19:13:43-0800 768 52c Using SamplingValue = 501.
2005-11-10 19:13:43-0800 768 52c Successfully loaded event namespace dictionary.
2005-11-10 19:13:43-0800 768 52c Successfully loaded client event namespace descriptor.
2005-11-10 19:13:43-0800 768 52c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 19:13:43-0800 768 52c Successfully initialized NT event logger.
2005-11-10 19:13:43-0800 768 52c Successfully initialized event uploader 0.
2005-11-10 19:13:43-0800 768 52c Successfully initialized event uploader 1.
2005-11-10 19:13:43-0800 768 52c WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 19:13:43-0800 768 52c Service status is now SERVICE_RUNNING
2005-11-10 19:13:46-0800 768 304 Service received connect notification
2005-11-10 19:14:28-0800 768 52c start delayed initialization of WU client
2005-11-10 19:14:28-0800 1128 47c Trying to make out of proc datastore active
2005-11-10 19:14:28-0800 1128 47c Out of proc datastore is now active
2005-11-10 19:14:28-0800 768 52c Client Call Recorder finished delayed initialization
2005-11-10 19:14:28-0800 768 52c AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 19:14:29-0800 768 52c AU finished delayed initialization
2005-11-10 19:14:29-0800 768 52c AU received event of 1
2005-11-10 19:16:30-0800 768 304 Service received logoff notification
2005-11-10 19:16:30-0800 768 52c AU received event of 3
2005-11-10 19:16:33-0800 768 5b0 AU Restart required....
2005-11-10 19:16:33-0800 768 52c AU received event of 1
2005-11-10 19:16:33-0800 488 7e8 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-10 19:16:33-0800 768 52c AU is paused, not initializing any handlers
2005-11-10 19:16:34-0800 768 304 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-10 19:16:34-0800 768 52c Exiting Service Main
2005-11-10 19:16:34-0800 1128 47c Out of proc datastore is shutting down
2005-11-10 19:16:34-0800 768 52c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:16:35-0800 1128 47c Out of proc datastore is now inactive
2005-11-10 19:17:07-0800 768 528 Service Main starts
2005-11-10 19:17:07-0800 768 528 Using BatchFlushAge = 15769.
2005-11-10 19:17:07-0800 768 528 Using SamplingValue = 501.
2005-11-10 19:17:07-0800 768 528 Successfully loaded event namespace dictionary.
2005-11-10 19:17:07-0800 768 528 Successfully loaded client event namespace descriptor.
2005-11-10 19:17:07-0800 768 528 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-10 19:17:07-0800 768 528 Successfully initialized NT event logger.
2005-11-10 19:17:07-0800 768 528 Successfully initialized event uploader 0.
2005-11-10 19:17:07-0800 768 528 Successfully initialized event uploader 1.
2005-11-10 19:17:07-0800 768 528 WU client with version 5.4.3790.2180 successfully initialized
2005-11-10 19:17:07-0800 768 528 Service status is now SERVICE_RUNNING
2005-11-10 19:17:11-0800 768 304 Service received connect notification
2005-11-10 19:17:52-0800 768 528 start delayed initialization of WU client
2005-11-10 19:17:52-0800 1120 468 Trying to make out of proc datastore active
2005-11-10 19:17:52-0800 1120 468 Out of proc datastore is now active
2005-11-10 19:17:52-0800 768 528 Client Call Recorder finished delayed initialization
2005-11-10 19:17:52-0800 768 528 AU is not configured yet, generating timeout to launch setup wizard
2005-11-10 19:17:52-0800 768 528 AU finished delayed initialization
2005-11-10 19:17:52-0800 768 528 AU received event of 1
2005-11-10 19:22:53-0800 1120 468 Out of proc datastore is shutting down
2005-11-10 19:22:54-0800 1120 468 Out of proc datastore is now inactive
2005-11-10 19:23:39-0800 768 304 Service received SERVICE_CONTROL_STOP control
2005-11-10 19:23:39-0800 768 528 Exiting Service Main
2005-11-10 19:23:40-0800 768 528 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-10 19:23:45-0800 488 5fc WUAutoUpdateAtShutdown failed, hr=8024000C
2005-11-24 13:36:12-0800 764 468 Service Main starts
2005-11-24 13:36:12-0800 764 468 Using BatchFlushAge = 15769.
2005-11-24 13:36:12-0800 764 468 Using SamplingValue = 501.
2005-11-24 13:36:12-0800 764 468 Successfully loaded event namespace dictionary.
2005-11-24 13:36:12-0800 764 468 Successfully loaded client event namespace descriptor.
2005-11-24 13:36:12-0800 764 468 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-24 13:36:12-0800 764 468 Successfully initialized NT event logger.
2005-11-24 13:36:12-0800 764 468 Successfully initialized event uploader 0.
2005-11-24 13:36:12-0800 764 468 Successfully initialized event uploader 1.
2005-11-24 13:36:12-0800 764 468 WU client with version 5.4.3790.2180 successfully initialized
2005-11-24 13:36:12-0800 764 468 Service status is now SERVICE_RUNNING
2005-11-24 13:36:18-0800 764 300 Service received logon notification
2005-11-24 13:36:18-0800 764 300 Service received connect notification
2005-11-24 13:36:57-0800 764 468 start delayed initialization of WU client
2005-11-24 13:36:57-0800 180 b0 Trying to make out of proc datastore active
2005-11-24 13:36:58-0800 180 b0 Out of proc datastore is now active
2005-11-24 13:36:58-0800 764 468 Client Call Recorder finished delayed initialization
2005-11-24 13:36:58-0800 764 468 AU is not configured yet, generating timeout to launch setup wizard
2005-11-24 13:36:58-0800 764 468 AU finished delayed initialization
2005-11-24 13:36:58-0800 764 468 AU received event of 1
2005-11-24 13:37:51-0800 764 300 Service received logoff notification
2005-11-24 13:37:51-0800 764 468 AU received event of 3
2005-11-24 13:37:55-0800 764 39c AU Restart required....
2005-11-24 13:37:55-0800 764 468 AU received event of 1
2005-11-24 13:37:55-0800 484 380 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-24 13:37:55-0800 764 468 AU is paused, not initializing any handlers
2005-11-24 13:37:56-0800 764 300 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-24 13:37:57-0800 764 468 Exiting Service Main
2005-11-24 13:37:57-0800 180 b0 Out of proc datastore is shutting down
2005-11-24 13:37:57-0800 764 468 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-24 13:37:58-0800 180 b0 Out of proc datastore is now inactive
2005-11-24 13:38:30-0800 764 558 Service Main starts
2005-11-24 13:38:30-0800 764 558 Using BatchFlushAge = 15769.
2005-11-24 13:38:30-0800 764 558 Using SamplingValue = 501.
2005-11-24 13:38:30-0800 764 558 Successfully loaded event namespace dictionary.
2005-11-24 13:38:30-0800 764 558 Successfully loaded client event namespace descriptor.
2005-11-24 13:38:30-0800 764 558 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-24 13:38:30-0800 764 558 Successfully initialized NT event logger.
2005-11-24 13:38:30-0800 764 558 Successfully initialized event uploader 0.
2005-11-24 13:38:30-0800 764 558 Successfully initialized event uploader 1.
2005-11-24 13:38:30-0800 764 558 WU client with version 5.4.3790.2180 successfully initialized
2005-11-24 13:38:30-0800 764 558 Service status is now SERVICE_RUNNING
2005-11-24 13:38:34-0800 764 300 Service received connect notification
2005-11-24 13:39:15-0800 764 558 start delayed initialization of WU client
2005-11-24 13:39:16-0800 1164 494 Trying to make out of proc datastore active
2005-11-24 13:39:16-0800 1164 494 Out of proc datastore is now active
2005-11-24 13:39:16-0800 764 558 Client Call Recorder finished delayed initialization
2005-11-24 13:39:16-0800 764 558 AU is not configured yet, generating timeout to launch setup wizard
2005-11-24 13:39:16-0800 764 558 AU finished delayed initialization
2005-11-24 13:39:16-0800 764 558 AU received event of 1
2005-11-24 13:44:17-0800 1164 494 Out of proc datastore is shutting down
2005-11-24 13:44:18-0800 1164 494 Out of proc datastore is now inactive
2005-11-24 13:45:17-0800 764 300 Service received logoff notification
2005-11-24 13:45:17-0800 764 558 AU received event of 3
2005-11-24 13:45:22-0800 764 3e4 AU Restart required....
2005-11-24 13:45:22-0800 764 558 AU received event of 1
2005-11-24 13:45:22-0800 484 740 WUAutoUpdateAtShutdown failed, hr=8024A000
2005-11-24 13:45:22-0800 764 558 AU is paused, not initializing any handlers
2005-11-24 13:45:23-0800 764 300 Service received SERVICE_CONTROL_SHUTDOWN control
2005-11-24 13:45:23-0800 764 558 Exiting Service Main
2005-11-24 13:45:24-0800 764 558 WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-24 14:06:53-0800 768 56c Service Main starts
2005-11-24 14:06:53-0800 768 56c Using BatchFlushAge = 15769.
2005-11-24 14:06:53-0800 768 56c Using SamplingValue = 501.
2005-11-24 14:06:53-0800 768 56c Successfully loaded event namespace dictionary.
2005-11-24 14:06:53-0800 768 56c Successfully loaded client event namespace descriptor.
2005-11-24 14:06:54-0800 768 56c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-11-24 14:06:54-0800 768 56c Successfully initialized NT event logger.
2005-11-24 14:06:54-0800 768 56c Successfully initialized event uploader 0.
2005-11-24 14:06:54-0800 768 56c Successfully initialized event uploader 1.
2005-11-24 14:06:54-0800 768 56c WU client with version 5.4.3790.2180 successfully initialized
2005-11-24 14:06:54-0800 768 56c Service status is now SERVICE_RUNNING
2005-11-24 14:06:57-0800 768 304 Service received connect notification
2005-11-24 14:07:39-0800 768 56c start delayed initialization of WU client
2005-11-24 14:07:39-0800 1336 520 Trying to make out of proc datastore active
2005-11-24 14:07:40-0800 1336 520 Out of proc datastore is now active
2005-11-24 14:07:40-0800 768 56c Client Call Recorder finished delayed initialization
2005-11-24 14:07:40-0800 768 56c AU is not configured yet, generating timeout to launch setup wizard
2005-11-24 14:07:40-0800 768 56c AU finished delayed initialization
2005-11-24 14:07:40-0800 768 56c AU received event of 1
2005-11-24 14:12:40-0800 1336 520 Out of proc datastore is shutting down
2005-11-24 14:12:41-0800 1336 520 Out of proc datastore is now inactive
2005-11-24 14:17:39-0800 768 304 Service received SERVICE_CONTROL_STOP control
2005-11-24 14:17:39-0800 768 56c Exiting Service Main
2005-11-24 14:17:40-0800 768 56c WUAUENG ServiceMain exits. Exit code is 0x240001
2005-11-24 14:17:46-0800 484 6ec WUAutoUpdateAtShutdown failed, hr=8024000C
2013-03-17 18:22:18-0800 736 5cc Service Main starts
2013-03-17 18:22:18-0800 736 5cc Using BatchFlushAge = 15769.
2013-03-17 18:22:18-0800 736 5cc Using SamplingValue = 501.
2013-03-17 18:22:18-0800 736 5cc Successfully loaded event namespace dictionary.
2013-03-17 18:22:18-0800 736 5cc Successfully loaded client event namespace descriptor.
2013-03-17 18:22:18-0800 736 5cc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-17 18:22:18-0800 736 5cc Successfully initialized NT event logger.
2013-03-17 18:22:18-0800 736 5cc Successfully initialized event uploader 0.
2013-03-17 18:22:18-0800 736 5cc Successfully initialized event uploader 1.
2013-03-17 18:22:18-0800 736 5cc WU client with version 5.4.3790.2180 successfully initialized
2013-03-17 18:22:18-0800 736 5cc Service status is now SERVICE_RUNNING
2013-03-17 18:22:18-0800 1508 5e8 Trying to make out of proc datastore active
2013-03-17 18:22:19-0800 1508 5e8 Out of proc datastore is now active
2013-03-17 18:22:19-0800 736 5dc Client Call Recorder finished delayed initialization
2013-03-17 18:22:19-0800 736 5dc AU is not configured yet, generating timeout to launch setup wizard
2013-03-17 18:22:19-0800 736 5dc AU finished delayed initialization
2013-03-17 18:22:19-0800 736 5cc AU received event of 1
2013-03-17 18:22:19-0800 736 5dc Setting AU Approval Type to 4
2013-03-17 18:22:19-0800 736 5dc Setting Install Schedule Day to 0
2013-03-17 18:22:19-0800 736 5dc Setting Install Schedule Time to 3
2013-03-17 18:22:19-0800 736 5dc AU Options changed through user preference.
2013-03-17 18:22:19-0800 736 5dc AU Restart required....
2013-03-17 18:22:19-0800 736 5cc AU received event of 1
2013-03-17 18:22:19-0800 736 5cc Setting next AU detection timeout to 2013-03-18 02:22:19
2013-03-17 18:22:19-0800 736 5cc Setting AU scheduled install time to 2013-03-18 11:00:00
2013-03-17 18:22:19-0800 736 5cc AU received event of 1
2013-03-17 18:23:03-0800 736 5cc start delayed initialization of WU client
2013-03-17 18:27:19-0800 1508 5e8 Out of proc datastore is shutting down
2013-03-17 18:27:20-0800 1508 5e8 Out of proc datastore is now inactive
2013-03-17 18:30:32-0800 736 5cc AU received event of 3
2013-03-17 18:30:32-0800 736 5cc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {D8FF0BCD-6DF9-461D-BE45-23F30EBFAA7E}
2013-03-17 18:30:32-0800 736 5cc Cleared the proxy cache.
2013-03-17 18:30:32-0800 736 a8 WU client executing call {D8FF0BCD-6DF9-461D-BE45-23F30EBFAA7E} of type Search Call
2013-03-17 18:30:32-0800 736 a8 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-17 15:38:28-0800 736 a8 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-17 15:38:28-0800 736 a8 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-17 15:38:28-0800 736 a8 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-17 15:38:33-0800 736 a8 Successfully refreshed Redirector cab.
2013-03-17 15:38:53-0800 736 a8 DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/b/SelfUpdate/AU/x86/SKIP/en/wusetup.cab: error 0x80190194
2013-03-17 15:38:53-0800 736 a8 IsUpdateRequired failed with error 0x80244019
2013-03-17 15:38:53-0800 736 a8 OS Version = 5.1.2600.2.0.66304
2013-03-17 15:38:53-0800 736 a8 Failed to load reporting information from Win32_ComputerSystem with hr = 8004100a.
2013-03-17 15:38:53-0800 736 a8 Failed to load reporting information from Win32_BiosProperties with hr = 8004100a.
2013-03-17 15:38:53-0800 736 a8 Locale ID = 1033
2013-03-17 15:38:53-0800 736 a8 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-17 15:38:53-0800 736 a8 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-17 15:38:54-0800 1896 3fc Trying to make out of proc datastore active
2013-03-17 15:38:54-0800 1896 3fc Out of proc datastore is now active
2013-03-17 15:38:54-0800 736 a8 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-17 15:38:54-0800 736 a8 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-17 15:38:54-0800 736 a8 PT: Calling GetConfig on server
2013-03-17 15:38:54-0800 736 a8 Add header for accept-encoding: xpress succeeded
2013-03-17 15:39:04-0800 736 a8 DetectCompressionType returning type 1, hr=0x0
2013-03-17 15:39:04-0800 736 a8 GetConfig: 0x8024400a
2013-03-17 15:39:04-0800 736 a8 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-17 15:39:04-0800 736 a8 Sync of Updates: 0x8024400a
2013-03-17 15:39:04-0800 736 a8 WU client failed Searching for update with error 0x8024400a
2013-03-17 15:39:04-0800 736 2f0 Search Callback Failed, hr is 0x8024400a
2013-03-17 15:39:04-0800 736 2f0 Setting next AU detection timeout to 2013-03-18 04:39:04
2013-03-17 15:39:04-0800 736 2f0 Unable to detect updates for more than 48 hours
2013-03-17 15:39:04-0800 736 2f0 Setting AU scheduled install time to 2013-03-18 11:00:00
2013-03-17 15:39:04-0800 736 a8 REPORT EVENT: {3AB50ABE-555C-47CB-82C9-49C2B5AC9698} 1 2013-03-17 15:38:53-0800 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80244019 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-17 15:39:04-0800 736 2f0 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x8024400a 
2013-03-17 15:39:04-0800 736 2f0 WU client completed and deleted call {D8FF0BCD-6DF9-461D-BE45-23F30EBFAA7E}
2013-03-17 15:39:04-0800 736 a8 Created new event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-17 15:39:04-0800 736 a8 Created new event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-17 15:39:09-0800 736 a8 REPORT EVENT: {448FD9AA-3ECA-43AD-9DDD-9C4453A87085} 2 2013-03-17 15:39:04-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400a AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x8024400a
2013-03-17 15:39:09-0800 736 a8 REPORT EVENT: {F07BA1C4-7B8C-4E93-A214-8F56AAFF4CA0} 3 2013-03-17 15:39:04-0800 1 149 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Failure Software Synchronization Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
2013-03-17 15:44:04-0800 1896 3fc Out of proc datastore is shutting down
2013-03-17 15:44:05-0800 1896 3fc Out of proc datastore is now inactive
2013-03-17 17:48:37-0600 920 780 Service Main starts
2013-03-17 17:48:38-0600 920 780 Using BatchFlushAge = 15769.
2013-03-17 17:48:38-0600 920 780 Using SamplingValue = 501.
2013-03-17 17:48:38-0600 920 780 Successfully loaded event namespace dictionary.
2013-03-17 17:48:39-0600 920 780 Successfully loaded client event namespace descriptor.
2013-03-17 17:48:39-0600 920 780 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-17 17:48:39-0600 920 780 Successfully initialized NT event logger.
2013-03-17 17:48:39-0600 920 780 Successfully initialized event uploader 0.
2013-03-17 17:48:39-0600 920 780 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-17 17:48:39-0600 920 780 Successfully initialized event uploader 1.
2013-03-17 17:48:42-0600 920 780 WU client with version 5.4.3790.2180 successfully initialized
2013-03-17 17:48:42-0600 920 780 Service status is now SERVICE_RUNNING
2013-03-17 17:48:48-0600 920 39c Service received connect notification
2013-03-17 17:49:27-0600 920 780 start delayed initialization of WU client
2013-03-17 17:49:28-0600 1772 67c Trying to make out of proc datastore active
2013-03-17 17:49:28-0600 1772 67c Out of proc datastore is now active
2013-03-17 17:49:29-0600 920 780 Client Call Recorder finished delayed initialization
2013-03-17 17:49:29-0600 920 780 Setting AU scheduled install time to 2013-03-18 09:00:00
2013-03-17 17:49:29-0600 920 780 AU finished delayed initialization
2013-03-17 17:51:28-0600 920 39c Service received logoff notification
2013-03-17 17:51:28-0600 920 780 AU received event of 3
2013-03-17 17:51:32-0600 920 53c AU Restart required....
2013-03-17 17:51:32-0600 920 780 AU received event of 1
2013-03-17 17:51:32-0600 920 780 AU is paused, not initializing any handlers
2013-03-17 17:51:32-0600 920 39c Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-17 17:51:32-0600 920 780 Exiting Service Main
2013-03-17 17:51:33-0600 1772 67c Out of proc datastore is shutting down
2013-03-17 17:51:33-0600 920 780 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-17 17:51:34-0600 1772 67c Out of proc datastore is now inactive
2013-03-17 17:52:16-0600 896 e4 Service Main starts
2013-03-17 17:52:17-0600 896 e4 Using BatchFlushAge = 15769.
2013-03-17 17:52:17-0600 896 e4 Using SamplingValue = 501.
2013-03-17 17:52:17-0600 896 e4 Successfully loaded event namespace dictionary.
2013-03-17 17:52:17-0600 896 e4 Successfully loaded client event namespace descriptor.
2013-03-17 17:52:17-0600 896 e4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-17 17:52:17-0600 896 e4 Successfully initialized NT event logger.
2013-03-17 17:52:18-0600 896 e4 Successfully initialized event uploader 0.
2013-03-17 17:52:18-0600 896 e4 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-17 17:52:18-0600 896 e4 Successfully initialized event uploader 1.
2013-03-17 17:52:18-0600 896 e4 WU client with version 5.4.3790.2180 successfully initialized
2013-03-17 17:52:18-0600 896 e4 Service status is now SERVICE_RUNNING
2013-03-17 17:52:24-0600 896 384 Service received connect notification
2013-03-17 17:53:03-0600 896 e4 start delayed initialization of WU client
2013-03-17 17:53:04-0600 3312 cf4 Trying to make out of proc datastore active
2013-03-17 17:53:05-0600 3312 cf4 Out of proc datastore is now active
2013-03-17 17:53:05-0600 896 e4 Client Call Recorder finished delayed initialization
2013-03-17 17:53:05-0600 896 e4 Setting AU scheduled install time to 2013-03-18 09:00:00
2013-03-17 17:53:05-0600 896 e4 AU finished delayed initialization
2013-03-17 17:58:06-0600 3312 cf4 Out of proc datastore is shutting down
2013-03-17 17:58:07-0600 3312 cf4 Out of proc datastore is now inactive
2013-03-17 18:03:59-0600 896 e4 Cleared the proxy cache.
2013-03-17 18:04:06-0600 896 e4 Cleared the proxy cache.
2013-03-17 20:06:50-0600 1376 5d8 0 updates are ready to be installed at shutdown.
2013-03-17 20:06:57-0600 896 384 Service received logoff notification
2013-03-17 20:06:57-0600 896 e4 AU received event of 3
2013-03-17 20:07:01-0600 896 d54 AU Restart required....
2013-03-17 20:07:01-0600 896 e4 AU received event of 1
2013-03-17 20:07:02-0600 896 384 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-17 20:07:02-0600 1628 5e0 Trying to make out of proc datastore active
2013-03-17 20:07:02-0600 1628 5e0 Out of proc datastore is now active
2013-03-17 20:07:02-0600 896 e4 AU is paused, not initializing any handlers
2013-03-17 20:07:02-0600 896 e4 AU Restart required....
2013-03-17 20:07:02-0600 896 e4 Exiting Service Main
2013-03-17 20:07:02-0600 1628 5e0 Out of proc datastore is shutting down
2013-03-17 20:07:02-0600 896 e4 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-17 20:07:04-0600 1628 5e0 Out of proc datastore is now inactive
2013-03-18 09:56:44-0600 896 1d0 Service Main starts
2013-03-18 09:56:44-0600 896 1d0 Using BatchFlushAge = 15769.
2013-03-18 09:56:44-0600 896 1d0 Using SamplingValue = 501.
2013-03-18 09:56:44-0600 896 1d0 Successfully loaded event namespace dictionary.
2013-03-18 09:56:45-0600 896 1d0 Successfully loaded client event namespace descriptor.
2013-03-18 09:56:45-0600 896 1d0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 09:56:45-0600 896 1d0 Successfully initialized NT event logger.
2013-03-18 09:56:45-0600 896 1d0 Successfully initialized event uploader 0.
2013-03-18 09:56:45-0600 896 1d0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 09:56:45-0600 896 1d0 Successfully initialized event uploader 1.
2013-03-18 09:56:45-0600 896 1d0 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 09:56:45-0600 896 1d0 Service status is now SERVICE_RUNNING
2013-03-18 09:56:45-0600 896 394 Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-18 09:56:46-0600 1056 43c Trying to make out of proc datastore active
2013-03-18 09:56:47-0600 1056 43c Out of proc datastore is now active
2013-03-18 09:56:47-0600 896 394 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 09:56:47-0600 896 394 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 09:56:47-0600 896 394 PT: Calling GetConfig on server
2013-03-18 09:56:47-0600 896 394 Add header for accept-encoding: xpress succeeded
2013-03-18 09:56:50-0600 896 384 Service received connect notification
2013-03-18 09:57:08-0600 896 394 DetectCompressionType returning type 1, hr=0x0
2013-03-18 09:57:08-0600 896 394 GetConfig: 0x8024400a
2013-03-18 09:57:08-0600 896 394 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-18 09:57:08-0600 896 394 Failed to obtain cached cookie with hr = 8024400a.
2013-03-18 09:57:08-0600 896 394 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 09:57:08-0600 896 394 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 09:57:08-0600 896 394 URL for server is http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-18 09:57:08-0600 896 394 Trying to upload 2 events using cached cookie.
2013-03-18 09:57:13-0600 896 394 DetectCompressionType returning type 0, hr=0x1
2013-03-18 09:57:13-0600 896 394 Successfully uploaded 2 events.
2013-03-18 09:57:13-0600 896 394 Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-18 09:57:30-0600 896 1d0 start delayed initialization of WU client
2013-03-18 09:57:30-0600 896 1d0 Client Call Recorder finished delayed initialization
2013-03-18 09:57:30-0600 896 1d0 Setting next AU detection timeout to 2013-03-18 15:57:30
2013-03-18 09:57:30-0600 896 1d0 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 09:57:30-0600 896 1d0 AU finished delayed initialization
2013-03-18 09:57:30-0600 896 1d0 AU received event of 1
2013-03-18 09:57:30-0600 896 1d0 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {64E55CE8-8E6B-4020-8046-192A54D1991B}
2013-03-18 09:57:30-0600 896 394 WU client executing call {64E55CE8-8E6B-4020-8046-192A54D1991B} of type Search Call
2013-03-18 09:57:30-0600 896 394 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-18 09:57:38-0600 896 394 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-18 09:57:38-0600 896 394 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-18 09:57:38-0600 896 394 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-18 09:57:42-0600 896 394 Successfully refreshed Redirector cab.
2013-03-18 09:57:50-0600 896 394 DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/b/SelfUpdate/AU/x86/SKIP/en/wusetup.cab: error 0x80190194
2013-03-18 09:57:50-0600 896 394 IsUpdateRequired failed with error 0x80244019
2013-03-18 09:57:50-0600 896 394 OS Version = 5.1.2600.2.0.66304
2013-03-18 09:57:50-0600 896 394 Computer Brand = Acer
2013-03-18 09:57:50-0600 896 394 Computer Model = TravelMate 2420
2013-03-18 09:57:50-0600 896 394 Bios Revision = V1.03 
2013-03-18 09:57:50-0600 896 394 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 09:57:50-0600 896 394 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 09:57:50-0600 896 394 Locale ID = 1033
2013-03-18 09:57:50-0600 896 394 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 09:57:50-0600 896 394 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 09:57:50-0600 896 394 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 09:57:50-0600 896 394 PT: Calling GetConfig on server
2013-03-18 09:57:50-0600 896 394 Add header for accept-encoding: xpress succeeded
2013-03-18 09:57:54-0600 896 394 DetectCompressionType returning type 1, hr=0x0
2013-03-18 09:57:54-0600 896 394 GetConfig: 0x8024400a
2013-03-18 09:57:54-0600 896 394 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-18 09:57:54-0600 896 394 Sync of Updates: 0x8024400a
2013-03-18 09:57:54-0600 896 394 WU client failed Searching for update with error 0x8024400a
2013-03-18 09:57:54-0600 896 394 Search Callback Failed, hr is 0x8024400a
2013-03-18 09:57:54-0600 896 394 Setting next AU detection timeout to 2013-03-18 20:57:54
2013-03-18 09:57:54-0600 896 394 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 09:57:54-0600 896 394 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x8024400a 
2013-03-18 09:57:54-0600 896 394 WU client completed and deleted call {64E55CE8-8E6B-4020-8046-192A54D1991B}
2013-03-18 09:57:55-0600 896 394 REPORT EVENT: {3FE51652-4B04-4880-826B-407F15FC3DBB} 4 2013-03-18 09:57:50-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80244019 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 09:57:55-0600 896 394 REPORT EVENT: {F63021D7-4694-4840-91A3-6611271324AD} 5 2013-03-18 09:57:54-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400a AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x8024400a
2013-03-18 09:57:55-0600 896 394 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 09:57:55-0600 896 394 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 10:00:00-0600 1456 65c 0 updates are ready to be installed at shutdown.
2013-03-18 10:00:05-0600 896 384 Service received logoff notification
2013-03-18 10:00:05-0600 896 1d0 AU received event of 3
2013-03-18 10:00:09-0600 896 e8 AU Restart required....
2013-03-18 10:00:09-0600 896 1d0 AU received event of 1
2013-03-18 10:00:09-0600 896 1d0 AU is paused, not initializing any handlers
2013-03-18 10:00:10-0600 896 384 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 10:00:10-0600 896 1d0 Exiting Service Main
2013-03-18 10:00:10-0600 1056 43c Out of proc datastore is shutting down
2013-03-18 10:00:10-0600 896 1d0 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 10:00:11-0600 1056 43c Out of proc datastore is now inactive
2013-03-18 10:01:01-0600 896 1b0 Service Main starts
2013-03-18 10:01:02-0600 896 1b0 Using BatchFlushAge = 15769.
2013-03-18 10:01:02-0600 896 1b0 Using SamplingValue = 501.
2013-03-18 10:01:02-0600 896 1b0 Successfully loaded event namespace dictionary.
2013-03-18 10:01:02-0600 896 1b0 Successfully loaded client event namespace descriptor.
2013-03-18 10:01:02-0600 896 1b0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 10:01:02-0600 896 1b0 Successfully initialized NT event logger.
2013-03-18 10:01:02-0600 896 1b0 Successfully initialized event uploader 0.
2013-03-18 10:01:02-0600 896 1b0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 10:01:02-0600 896 1b0 Successfully initialized event uploader 1.
2013-03-18 10:01:02-0600 896 1b0 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 10:01:02-0600 896 1b0 Service status is now SERVICE_RUNNING
2013-03-18 10:01:08-0600 896 384 Service received connect notification
2013-03-18 10:01:44-0600 1468 5d0 WUCheckForUpdatesAtShutdown failed, hr=8024A000
2013-03-18 10:01:47-0600 896 1b0 start delayed initialization of WU client
2013-03-18 10:01:48-0600 2460 9a0 Trying to make out of proc datastore active
2013-03-18 10:01:48-0600 2460 9a0 Out of proc datastore is now active
2013-03-18 10:01:48-0600 896 1b0 Client Call Recorder finished delayed initialization
2013-03-18 10:01:48-0600 896 1b0 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 10:01:48-0600 896 1b0 AU finished delayed initialization
2013-03-18 10:01:49-0600 896 384 Service received logoff notification
2013-03-18 10:01:49-0600 896 1b0 AU received event of 3
2013-03-18 10:01:53-0600 896 668 AU Restart required....
2013-03-18 10:01:53-0600 896 1b0 AU received event of 1
2013-03-18 10:01:53-0600 896 1b0 AU is paused, not initializing any handlers
2013-03-18 10:01:53-0600 896 384 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 10:01:54-0600 896 1b0 Exiting Service Main
2013-03-18 10:01:54-0600 2460 9a0 Out of proc datastore is shutting down
2013-03-18 10:01:54-0600 896 1b0 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 10:01:55-0600 2460 9a0 Out of proc datastore is now inactive
2013-03-18 11:30:13-0600 900 1b4 Service Main starts
2013-03-18 11:30:13-0600 900 1b4 Using BatchFlushAge = 15769.
2013-03-18 11:30:13-0600 900 1b4 Using SamplingValue = 501.
2013-03-18 11:30:13-0600 900 1b4 Successfully loaded event namespace dictionary.
2013-03-18 11:30:14-0600 900 1b4 Successfully loaded client event namespace descriptor.
2013-03-18 11:30:14-0600 900 1b4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 11:30:14-0600 900 1b4 Successfully initialized NT event logger.
2013-03-18 11:30:14-0600 900 1b4 Successfully initialized event uploader 0.
2013-03-18 11:30:14-0600 900 1b4 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 11:30:14-0600 900 1b4 Successfully initialized event uploader 1.
2013-03-18 11:30:14-0600 900 1b4 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 11:30:14-0600 900 1b4 Service status is now SERVICE_RUNNING
2013-03-18 11:30:20-0600 900 388 Service received connect notification
2013-03-18 11:30:59-0600 900 1b4 start delayed initialization of WU client
2013-03-18 11:30:59-0600 2456 99c Trying to make out of proc datastore active
2013-03-18 11:31:00-0600 2456 99c Out of proc datastore is now active
2013-03-18 11:31:00-0600 900 1b4 Client Call Recorder finished delayed initialization
2013-03-18 11:31:00-0600 900 1b4 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 11:31:00-0600 900 1b4 AU finished delayed initialization
2013-03-18 11:36:00-0600 2456 99c Out of proc datastore is shutting down
2013-03-18 11:36:01-0600 2456 99c Out of proc datastore is now inactive
2013-03-18 11:56:15-0600 1468 5d4 0 updates are ready to be installed at shutdown.
2013-03-18 11:56:24-0600 900 388 Service received logoff notification
2013-03-18 11:56:24-0600 900 1b4 AU received event of 3
2013-03-18 11:56:30-0600 900 660 AU Restart required....
2013-03-18 11:56:30-0600 900 1b4 AU received event of 1
2013-03-18 11:56:32-0600 900 388 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 11:56:32-0600 2840 b1c Trying to make out of proc datastore active
2013-03-18 11:56:33-0600 2840 b1c Out of proc datastore is now active
2013-03-18 11:56:33-0600 900 1b4 AU is paused, not initializing any handlers
2013-03-18 11:56:33-0600 900 1b4 AU Restart required....
2013-03-18 11:56:33-0600 900 1b4 Exiting Service Main
2013-03-18 11:56:33-0600 2840 b1c Out of proc datastore is shutting down
2013-03-18 11:56:34-0600 900 1b4 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 11:56:35-0600 2840 b1c Out of proc datastore is now inactive
2013-03-18 13:49:32-0600 896 1b0 Service Main starts
2013-03-18 13:49:32-0600 896 1b0 Using BatchFlushAge = 15769.
2013-03-18 13:49:32-0600 896 1b0 Using SamplingValue = 501.
2013-03-18 13:49:32-0600 896 1b0 Successfully loaded event namespace dictionary.
2013-03-18 13:49:32-0600 896 1b0 Successfully loaded client event namespace descriptor.
2013-03-18 13:49:32-0600 896 1b0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 13:49:32-0600 896 1b0 Successfully initialized NT event logger.
2013-03-18 13:49:32-0600 896 1b0 Successfully initialized event uploader 0.
2013-03-18 13:49:32-0600 896 1b0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 13:49:32-0600 896 1b0 Successfully initialized event uploader 1.
2013-03-18 13:49:32-0600 896 1b0 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 13:49:32-0600 896 1b0 Service status is now SERVICE_RUNNING
2013-03-18 13:49:38-0600 896 384 Service received connect notification
2013-03-18 13:50:17-0600 896 1b0 start delayed initialization of WU client
2013-03-18 13:50:18-0600 2348 930 Trying to make out of proc datastore active
2013-03-18 13:50:19-0600 2348 930 Out of proc datastore is now active
2013-03-18 13:50:19-0600 896 1b0 Client Call Recorder finished delayed initialization
2013-03-18 13:50:19-0600 896 1b0 Setting next AU detection timeout to 2013-03-18 19:50:19
2013-03-18 13:50:19-0600 896 1b0 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 13:50:19-0600 896 1b0 AU finished delayed initialization
2013-03-18 13:50:19-0600 896 1b0 AU received event of 1
2013-03-18 13:50:19-0600 896 1b0 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {E5643F8F-7EE8-47A9-9776-5CA8D35650EF}
2013-03-18 13:50:19-0600 896 488 WU client executing call {E5643F8F-7EE8-47A9-9776-5CA8D35650EF} of type Search Call
2013-03-18 13:50:19-0600 896 488 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-18 13:50:44-0600 896 488 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-18 13:50:44-0600 896 488 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-18 13:50:44-0600 896 488 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-18 13:50:47-0600 896 488 Successfully refreshed Redirector cab.
2013-03-18 13:50:56-0600 896 488 DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/b/SelfUpdate/AU/x86/SKIP/en/wusetup.cab: error 0x80190194
2013-03-18 13:50:56-0600 896 488 IsUpdateRequired failed with error 0x80244019
2013-03-18 13:50:57-0600 896 488 OS Version = 5.1.2600.2.0.66304
2013-03-18 13:50:57-0600 896 488 Computer Brand = Acer
2013-03-18 13:50:57-0600 896 488 Computer Model = TravelMate 2420
2013-03-18 13:50:57-0600 896 488 Bios Revision = V1.03 
2013-03-18 13:50:57-0600 896 488 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 13:50:57-0600 896 488 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 13:50:57-0600 896 488 Locale ID = 1033
2013-03-18 13:50:57-0600 896 488 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 13:50:57-0600 896 488 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 13:50:57-0600 896 488 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 13:50:57-0600 896 488 PT: Calling GetConfig on server
2013-03-18 13:50:57-0600 896 488 Add header for accept-encoding: xpress succeeded
2013-03-18 13:51:04-0600 896 488 DetectCompressionType returning type 1, hr=0x0
2013-03-18 13:51:04-0600 896 488 GetConfig: 0x8024400a
2013-03-18 13:51:04-0600 896 488 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-18 13:51:04-0600 896 488 Sync of Updates: 0x8024400a
2013-03-18 13:51:04-0600 896 488 WU client failed Searching for update with error 0x8024400a
2013-03-18 13:51:04-0600 896 394 Search Callback Failed, hr is 0x8024400a
2013-03-18 13:51:04-0600 896 394 Setting next AU detection timeout to 2013-03-19 00:51:04
2013-03-18 13:51:04-0600 896 394 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 13:51:04-0600 896 394 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x8024400a 
2013-03-18 13:51:04-0600 896 394 WU client completed and deleted call {E5643F8F-7EE8-47A9-9776-5CA8D35650EF}
2013-03-18 13:51:04-0600 896 488 REPORT EVENT: {A03D6738-48A8-477B-B3E0-4F01423537EC} 6 2013-03-18 13:50:57-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80244019 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 13:51:04-0600 896 488 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 13:51:09-0600 896 488 REPORT EVENT: {C312F8F5-581B-4242-AE7E-37AB67634DC5} 7 2013-03-18 13:51:04-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400a AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x8024400a
2013-03-18 13:56:05-0600 2348 930 Out of proc datastore is shutting down
2013-03-18 13:56:06-0600 2348 930 Out of proc datastore is now inactive
2013-03-18 14:12:19-0600 896 67c AU Restart required....
2013-03-18 14:12:19-0600 896 1b0 AU received event of 1
2013-03-18 14:12:19-0600 4064 fe4 Trying to make out of proc datastore active
2013-03-18 14:12:20-0600 4064 fe4 Out of proc datastore is now active
2013-03-18 14:12:20-0600 896 67c WU client succeeds CClientCallRecorder::BeginFindUpdates from Windows Internet Explorer 8 Setup Utility with call id {2CA6A138-DE01-4BE8-8F95-F50C5ACB1FF0}
2013-03-18 14:12:20-0600 896 1b0 AU is paused, not initializing any handlers
2013-03-18 14:12:20-0600 896 488 WU client executing call {2CA6A138-DE01-4BE8-8F95-F50C5ACB1FF0} of type Search Call
2013-03-18 14:12:21-0600 896 488 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 14:12:21-0600 896 488 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 14:12:21-0600 896 488 PT: Calling GetConfig on server
2013-03-18 14:12:21-0600 896 488 Add header for accept-encoding: xpress succeeded
2013-03-18 14:12:29-0600 896 488 DetectCompressionType returning type 1, hr=0x0
2013-03-18 14:12:29-0600 896 488 GetConfig: 0x8024400a
2013-03-18 14:12:29-0600 896 488 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-18 14:12:29-0600 896 488 Sync of Updates: 0x8024400a
2013-03-18 14:12:29-0600 896 488 WU client failed Searching for update with error 0x8024400a
2013-03-18 14:12:29-0600 896 488 WU client calls back to search call Windows Internet Explorer 8 Setup Utility with code Call failed and error 0x8024400a 
2013-03-18 14:12:29-0600 896 488 WU client completed and deleted call {2CA6A138-DE01-4BE8-8F95-F50C5ACB1FF0}
2013-03-18 14:12:30-0600 3964 f80 Operation completed due to earlier error. (hr=8024400A)
2013-03-18 14:12:30-0600 3964 f80 Unable to complete asynchronous search successfully. (hr=8024400A)
2013-03-18 14:12:35-0600 896 394 REPORT EVENT: {FCB49A3C-A50B-47C1-9AE7-F3C2FDD4ECC3} 8 2013-03-18 14:12:29-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400a Windows Internet Explorer 8 Set Failure Software Synchronization Error: Agent failed detecting with reason: 0x8024400a
2013-03-18 14:15:36-0600 896 384 Service received logoff notification
2013-03-18 14:15:41-0600 896 384 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 14:15:41-0600 896 1b0 Exiting Service Main
2013-03-18 14:15:41-0600 4064 fe4 Out of proc datastore is shutting down
2013-03-18 14:15:41-0600 896 1b0 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 14:15:42-0600 4064 fe4 Out of proc datastore is now inactive
2013-03-18 14:16:30-0600 916 364 Service Main starts
2013-03-18 14:16:30-0600 916 364 Using BatchFlushAge = 15769.
2013-03-18 14:16:30-0600 916 364 Using SamplingValue = 501.
2013-03-18 14:16:30-0600 916 364 Successfully loaded event namespace dictionary.
2013-03-18 14:16:32-0600 916 364 Successfully loaded client event namespace descriptor.
2013-03-18 14:16:32-0600 916 364 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 14:16:32-0600 916 364 Successfully initialized NT event logger.
2013-03-18 14:16:32-0600 916 364 Successfully initialized event uploader 0.
2013-03-18 14:16:32-0600 916 364 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 14:16:32-0600 916 364 Successfully initialized event uploader 1.
2013-03-18 14:16:33-0600 916 364 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 14:16:33-0600 916 364 Service status is now SERVICE_RUNNING
2013-03-18 14:16:38-0600 916 398 Service received connect notification
2013-03-18 14:17:18-0600 916 364 start delayed initialization of WU client
2013-03-18 14:17:19-0600 2760 acc Trying to make out of proc datastore active
2013-03-18 14:17:19-0600 2760 acc Out of proc datastore is now active
2013-03-18 14:17:19-0600 916 364 Client Call Recorder finished delayed initialization
2013-03-18 14:17:19-0600 916 364 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 14:17:19-0600 916 364 AU finished delayed initialization
2013-03-18 14:17:19-0600 916 364 AU received event of 1
2013-03-18 14:17:19-0600 916 364 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {A61D0285-AF29-4409-B7D9-7F12B8A63CD4}
2013-03-18 14:17:19-0600 916 494 WU client executing call {A61D0285-AF29-4409-B7D9-7F12B8A63CD4} of type Search Call
2013-03-18 14:17:19-0600 916 494 WU client found 0 updates and 0 categories in search
2013-03-18 14:17:19-0600 916 494 WU client finished Searching for update
2013-03-18 14:17:19-0600 916 494 AU Detection callback: 0 updates detected
2013-03-18 14:17:19-0600 916 494 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 14:17:19-0600 916 494 WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-18 14:17:19-0600 916 494 WU client completed and deleted call {A61D0285-AF29-4409-B7D9-7F12B8A63CD4}
2013-03-18 14:18:35-0600 2628 a6c CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:18:35-0600 916 588 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:19:40-0600 2628 a6c CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:19:40-0600 916 5a0 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:20:38-0600 916 3a8 Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-18 14:20:38-0600 916 3a8 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 14:20:38-0600 916 3a8 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 14:20:38-0600 916 3a8 PT: Calling GetConfig on server
2013-03-18 14:20:38-0600 916 3a8 Add header for accept-encoding: xpress succeeded
2013-03-18 14:20:50:750 2628 a6c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 14:20:50:750 2628 a6c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 14:20:50:750 2628 a6c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-18 14:20:50:750 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:20:58-0600 916 3a8 DetectCompressionType returning type 1, hr=0x0
2013-03-18 14:20:58-0600 916 3a8 GetConfig: 0x8024400a
2013-03-18 14:20:58-0600 916 3a8 PT: Cannot recover from fault, origin=GetConfig, hr=0x8024400a
2013-03-18 14:20:58-0600 916 3a8 Failed to obtain cached cookie with hr = 8024400a.
2013-03-18 14:20:58-0600 916 3a8 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 14:20:58-0600 916 3a8 PT: Using server URL https://www.update.microsoft.com/ClientWebService/client.asmx
2013-03-18 14:20:58-0600 916 3a8 URL for server is http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-18 14:20:58-0600 916 3a8 Trying to upload 5 events using cached cookie.
2013-03-18 14:21:02:890 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:21:03-0600 916 3a8 DetectCompressionType returning type 0, hr=0x1
2013-03-18 14:21:03-0600 916 3a8 Successfully uploaded 5 events.
2013-03-18 14:21:03-0600 916 3a8 Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-18 14:21:07:156 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:21:07:171 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:21:10:968 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:21:10:984 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:21:45-0600 916 7f4 WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {FF80472D-7681-4367-864E-214588B75524}
2013-03-18 14:21:45-0600 916 3a8 WU client executing call {FF80472D-7681-4367-864E-214588B75524} of type Search Call
2013-03-18 14:21:45-0600 916 3a8 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 14:21:45-0600 916 3a8 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 14:21:45-0600 916 3a8 PT: Calling GetConfig on server
2013-03-18 14:21:45-0600 916 3a8 Add header for accept-encoding: xpress succeeded
2013-03-18 14:21:51-0600 916 3a8 DetectCompressionType returning type 0, hr=0x1
2013-03-18 14:21:51-0600 916 3a8 GetConfig: 0x80244019
2013-03-18 14:21:51-0600 916 3a8 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 14:21:51-0600 916 3a8 Sync of Updates: 0x80244019
2013-03-18 14:21:51-0600 916 3a8 OS Version = 5.1.2600.2.0.66304
2013-03-18 14:21:51-0600 916 3a8 Computer Brand = Acer
2013-03-18 14:21:51-0600 916 3a8 Computer Model = TravelMate 2420
2013-03-18 14:21:51-0600 916 3a8 Bios Revision = V1.03 
2013-03-18 14:21:51-0600 916 3a8 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 14:21:51-0600 916 3a8 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 14:21:51-0600 916 3a8 Locale ID = 1033
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 14:21:51-0600 916 3a8 WU client failed Searching for update with error 0x80244019
2013-03-18 14:21:51-0600 916 3a8 WU client calls back to search call WindowsUpdate with code Call failed and error 0x80244019 
2013-03-18 14:21:51-0600 916 3a8 WU client completed and deleted call {FF80472D-7681-4367-864E-214588B75524}
2013-03-18 14:21:51-0600 2628 a6c Operation completed due to earlier error. (hr=80244019)
2013-03-18 14:21:51-0600 2628 a6c Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-18 14:21:56-0600 916 3a8 REPORT EVENT: {B42CEEB9-3F3C-424A-8A97-8E5400C7CB74} 9 2013-03-18 14:21:51-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 WindowsUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 14:21:56-0600 916 3a8 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 14:21:56-0600 916 3a8 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 14:22:22-0600 916 940 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-18 14:22:22-0600 2628 a6c ISusInternal:isconnectCall failed, hr=8024000C
2013-03-18 14:22:27:031 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:22:27-0600 916 940 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:22:36:218 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:22:36-0600 916 940 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:22:43:140 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:22:43:140 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:22:53:890 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:22:53:890 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:22:53:906 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:23:02:343 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:23:02:343 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:23:02:359 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:23:03:593 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:23:03:593 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:23:03:609 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:23:03:609 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:23:04:671 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:23:04:671 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:23:27:859 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:23:27-0600 916 7f4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:23:37:906 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:23:37-0600 916 940 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:24:46:093 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:24:46-0600 916 940 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:26:24:015 2628 a6c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 14:26:24-0600 916 3f4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:26:50:625 2628 a6c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 14:26:50:625 2628 a6c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 14:26:50:625 2628 a6c Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-18 14:26:50:625 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:26:50:625 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:01:656 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:27:01:656 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:01:671 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:09:250 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:27:09:250 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:09:265 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:11:062 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:11:078 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:11:078 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:27:11:093 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:13:562 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:27:13:578 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:13:578 2628 a6c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 14:27:13:578 2628 a6c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 14:27:13:578 2628 a6c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-18 14:27:13:578 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:13:593 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:22:062 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:27:22:062 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:22:062 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:30:250 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:27:30:250 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:30:265 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:31:156 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:27:31:156 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:31:171 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:27:31:171 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:32:140 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:27:32:156 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:27:33-0600 916 940 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:28:54:578 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:28:54:593 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:03:812 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:29:03:812 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:03:812 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:11:703 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:29:11:703 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:11:718 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:12:953 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:12:953 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:12:968 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:29:12:968 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:16:078 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:29:16:093 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:16:093 2628 a6c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 14:29:16:093 2628 a6c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 14:29:16:093 2628 a6c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-18 14:29:16:093 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:16:109 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:24:031 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:29:24:031 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:24:031 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:34:062 2628 a6c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 14:29:34:062 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:34:078 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:35:046 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 14:29:35:062 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:35:062 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:29:35:078 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:36:234 2628 a6c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 14:29:36:250 2628 a6c Misc Microsoft signed: Yes
2013-03-18 14:29:38-0600 916 3f4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 14:34:38-0600 2760 acc Out of proc datastore is shutting down
2013-03-18 14:34:39-0600 2760 acc Out of proc datastore is now inactive
2013-03-18 15:01:42-0600 916 398 Service received logoff notification
2013-03-18 15:01:42-0600 916 364 AU received event of 3
2013-03-18 15:01:46-0600 916 3f4 AU Restart required....
2013-03-18 15:01:46-0600 916 364 AU received event of 1
2013-03-18 15:01:46-0600 2652 6ec Trying to make out of proc datastore active
2013-03-18 15:01:47-0600 916 398 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 15:01:47-0600 2652 6ec Out of proc datastore is now active
2013-03-18 15:01:47-0600 916 364 AU is paused, not initializing any handlers
2013-03-18 15:01:47-0600 916 364 AU Restart required....
2013-03-18 15:01:47-0600 916 364 Exiting Service Main
2013-03-18 15:01:47-0600 2652 6ec Out of proc datastore is shutting down
2013-03-18 15:01:47-0600 916 364 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 15:01:49-0600 2652 6ec Out of proc datastore is now inactive
2013-03-18 15:02:34-0600 900 1f4 Service Main starts
2013-03-18 15:02:34-0600 900 1f4 Using BatchFlushAge = 15769.
2013-03-18 15:02:34-0600 900 1f4 Using SamplingValue = 501.
2013-03-18 15:02:34-0600 900 1f4 Successfully loaded event namespace dictionary.
2013-03-18 15:02:34-0600 900 1f4 Successfully loaded client event namespace descriptor.
2013-03-18 15:02:34-0600 900 1f4 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 15:02:34-0600 900 1f4 Successfully initialized NT event logger.
2013-03-18 15:02:34-0600 900 1f4 Successfully initialized event uploader 0.
2013-03-18 15:02:34-0600 900 1f4 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 15:02:34-0600 900 1f4 Successfully initialized event uploader 1.
2013-03-18 15:02:35-0600 900 1f4 WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 15:02:35-0600 900 1f4 Service status is now SERVICE_RUNNING
2013-03-18 15:02:40-0600 900 388 Service received connect notification
2013-03-18 15:03:20-0600 900 1f4 start delayed initialization of WU client
2013-03-18 15:03:21-0600 2416 974 Trying to make out of proc datastore active
2013-03-18 15:03:21-0600 2416 974 Out of proc datastore is now active
2013-03-18 15:03:21-0600 900 1f4 Client Call Recorder finished delayed initialization
2013-03-18 15:03:21-0600 900 1f4 Setting next AU detection timeout to 2013-03-18 21:03:21
2013-03-18 15:03:21-0600 900 1f4 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 15:03:21-0600 900 1f4 AU finished delayed initialization
2013-03-18 15:03:21-0600 900 1f4 AU received event of 1
2013-03-18 15:03:21-0600 900 1f4 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {1C03BE1C-8DAE-4672-884E-FB96597D9B7E}
2013-03-18 15:03:21-0600 900 398 WU client executing call {1C03BE1C-8DAE-4672-884E-FB96597D9B7E} of type Search Call
2013-03-18 15:03:21-0600 900 398 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-18 15:03:44-0600 900 398 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-18 15:03:44-0600 900 398 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-18 15:03:44-0600 900 398 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-18 15:03:47-0600 900 398 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-18 15:03:52-0600 900 398 Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-18 15:03:52-0600 900 398 GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-18 15:03:52-0600 900 398 IsUpdateRequired failed with error 0x800b0003
2013-03-18 15:03:52-0600 900 398 OS Version = 5.1.2600.2.0.66304
2013-03-18 15:03:52-0600 900 398 Computer Brand = Acer
2013-03-18 15:03:52-0600 900 398 Computer Model = TravelMate 2420
2013-03-18 15:03:52-0600 900 398 Bios Revision = V1.03 
2013-03-18 15:03:52-0600 900 398 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 15:03:52-0600 900 398 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 15:03:52-0600 900 398 Locale ID = 1033
2013-03-18 15:03:52-0600 900 398 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 15:03:52-0600 900 398 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 15:03:52-0600 900 398 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 15:03:52-0600 900 398 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 15:03:52-0600 900 398 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 15:03:52-0600 900 398 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 15:03:53-0600 900 398 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 15:03:53-0600 900 398 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 15:03:53-0600 900 398 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 15:03:53-0600 900 398 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 15:03:53-0600 900 398 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 15:03:53-0600 900 398 PT: Calling GetConfig on server
2013-03-18 15:03:53-0600 900 398 Add header for accept-encoding: xpress succeeded
2013-03-18 15:04:01-0600 900 398 DetectCompressionType returning type 0, hr=0x1
2013-03-18 15:04:01-0600 900 398 GetConfig: 0x80244019
2013-03-18 15:04:01-0600 900 398 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 15:04:01-0600 900 398 Sync of Updates: 0x80244019
2013-03-18 15:04:01-0600 900 398 WU client failed Searching for update with error 0x80244019
2013-03-18 15:04:01-0600 900 8b0 Search Callback Failed, hr is 0x80244019
2013-03-18 15:04:01-0600 900 8b0 Setting next AU detection timeout to 2013-03-19 02:04:01
2013-03-18 15:04:01-0600 900 8b0 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 15:04:01-0600 900 8b0 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-18 15:04:01-0600 900 8b0 WU client completed and deleted call {1C03BE1C-8DAE-4672-884E-FB96597D9B7E}
2013-03-18 15:04:01-0600 900 398 REPORT EVENT: {E26C43AD-5039-4432-9060-5EF40C4DD4FC} 10 2013-03-18 15:03:52-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-18 15:04:01-0600 900 398 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 15:04:06-0600 900 48c REPORT EVENT: {62629BC1-55CF-4C90-B8BF-920EBC850ADB} 11 2013-03-18 15:04:01-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 15:09:02-0600 2416 974 Out of proc datastore is shutting down
2013-03-18 15:09:03-0600 2416 974 Out of proc datastore is now inactive
2013-03-18 15:19:14-0600 900 388 Service received logoff notification
2013-03-18 15:19:14-0600 900 1f4 AU received event of 3
2013-03-18 15:19:18-0600 900 1cc AU Restart required....
2013-03-18 15:19:18-0600 900 1f4 AU received event of 1
2013-03-18 15:19:18-0600 2556 98 Trying to make out of proc datastore active
2013-03-18 15:19:19-0600 900 388 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 15:19:20-0600 2556 98 Out of proc datastore is now active
2013-03-18 15:19:20-0600 900 1f4 AU is paused, not initializing any handlers
2013-03-18 15:19:20-0600 900 1f4 AU Restart required....
2013-03-18 15:19:20-0600 900 1f4 Exiting Service Main
2013-03-18 15:19:20-0600 2556 98 Out of proc datastore is shutting down
2013-03-18 15:19:20-0600 900 1f4 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 15:19:21-0600 2556 98 Out of proc datastore is now inactive
2013-03-18 15:20:07-0600 912 1ec Service Main starts
2013-03-18 15:20:07-0600 912 1ec Using BatchFlushAge = 15769.
2013-03-18 15:20:07-0600 912 1ec Using SamplingValue = 501.
2013-03-18 15:20:07-0600 912 1ec Successfully loaded event namespace dictionary.
2013-03-18 15:20:07-0600 912 1ec Successfully loaded client event namespace descriptor.
2013-03-18 15:20:07-0600 912 1ec Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 15:20:07-0600 912 1ec Successfully initialized NT event logger.
2013-03-18 15:20:07-0600 912 1ec Successfully initialized event uploader 0.
2013-03-18 15:20:07-0600 912 1ec Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 15:20:07-0600 912 1ec Successfully initialized event uploader 1.
2013-03-18 15:20:07-0600 912 1ec WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 15:20:07-0600 912 1ec Service status is now SERVICE_RUNNING
2013-03-18 15:20:14-0600 912 394 Service received connect notification
2013-03-18 15:20:52-0600 912 1ec start delayed initialization of WU client
2013-03-18 15:20:53-0600 2356 938 Trying to make out of proc datastore active
2013-03-18 15:20:54-0600 2356 938 Out of proc datastore is now active
2013-03-18 15:20:54-0600 912 1ec Client Call Recorder finished delayed initialization
2013-03-18 15:20:54-0600 912 1ec Setting next AU detection timeout to 2013-03-18 21:20:54
2013-03-18 15:20:54-0600 912 1ec Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 15:20:54-0600 912 1ec AU finished delayed initialization
2013-03-18 15:20:54-0600 912 1ec AU received event of 1
2013-03-18 15:20:54-0600 912 1ec WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {190FE1A2-CAA0-41BC-A41B-D7762F0AC1EB}
2013-03-18 15:20:54-0600 912 490 WU client executing call {190FE1A2-CAA0-41BC-A41B-D7762F0AC1EB} of type Search Call
2013-03-18 15:20:54-0600 912 490 WU client found 0 updates and 0 categories in search
2013-03-18 15:20:54-0600 912 490 WU client finished Searching for update
2013-03-18 15:20:54-0600 912 490 AU Detection callback: 0 updates detected
2013-03-18 15:20:54-0600 912 490 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 15:20:54-0600 912 1ec AU received event of 1
2013-03-18 15:20:54-0600 912 1ec WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {BA16BDE6-DF0D-4C0A-A1AD-34457D2EA3CE}
2013-03-18 15:20:54-0600 912 490 WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-18 15:20:54-0600 912 490 WU client completed and deleted call {190FE1A2-CAA0-41BC-A41B-D7762F0AC1EB}
2013-03-18 15:20:54-0600 912 490 WU client executing call {BA16BDE6-DF0D-4C0A-A1AD-34457D2EA3CE} of type Search Call
2013-03-18 15:20:54-0600 912 490 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-18 15:21:17-0600 912 490 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-18 15:21:17-0600 912 490 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-18 15:21:17-0600 912 490 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-18 15:21:22-0600 912 490 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-18 15:21:28-0600 912 490 Successfully refreshed Redirector cab.
2013-03-18 15:21:42-0600 912 490 DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/b/SelfUpdate/AU/x86/SKIP/en/wusetup.cab: error 0x80190194
2013-03-18 15:21:42-0600 912 490 IsUpdateRequired failed with error 0x80244019
2013-03-18 15:21:42-0600 912 490 OS Version = 5.1.2600.2.0.66304
2013-03-18 15:21:42-0600 912 490 Computer Brand = Acer
2013-03-18 15:21:42-0600 912 490 Computer Model = TravelMate 2420
2013-03-18 15:21:42-0600 912 490 Bios Revision = V1.03 
2013-03-18 15:21:42-0600 912 490 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 15:21:42-0600 912 490 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 15:21:42-0600 912 490 Locale ID = 1033
2013-03-18 15:21:42-0600 912 490 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 15:21:43-0600 912 490 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 15:21:43-0600 912 490 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 15:21:43-0600 912 490 PT: Calling GetConfig on server
2013-03-18 15:21:43-0600 912 490 Add header for accept-encoding: xpress succeeded
2013-03-18 15:21:49-0600 912 490 DetectCompressionType returning type 0, hr=0x1
2013-03-18 15:21:49-0600 912 490 GetConfig: 0x80244019
2013-03-18 15:21:49-0600 912 490 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 15:21:49-0600 912 490 Sync of Updates: 0x80244019
2013-03-18 15:21:49-0600 912 490 WU client failed Searching for update with error 0x80244019
2013-03-18 15:21:49-0600 912 3ac Search Callback Failed, hr is 0x80244019
2013-03-18 15:21:49-0600 912 3ac Setting next AU detection timeout to 2013-03-19 02:21:49
2013-03-18 15:21:49-0600 912 3ac Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 15:21:49-0600 912 3ac WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-18 15:21:49-0600 912 3ac WU client completed and deleted call {BA16BDE6-DF0D-4C0A-A1AD-34457D2EA3CE}
2013-03-18 15:21:49-0600 912 490 REPORT EVENT: {0B8B6C83-2B0B-4752-A982-E2F6E7324856} 12 2013-03-18 15:21:42-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80244019 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 15:21:49-0600 912 490 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 15:21:54-0600 912 490 REPORT EVENT: {90EFE76A-F2C0-4C4E-992C-3E3E19616C47} 13 2013-03-18 15:21:49-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 15:26:49-0600 2356 938 Out of proc datastore is shutting down
2013-03-18 15:26:50-0600 2356 938 Out of proc datastore is now inactive
2013-03-18 15:29:08-0600 2524 9a4 Trying to make out of proc datastore active
2013-03-18 15:29:09-0600 2524 9a4 Out of proc datastore is now active
2013-03-18 15:29:09-0600  912 580 WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {8573ABB3-43FC-48B9-9D82-A3B730143CE9}
2013-03-18 15:29:09-0600 912 490 WU client executing call {8573ABB3-43FC-48B9-9D82-A3B730143CE9} of type Search Call
2013-03-18 15:29:09-0600 912 490 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 15:29:09-0600 912 490 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 15:29:09-0600 912 490 PT: Calling GetConfig on server
2013-03-18 15:29:09-0600 912 490 Add header for accept-encoding: xpress succeeded
2013-03-18 15:29:15-0600 912 490 DetectCompressionType returning type 0, hr=0x1
2013-03-18 15:29:15-0600 912 490 GetConfig: 0x80244019
2013-03-18 15:29:15-0600 912 490 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 15:29:15-0600 912 490 Sync of Updates: 0x80244019
2013-03-18 15:29:15-0600 912 490 WU client failed Searching for update with error 0x80244019
2013-03-18 15:29:15-0600 912 490 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-18 15:29:15-0600 912 490 WU client completed and deleted call {8573ABB3-43FC-48B9-9D82-A3B730143CE9}
2013-03-18 15:29:15-0600 160 9d4 Operation completed due to earlier error. (hr=80244019)
2013-03-18 15:29:15-0600 160 9d4 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-18 15:29:15-0600 912 580 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-18 15:29:15-0600 160 4f0 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-18 15:29:20-0600 912 490 REPORT EVENT: {AFA9115E-8F6A-42FA-A66C-09580D9A7C17} 14 2013-03-18 15:29:15-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 15:29:40-0600 912 580 WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {7BEC0BB1-AF98-4642-A7F4-F497AC1E1071}
2013-03-18 15:29:40-0600 912 3ac WU client executing call {7BEC0BB1-AF98-4642-A7F4-F497AC1E1071} of type Search Call
2013-03-18 15:29:40-0600 912 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 15:29:40-0600 912 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 15:29:40-0600 912 3ac PT: Calling GetConfig on server
2013-03-18 15:29:40-0600 912 3ac Add header for accept-encoding: xpress succeeded
2013-03-18 15:29:42-0600 912 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-18 15:29:42-0600 912 3ac GetConfig: 0x80244019
2013-03-18 15:29:42-0600 912 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 15:29:42-0600 912 3ac Sync of Updates: 0x80244019
2013-03-18 15:29:42-0600 912 3ac WU client failed Searching for update with error 0x80244019
2013-03-18 15:29:42-0600 912 3ac WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-18 15:29:42-0600 912 3ac WU client completed and deleted call {7BEC0BB1-AF98-4642-A7F4-F497AC1E1071}
2013-03-18 15:29:42-0600 2300 aa4 Operation completed due to earlier error. (hr=80244019)
2013-03-18 15:29:42-0600 2300 aa4 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-18 15:29:42-0600 912 580 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-18 15:29:42-0600 2300 a5c ISusInternal:isconnectCall failed, hr=8024000C
2013-03-18 15:29:47-0600 912 490 REPORT EVENT: {E52DDEB4-EFF1-4D04-9773-5D9B8203719A} 15 2013-03-18 15:29:42-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 15:34:42-0600 2524 9a4 Out of proc datastore is shutting down
2013-03-18 15:34:43-0600 2524 9a4 Out of proc datastore is now inactive
2013-03-18 18:44:39-0600 912 3ac Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-18 18:44:39-0600 2680 dbc Trying to make out of proc datastore active
2013-03-18 18:44:40-0600 2680 dbc Out of proc datastore is now active
2013-03-18 18:44:40-0600 912 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 18:44:40-0600 912 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 18:44:40-0600 912 3ac PT: Calling GetConfig on server
2013-03-18 18:44:40-0600 912 3ac Add header for accept-encoding: xpress succeeded
2013-03-18 18:44:49-0600 912 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-18 18:44:49-0600 912 3ac GetConfig: 0x80244019
2013-03-18 18:44:49-0600 912 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 18:44:49-0600 912 3ac Failed to obtain cached cookie with hr = 80244019.
2013-03-18 18:44:49-0600 912 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 18:44:49-0600 912 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 18:44:49-0600 912 3ac URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-18 18:44:49-0600 912 3ac Trying to upload 7 events using cached cookie.
2013-03-18 18:45:02-0600 912 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-18 18:45:02-0600 912 3ac Successfully uploaded 7 events.
2013-03-18 18:45:02-0600 912 3ac Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-18 18:49:50-0600 2680 dbc Out of proc datastore is shutting down
2013-03-18 18:49:51-0600 2680 dbc Out of proc datastore is now inactive
2013-03-18 20:00:29-0600 912 394 Service received logoff notification
2013-03-18 20:00:29-0600 912 1ec AU received event of 3
2013-03-18 20:00:36-0600 912 57c AU Restart required....
2013-03-18 20:00:36-0600 912 1ec AU received event of 1
2013-03-18 20:00:38-0600 912 394 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 20:00:39-0600 1128 f28 Trying to make out of proc datastore active
2013-03-18 20:00:41-0600 1128 f28 Out of proc datastore is now active
2013-03-18 20:00:42-0600 912 1ec AU is paused, not initializing any handlers
2013-03-18 20:00:42-0600 912 1ec AU Restart required....
2013-03-18 20:00:42-0600 912 1ec Exiting Service Main
2013-03-18 20:00:42-0600 1128 f28 Out of proc datastore is shutting down
2013-03-18 20:00:42-0600 912 1ec WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 20:00:44-0600 1128 f28 Out of proc datastore is now inactive
2013-03-18 20:01:44-0600 944 6fc Service Main starts
2013-03-18 20:01:45-0600 944 6fc Using BatchFlushAge = 15769.
2013-03-18 20:01:45-0600 944 6fc Using SamplingValue = 501.
2013-03-18 20:01:45-0600 944 6fc Successfully loaded event namespace dictionary.
2013-03-18 20:01:45-0600 944 6fc Successfully loaded client event namespace descriptor.
2013-03-18 20:01:45-0600 944 6fc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-18 20:01:45-0600 944 6fc Successfully initialized NT event logger.
2013-03-18 20:01:45-0600 944 6fc Successfully initialized event uploader 0.
2013-03-18 20:01:45-0600 944 6fc Successfully initialized event uploader 1.
2013-03-18 20:01:47-0600 944 6fc WU client with version 5.4.3790.2180 successfully initialized
2013-03-18 20:01:47-0600 944 6fc Service status is now SERVICE_RUNNING
2013-03-18 20:01:47-0600 944 3b4 Service received logon notification
2013-03-18 20:01:58-0600 944 3b4 Service received connect notification
2013-03-18 20:02:32-0600 944 6fc start delayed initialization of WU client
2013-03-18 20:02:37-0600 236 144 Trying to make out of proc datastore active
2013-03-18 20:02:41-0600 236 144 Out of proc datastore is now active
2013-03-18 20:02:42-0600 944 6fc Client Call Recorder finished delayed initialization
2013-03-18 20:02:42-0600 944 6fc Setting next AU detection timeout to 2013-03-19 02:02:42
2013-03-18 20:02:42-0600 944 6fc Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 20:02:42-0600 944 6fc AU finished delayed initialization
2013-03-18 20:02:42-0600 944 6fc AU received event of 1
2013-03-18 20:02:43-0600 944 6fc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {8F8CC4E7-11F6-4DCB-BC64-D5D0DD4415C1}
2013-03-18 20:02:43-0600 944 3c0 WU client executing call {8F8CC4E7-11F6-4DCB-BC64-D5D0DD4415C1} of type Search Call
2013-03-18 20:02:52-0600 944 3c0 WU client found 0 updates and 0 categories in search
2013-03-18 20:02:52-0600 944 3c0 WU client finished Searching for update
2013-03-18 20:02:52-0600 944 740 AU Detection callback: 0 updates detected
2013-03-18 20:02:52-0600 944 740 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 20:02:52-0600 944 6fc AU received event of 1
2013-03-18 20:02:52-0600 944 6fc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {A8649992-223F-484A-85E5-88FB808CF8F4}
2013-03-18 20:02:52-0600 944 740 WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-18 20:02:52-0600 944 740 WU client completed and deleted call {8F8CC4E7-11F6-4DCB-BC64-D5D0DD4415C1}
2013-03-18 20:02:52-0600 944 740 WU client executing call {A8649992-223F-484A-85E5-88FB808CF8F4} of type Search Call
2013-03-18 20:02:54-0600 944 740 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-18 20:03:24-0600 944 740 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-18 20:03:24-0600 944 740 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-18 20:03:24-0600 944 740 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-18 20:03:32-0600 944 740 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-18 20:03:38-0600 944 740 Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-18 20:03:38-0600 944 740 GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-18 20:03:38-0600 944 740 IsUpdateRequired failed with error 0x800b0003
2013-03-18 20:03:38-0600 944 740 OS Version = 5.1.2600.2.0.66304
2013-03-18 20:03:41-0600 944 740 Computer Brand = Acer
2013-03-18 20:03:41-0600 944 740 Computer Model = TravelMate 2420
2013-03-18 20:03:41-0600 944 740 Bios Revision = V1.03 
2013-03-18 20:03:41-0600 944 740 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-18 20:03:41-0600 944 740 Bios Release Date = 2006-02-06T00:00:00
2013-03-18 20:03:41-0600 944 740 Locale ID = 1033
2013-03-18 20:03:41-0600 944 740 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-18 20:03:42-0600 944 740 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-18 20:03:42-0600 944 740 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-18 20:03:42-0600 944 740 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-18 20:03:42-0600 944 740 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-18 20:03:42-0600 944 740 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-18 20:03:43-0600 944 740 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-18 20:03:43-0600 944 740 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-18 20:03:43-0600 944 740 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-18 20:03:44-0600 944 740 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 20:03:45-0600 944 740 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 20:03:45-0600 944 740 PT: Calling GetConfig on server
2013-03-18 20:03:45-0600 944 740 Add header for accept-encoding: xpress succeeded
2013-03-18 20:03:59-0600 944 740 DetectCompressionType returning type 0, hr=0x1
2013-03-18 20:03:59-0600 944 740 GetConfig: 0x80244019
2013-03-18 20:03:59-0600 944 740 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 20:03:59-0600 944 740 Sync of Updates: 0x80244019
2013-03-18 20:03:59-0600 944 740 WU client failed Searching for update with error 0x80244019
2013-03-18 20:03:59-0600 944 740 REPORT EVENT: {EF4FC6D8-ACBF-4640-9C8C-78ED7FF58958} 16 2013-03-18 20:03:38-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-18 20:03:59-0600 944 740 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-18 20:03:59-0600 944 740 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-18 20:03:59-0600 944 4c8 Search Callback Failed, hr is 0x80244019
2013-03-18 20:03:59-0600 944 4c8 Setting next AU detection timeout to 2013-03-19 07:03:59
2013-03-18 20:03:59-0600 944 4c8 Setting AU scheduled install time to 2013-03-19 09:00:00
2013-03-18 20:03:59-0600 944 4c8 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-18 20:03:59-0600 944 4c8 WU client completed and deleted call {A8649992-223F-484A-85E5-88FB808CF8F4}
2013-03-18 20:04:04-0600 944 4c8 REPORT EVENT: {9BEA713D-7AEB-43E9-9160-36FA47C37D62} 17 2013-03-18 20:03:59-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 20:08:59-0600 236 144 Out of proc datastore is shutting down
2013-03-18 20:09:00-0600 236 144 Out of proc datastore is now inactive
2013-03-18 20:17:53-0600 3452 d80 Trying to make out of proc datastore active
2013-03-18 20:17:53-0600 3452 d80 Out of proc datastore is now active
2013-03-18 20:19:18:296 3740 ec0 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 20:19:18:296 3740 ec0 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 20:19:18:296 3740 ec0 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-18 20:19:18:296 3740 ec0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:19:18-0600 944 4fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:19:33:140 3740 ec0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:19:33-0600 944 d44 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:19:50:500 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:19:50:609 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:02:671 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:20:02:671 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:20:02:687 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:14:359 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:20:14:359 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:20:14:375 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:17:250 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:20:17:250 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:17:359 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:20:17:375 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:21:250 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:20:21:265 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:20:41:515 3740 ec0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:20:41-0600 944 4fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:20:49:234 3740 ec0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:20:49-0600 944 d44 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:21:31:140 3740 ec0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:21:31-0600 944 d44 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:21:37:156 3740 ec0 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 20:21:37:156 3740 ec0 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 20:21:37:156 3740 ec0 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-18 20:21:37:156 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:21:37:156 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:21:48:640 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:21:48:640 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:21:48:656 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:21:58:734 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:21:58:734 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:21:58:750 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:21:59:921 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:21:59:937 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:21:59:937 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:21:59:953 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:01:468 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:22:01:484 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:01:484 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:22:01:500 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:12:687 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:22:12:687 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:22:12:703 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:21:609 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:22:21:609 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:22:21:625 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:28:453 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:22:28:468 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:28:484 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:22:28:500 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:29:890 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:22:29:906 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:22:31-0600 944 d44 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:25:52:718 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:25:52:718 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:05:578 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:26:05:578 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:05:593 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:18:421 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:26:18:421 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:18:421 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:19:437 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:19:453 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:19:468 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:26:19:468 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:20:765 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:26:20:781 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:20:781 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:20:796 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:31:515 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:26:31:515 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:31:531 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:43:484 3740 ec0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:26:43:484 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:43:500 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:44:421 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:26:44:437 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:44:437 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:26:44:453 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:26:45:453 3740 ec0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:26:45:468 3740 ec0 Misc Microsoft signed: Yes
2013-03-18 20:27:31-0600 3452 d80 Out of proc datastore is shutting down
2013-03-18 20:27:33-0600 3452 d80 Out of proc datastore is now inactive
2013-03-18 20:30:56:484 2900 a94 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 20:30:56:484 2900 a94 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 20:30:56:484 2900 a94 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-18 20:30:56:484 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:30:56-0600 3232 ca4 Trying to make out of proc datastore active
2013-03-18 20:30:57-0600 3232 ca4 Out of proc datastore is now active
2013-03-18 20:30:57-0600 944 92c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:31:08:656 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:31:08-0600 944 d44 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:31:16:187 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:31:16:203 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:31:27:562 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:31:27:562 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:31:27:578 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:31:38:984 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:31:38:984 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:31:38:984 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:31:40:468 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:31:40:484 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:31:40:484 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:31:40:500 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:31:42:500 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:31:42:515 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:32:12-0600 944 4fc WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {064D2614-9401-45AC-87CC-66B7AD8F594D}
2013-03-18 20:32:12-0600 944 740 WU client executing call {064D2614-9401-45AC-87CC-66B7AD8F594D} of type Search Call
2013-03-18 20:32:12-0600 944 740 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-18 20:32:12-0600 944 740 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-18 20:32:12-0600 944 740 PT: Calling GetConfig on server
2013-03-18 20:32:12-0600 944 740 Add header for accept-encoding: xpress succeeded
2013-03-18 20:32:20-0600 944 740 DetectCompressionType returning type 0, hr=0x1
2013-03-18 20:32:20-0600 944 740 GetConfig: 0x80244019
2013-03-18 20:32:20-0600 944 740 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-18 20:32:20-0600 944 740 Sync of Updates: 0x80244019
2013-03-18 20:32:20-0600 944 740 WU client failed Searching for update with error 0x80244019
2013-03-18 20:32:20-0600 944 740 WU client calls back to search call WindowsUpdate with code Call failed and error 0x80244019 
2013-03-18 20:32:20-0600 944 740 WU client completed and deleted call {064D2614-9401-45AC-87CC-66B7AD8F594D}
2013-03-18 20:32:20-0600 2900 a94 Operation completed due to earlier error. (hr=80244019)
2013-03-18 20:32:20-0600 2900 a94 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-18 20:32:25-0600 944 3c0 REPORT EVENT: {A4D2E364-0DFC-4DAC-B962-3D94E58C636A} 18 2013-03-18 20:32:20-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 WindowsUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-18 20:33:17-0600 944 d44 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-18 20:33:17-0600 2900 a94 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-18 20:33:23:421 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:33:23-0600 944 4fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:33:33:093 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:33:33:093 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:33:44:421 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:33:44:421 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:33:44:437 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:33:54:484 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:33:54:484 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:33:54:500 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:33:56:031 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:33:56:046 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:33:56:046 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:33:56:062 2900 a94 Misc  Microsoft signed: Yes
2013-03-18 20:33:58:531 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:33:58:546 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:34:29:046 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:34:29-0600 944 92c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:34:37:453 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:34:37-0600 944 500 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:35:14:343 2900 a94 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-18 20:35:14-0600 944 140 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:35:19:890 2900 a94 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-18 20:35:19:890 2900 a94 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-18 20:35:19:890 2900 a94 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-18 20:35:19:890 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:19:906 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:30:234 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:35:30:234 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:30:250 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:40:078 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:35:40:078 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:40:093 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:41:359 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:41:375 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:41:390 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:35:41:390 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:42:890 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:35:42:890 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:42:906 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:42:906 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:35:55:031 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:35:55:031 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:35:55:046 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:36:05:437 2900 a94 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-18 20:36:05:437 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:36:05:437 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:36:06:734 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-18 20:36:06:750 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:36:06:765 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:36:06:781 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:36:08:000 2900 a94 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-18 20:36:08:015 2900 a94 Misc Microsoft signed: Yes
2013-03-18 20:36:09-0600 944 4fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-18 20:36:34-0600 336 148 0 updates are ready to be installed at shutdown.
2013-03-18 20:36:39-0600 944 3b4 Service received logoff notification
2013-03-18 20:36:39-0600 944 6fc AU received event of 3
2013-03-18 20:36:43-0600 944 4fc AU Restart required....
2013-03-18 20:36:43-0600 944 6fc AU received event of 1
2013-03-18 20:36:43-0600 944 6fc AU is paused, not initializing any handlers
2013-03-18 20:36:45-0600 944 3b4 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-18 20:36:45-0600 944 6fc Exiting Service Main
2013-03-18 20:36:45-0600 3232 ca4 Out of proc datastore is shutting down
2013-03-18 20:36:45-0600 944 6fc WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-18 20:36:46-0600 3232 ca4 Out of proc datastore is now inactive
2013-03-19 10:21:12-0600 924 3cc Service Main starts
2013-03-19 10:21:15-0600 924 3cc Using BatchFlushAge = 15769.
2013-03-19 10:21:15-0600 924 3cc Using SamplingValue = 501.
2013-03-19 10:21:15-0600 924 3cc Successfully loaded event namespace dictionary.
2013-03-19 10:21:15-0600 924 3cc Successfully loaded client event namespace descriptor.
2013-03-19 10:21:15-0600 924 3cc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-19 10:21:15-0600 924 3cc Successfully initialized NT event logger.
2013-03-19 10:21:15-0600 924 3cc Successfully initialized event uploader 0.
2013-03-19 10:21:15-0600 924 3cc Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-19 10:21:15-0600 924 3cc Successfully initialized event uploader 1.
2013-03-19 10:21:16-0600 924 3cc WU client with version 5.4.3790.2180 successfully initialized
2013-03-19 10:21:16-0600 924 3cc Service status is now SERVICE_RUNNING
2013-03-19 10:21:16-0600 924 4b0 Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-19 10:21:17-0600 1696 6d0 Trying to make out of proc datastore active
2013-03-19 10:21:18-0600 924 3a0 Service received connect notification
2013-03-19 10:21:22-0600 1696 6d0 Out of proc datastore is now active
2013-03-19 10:21:22-0600 924 4b0 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 10:21:22-0600 924 4b0 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 10:21:22-0600 924 4b0 PT: Calling GetConfig on server
2013-03-19 10:21:23-0600 924 4b0 Add header for accept-encoding: xpress succeeded
2013-03-19 10:21:43-0600 924 4b0 DetectCompressionType returning type 0, hr=0x1
2013-03-19 10:21:43-0600 924 4b0 GetConfig: 0x80244019
2013-03-19 10:21:43-0600 924 4b0 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-19 10:21:43-0600 924 4b0 Failed to obtain cached cookie with hr = 80244019.
2013-03-19 10:21:43-0600 924 4b0 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 10:21:44-0600 924 4b0 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 10:21:44-0600 924 4b0 URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-19 10:21:44-0600 924 4b0 Trying to upload 3 events using cached cookie.
2013-03-19 10:21:59-0600 924 4b0 DetectCompressionType returning type 0, hr=0x1
2013-03-19 10:21:59-0600 924 4b0 Successfully uploaded 3 events.
2013-03-19 10:21:59-0600 924 4b0 Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-19 10:22:01-0600 924 3cc start delayed initialization of WU client
2013-03-19 10:22:01-0600 924 3cc Client Call Recorder finished delayed initialization
2013-03-19 10:22:01-0600 924 3cc Setting next AU detection timeout to 2013-03-19 16:22:01
2013-03-19 10:22:01-0600 924 3cc AU finished delayed initialization
2013-03-19 10:22:01-0600 924 3cc AU received event of 1
2013-03-19 10:22:01-0600 924 3cc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {A225C2ED-9692-4B07-B7C5-ED1CD8B47AFB}
2013-03-19 10:22:01-0600 924 4b0 WU client executing call {A225C2ED-9692-4B07-B7C5-ED1CD8B47AFB} of type Search Call
2013-03-19 10:22:01-0600 924 4b0 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-19 10:22:10-0600 924 4b0 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-19 10:22:10-0600 924 4b0 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-19 10:22:10-0600 924 4b0 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-19 10:22:14-0600 924 4b0 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-19 10:22:19-0600 924 4b0 Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-19 10:22:19-0600 924 4b0 GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-19 10:22:19-0600 924 4b0 IsUpdateRequired failed with error 0x800b0003
2013-03-19 10:22:19-0600 924 4b0 OS Version = 5.1.2600.2.0.66304
2013-03-19 10:22:19-0600 924 4b0 Computer Brand = Acer
2013-03-19 10:22:19-0600 924 4b0 Computer Model = TravelMate 2420
2013-03-19 10:22:19-0600 924 4b0 Bios Revision = V1.03 
2013-03-19 10:22:19-0600 924 4b0 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-19 10:22:19-0600 924 4b0 Bios Release Date = 2006-02-06T00:00:00
2013-03-19 10:22:19-0600 924 4b0 Locale ID = 1033
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-19 10:22:19-0600 924 4b0 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-19 10:22:20-0600 924 4b0 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 10:22:20-0600 924 4b0 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 10:22:20-0600 924 4b0 PT: Calling GetConfig on server
2013-03-19 10:22:20-0600 924 4b0 Add header for accept-encoding: xpress succeeded
2013-03-19 10:22:21-0600 924 4b0 DetectCompressionType returning type 0, hr=0x1
2013-03-19 10:22:21-0600 924 4b0 GetConfig: 0x80244019
2013-03-19 10:22:21-0600 924 4b0 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-19 10:22:21-0600 924 4b0 Sync of Updates: 0x80244019
2013-03-19 10:22:21-0600 924 4b0 WU client failed Searching for update with error 0x80244019
2013-03-19 10:22:21-0600 924 4b0 Search Callback Failed, hr is 0x80244019
2013-03-19 10:22:21-0600 924 4b0 Setting next AU detection timeout to 2013-03-19 21:22:21
2013-03-19 10:22:21-0600 924 4b0 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-19 10:22:21-0600 924 4b0 WU client completed and deleted call {A225C2ED-9692-4B07-B7C5-ED1CD8B47AFB}
2013-03-19 10:22:24-0600 924 4b0 REPORT EVENT: {7C23C261-2764-494B-A636-62565735A06B} 19 2013-03-19 10:22:19-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-19 10:22:24-0600 924 4b0 REPORT EVENT: {DB742DFF-D3AA-46D6-B462-3FC13CEFEE06} 20 2013-03-19 10:22:21-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-19 10:22:24-0600 924 4b0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-19 10:22:24-0600 924 4b0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-19 10:22:31-0600 924 3cc AU received event of 1
2013-03-19 10:22:31-0600 924 3cc Forced install timer expired for scheduled install
2013-03-19 10:22:31-0600 924 3cc Setting AU scheduled install time to 2013-03-20 09:00:00
2013-03-19 10:27:21-0600 1696 6d0 Out of proc datastore is shutting down
2013-03-19 10:27:23-0600 1696 6d0 Out of proc datastore is now inactive
2013-03-19 14:45:13-0600 924 728 Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-19 14:45:13-0600 568 6f0 Trying to make out of proc datastore active
2013-03-19 14:45:14-0600 568 6f0 Out of proc datastore is now active
2013-03-19 14:45:14-0600 924 728 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 14:45:14-0600 924 728 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 14:45:14-0600 924 728 PT: Calling GetConfig on server
2013-03-19 14:45:14-0600 924 728 Add header for accept-encoding: xpress succeeded
2013-03-19 14:45:24-0600 924 728 DetectCompressionType returning type 0, hr=0x1
2013-03-19 14:45:24-0600 924 728 GetConfig: 0x80244019
2013-03-19 14:45:24-0600 924 728 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-19 14:45:24-0600 924 728 Failed to obtain cached cookie with hr = 80244019.
2013-03-19 14:45:24-0600 924 728 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 14:45:24-0600 924 728 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 14:45:24-0600 924 728 URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-19 14:45:24-0600 924 728 Trying to upload 2 events using cached cookie.
2013-03-19 14:45:28-0600 924 728 DetectCompressionType returning type 0, hr=0x1
2013-03-19 14:45:28-0600 924 728 Successfully uploaded 2 events.
2013-03-19 14:45:28-0600 924 728 Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-19 14:50:24-0600 568 6f0 Out of proc datastore is shutting down
2013-03-19 14:50:26-0600 568 6f0 Out of proc datastore is now inactive
2013-03-19 15:22:21-0600 924 3cc AU received event of 1
2013-03-19 15:22:21-0600 924 3cc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {09786CCC-2F4F-4C12-9EE9-1080D4294D28}
2013-03-19 15:22:21-0600 924 4b0 WU client executing call {09786CCC-2F4F-4C12-9EE9-1080D4294D28} of type Search Call
2013-03-19 15:22:22-0600 924 4b0 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-19 15:22:35-0600 924 4b0 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-19 15:22:35-0600 924 4b0 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-19 15:22:35-0600 924 4b0 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-19 15:22:40-0600 924 4b0 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-19 15:22:45-0600 924 4b0 Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-19 15:22:45-0600 924 4b0 GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-19 15:22:45-0600 924 4b0 IsUpdateRequired failed with error 0x800b0003
2013-03-19 15:22:45-0600 3524 52c Trying to make out of proc datastore active
2013-03-19 15:22:46-0600 3524 52c Out of proc datastore is now active
2013-03-19 15:22:46-0600 924 4b0 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-19 15:22:46-0600 924 4b0 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-19 15:22:46-0600 924 4b0 PT: Calling GetConfig on server
2013-03-19 15:22:46-0600 924 4b0 Add header for accept-encoding: xpress succeeded
2013-03-19 15:22:52-0600 924 4b0 DetectCompressionType returning type 0, hr=0x1
2013-03-19 15:22:52-0600 924 4b0 GetConfig: 0x80244019
2013-03-19 15:22:52-0600 924 4b0 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-19 15:22:52-0600 924 4b0 Sync of Updates: 0x80244019
2013-03-19 15:22:52-0600 924 4b0 WU client failed Searching for update with error 0x80244019
2013-03-19 15:22:52-0600 924 4b0 REPORT EVENT: {95BC07E4-7DB8-4F98-B40C-6080AEBB9B03} 21 2013-03-19 15:22:45-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-19 15:22:52-0600 924 4b0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-19 15:22:52-0600 924 4b0 Search Callback Failed, hr is 0x80244019
2013-03-19 15:22:52-0600 924 4b0 Setting next AU detection timeout to 2013-03-20 02:22:52
2013-03-19 15:22:52-0600 924 4b0 Setting AU scheduled install time to 2013-03-20 09:00:00
2013-03-19 15:22:52-0600 924 4b0 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-19 15:22:52-0600 924 4b0 WU client completed and deleted call {09786CCC-2F4F-4C12-9EE9-1080D4294D28}
2013-03-19 15:22:57-0600 924 4b0 REPORT EVENT: {FB57720D-4351-4653-A15E-9FB71F483FDB} 22 2013-03-19 15:22:52-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-19 15:27:52-0600 3524 52c Out of proc datastore is shutting down
2013-03-19 15:27:54-0600 3524 52c Out of proc datastore is now inactive
2013-03-19 19:21:45-0600 1396 5a8 0 updates are ready to be installed at shutdown.
2013-03-19 19:21:51-0600 924 3a0 Service received logoff notification
2013-03-19 19:21:51-0600 924 3cc AU received event of 3
2013-03-19 19:21:55-0600 924 a14 AU Restart required....
2013-03-19 19:21:55-0600 924 3cc AU received event of 1
2013-03-19 19:21:55-0600 3936 ec0 Trying to make out of proc datastore active
2013-03-19 19:21:56-0600 924 3a0 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-19 19:21:57-0600 3936 ec0 Out of proc datastore is now active
2013-03-19 19:21:57-0600 924 3cc AU is paused, not initializing any handlers
2013-03-19 19:21:57-0600 924 3cc AU Restart required....
2013-03-19 19:21:57-0600 924 3cc Exiting Service Main
2013-03-19 19:21:57-0600 3936 ec0 Out of proc datastore is shutting down
2013-03-19 19:21:57-0600 924 3cc WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-19 19:21:58-0600 3936 ec0 Out of proc datastore is now inactive
2013-03-20 10:06:23-0600 924 234 Service Main starts
2013-03-20 10:06:23-0600 924 234 Using BatchFlushAge = 15769.
2013-03-20 10:06:23-0600 924 234 Using SamplingValue = 501.
2013-03-20 10:06:23-0600 924 234 Successfully loaded event namespace dictionary.
2013-03-20 10:06:23-0600 924 234 Successfully loaded client event namespace descriptor.
2013-03-20 10:06:24-0600 924 234 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-20 10:06:24-0600 924 234 Successfully initialized NT event logger.
2013-03-20 10:06:24-0600 924 234 Successfully initialized event uploader 0.
2013-03-20 10:06:24-0600 924 234 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-20 10:06:24-0600 924 234 Successfully initialized event uploader 1.
2013-03-20 10:06:26-0600 924 234 WU client with version 5.4.3790.2180 successfully initialized
2013-03-20 10:06:26-0600 924 234 Service status is now SERVICE_RUNNING
2013-03-20 10:06:26-0600 924 3ac Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-20 10:06:27-0600 1672 690 Trying to make out of proc datastore active
2013-03-20 10:06:28-0600 924 3a0 Service received connect notification
2013-03-20 10:06:37-0600 1672 690 Out of proc datastore is now active
2013-03-20 10:06:39-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 10:06:41-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 10:06:41-0600 924 3ac PT: Calling GetConfig on server
2013-03-20 10:06:42-0600 924 3ac Add header for accept-encoding: xpress succeeded
2013-03-20 10:07:02-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-20 10:07:02-0600 924 3ac GetConfig: 0x80244019
2013-03-20 10:07:02-0600 924 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 10:07:02-0600 924 3ac Failed to obtain cached cookie with hr = 80244019.
2013-03-20 10:07:02-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 10:07:02-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 10:07:02-0600 924 3ac URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-20 10:07:02-0600 924 3ac Trying to upload 2 events using cached cookie.
2013-03-20 10:07:06-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-20 10:07:06-0600 924 3ac Successfully uploaded 2 events.
2013-03-20 10:07:06-0600 924 3ac Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-20 10:07:11-0600 924 234 start delayed initialization of WU client
2013-03-20 10:07:11-0600 924 234 Client Call Recorder finished delayed initialization
2013-03-20 10:07:11-0600 924 234 Setting next AU detection timeout to 2013-03-20 16:07:11
2013-03-20 10:07:11-0600 924 234 Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 10:07:11-0600 924 234 AU finished delayed initialization
2013-03-20 10:07:11-0600 924 234 AU received event of 1
2013-03-20 10:07:12-0600 924 234 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {23AB2F49-7695-450C-9730-D77A9697E4BB}
2013-03-20 10:07:12-0600 924 4b4 WU client executing call {23AB2F49-7695-450C-9730-D77A9697E4BB} of type Search Call
2013-03-20 10:07:12-0600 924 4b4 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-20 10:07:22-0600 924 4b4 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-20 10:07:22-0600 924 4b4 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-20 10:07:22-0600 924 4b4 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-20 10:07:26-0600 924 4b4 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-20 10:07:32-0600 924 4b4 Successfully refreshed Redirector cab.
2013-03-20 10:07:39-0600 924 4b4 DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/b/SelfUpdate/AU/x86/SKIP/en/wusetup.cab: error 0x80190194
2013-03-20 10:07:39-0600 924 4b4 IsUpdateRequired failed with error 0x80244019
2013-03-20 10:07:39-0600 924 4b4 OS Version = 5.1.2600.2.0.66304
2013-03-20 10:07:39-0600 924 4b4 Computer Brand = Acer
2013-03-20 10:07:39-0600 924 4b4 Computer Model = TravelMate 2420
2013-03-20 10:07:39-0600 924 4b4 Bios Revision = V1.03 
2013-03-20 10:07:39-0600 924 4b4 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-20 10:07:39-0600 924 4b4 Bios Release Date = 2006-02-06T00:00:00
2013-03-20 10:07:39-0600 924 4b4 Locale ID = 1033
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-20 10:07:40-0600 924 4b4 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 10:07:40-0600 924 4b4 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 10:07:40-0600 924 4b4 PT: Calling GetConfig on server
2013-03-20 10:07:40-0600 924 4b4 Add header for accept-encoding: xpress succeeded
2013-03-20 10:07:42-0600 924 4b4 DetectCompressionType returning type 0, hr=0x1
2013-03-20 10:07:42-0600 924 4b4 GetConfig: 0x80244019
2013-03-20 10:07:42-0600 924 4b4 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 10:07:42-0600 924 4b4 Sync of Updates: 0x80244019
2013-03-20 10:07:42-0600 924 4b4 WU client failed Searching for update with error 0x80244019
2013-03-20 10:07:42-0600 924 4b4 Search Callback Failed, hr is 0x80244019
2013-03-20 10:07:42-0600 924 4b4 Setting next AU detection timeout to 2013-03-20 21:07:42
2013-03-20 10:07:42-0600 924 4b4 Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 10:07:42-0600 924 4b4 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-20 10:07:42-0600 924 4b4 WU client completed and deleted call {23AB2F49-7695-450C-9730-D77A9697E4BB}
2013-03-20 10:07:45-0600 924 4b4 REPORT EVENT: {723A8C37-77A7-4163-A74F-453F1BC4DEA6} 23 2013-03-20 10:07:39-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80244019 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 10:07:45-0600 924 4b4 REPORT EVENT: {5CA46345-D0DC-4B2E-B736-227A50200909} 24 2013-03-20 10:07:42-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 10:07:45-0600 924 4b4 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-20 10:07:45-0600 924 4b4 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-20 10:12:42-0600 1672 690 Out of proc datastore is shutting down
2013-03-20 10:12:44-0600 1672 690 Out of proc datastore is now inactive
2013-03-20 10:16:50-0600 1212 4b8 Trying to make out of proc datastore active
2013-03-20 10:16:51-0600 1212 4b8 Out of proc datastore is now active
2013-03-20 10:16:51-0600 924 5bc WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {99B31568-1D69-4121-9B9E-119656AE9297}
2013-03-20 10:16:51-0600 924 678 WU client executing call {99B31568-1D69-4121-9B9E-119656AE9297} of type Search Call
2013-03-20 10:16:51-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 10:16:51-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 10:16:51-0600 924 678 PT: Calling GetConfig on server
2013-03-20 10:16:51-0600 924 678 Add header for accept-encoding: xpress succeeded
2013-03-20 10:16:56-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 10:16:56-0600 924 678 GetConfig: 0x80244019
2013-03-20 10:16:56-0600 924 678 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 10:16:56-0600 924 678 Sync of Updates: 0x80244019
2013-03-20 10:16:56-0600 924 678 WU client failed Searching for update with error 0x80244019
2013-03-20 10:16:56-0600 924 678 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-20 10:16:56-0600 924 678 WU client completed and deleted call {99B31568-1D69-4121-9B9E-119656AE9297}
2013-03-20 10:16:56-0600 2728 b58 Operation completed due to earlier error. (hr=80244019)
2013-03-20 10:16:56-0600 2728 b58 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-20 10:16:56-0600 924 6a4 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-20 10:16:56-0600 2728 4e4 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-20 10:17:01-0600 924 678 REPORT EVENT: {D083EC2B-1B8A-4CC5-83A4-FDF994EB28A9} 25 2013-03-20 10:16:56-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 10:21:56-0600 1212 4b8 Out of proc datastore is shutting down
2013-03-20 10:21:57-0600 1212 4b8 Out of proc datastore is now inactive
2013-03-20 10:54:49:796 2064 70c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 10:54:49:796 2064 70c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 10:54:49:796 2064 70c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 10:54:49:796 2064 70c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 10:54:50-0600 1060 668 Trying to make out of proc datastore active
2013-03-20 10:54:50-0600 1060 668 Out of proc datastore is now active
2013-03-20 10:54:50-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 10:55:04:546 2064 70c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 10:55:04-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 10:55:11:453 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:55:11:484 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:55:20:703 2064 70c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:55:20:703 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:55:20:718 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:55:29:093 2064 70c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:55:29:093 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:55:29:109 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:55:30:031 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:55:30:046 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:55:30:156 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:55:30:187 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:55:31:828 2064 70c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:55:31:843 2064 70c Misc Microsoft signed: Yes
2013-03-20 10:56:00-0600 924 5bc WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {CB5FEF57-80AF-4F9A-AE36-D19196C8007F}
2013-03-20 10:56:00-0600 924 4b4 WU client executing call {CB5FEF57-80AF-4F9A-AE36-D19196C8007F} of type Search Call
2013-03-20 10:56:00-0600 924 4b4 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 10:56:00-0600 924 4b4 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 10:56:00-0600 924 4b4 PT: Calling GetConfig on server
2013-03-20 10:56:00-0600 924 4b4 Add header for accept-encoding: xpress succeeded
2013-03-20 10:56:07-0600 924 4b4 DetectCompressionType returning type 0, hr=0x1
2013-03-20 10:56:07-0600 924 4b4 GetConfig: 0x80244019
2013-03-20 10:56:07-0600 924 4b4 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 10:56:07-0600 924 4b4 Sync of Updates: 0x80244019
2013-03-20 10:56:07-0600 924 4b4 WU client failed Searching for update with error 0x80244019
2013-03-20 10:56:07-0600 924 4b4 WU client calls back to search call WindowsUpdate with code Call failed and error 0x80244019 
2013-03-20 10:56:07-0600 924 4b4 WU client completed and deleted call {CB5FEF57-80AF-4F9A-AE36-D19196C8007F}
2013-03-20 10:56:08-0600 2064 70c Operation completed due to earlier error. (hr=80244019)
2013-03-20 10:56:08-0600 2064 70c Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-20 10:56:12-0600 924 4b4 REPORT EVENT: {CDAB31C6-1185-467C-9B3A-8EC0DB34DD6D} 26 2013-03-20 10:56:07-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 WindowsUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 10:56:46:031 732 510 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 10:56:46:031 732 510 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 10:56:46:031 732 510 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 10:56:46:031 732 510 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 10:56:46-0600 924 eb0 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 10:57:00:125 732 510 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 10:57:00-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 10:57:23-0600 924 548 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-20 10:57:23-0600 2064 70c ISusInternal:isconnectCall failed, hr=8024000C
2013-03-20 10:57:41:921 732 510 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 10:57:41-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 10:57:46:296 732 510 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 10:57:46:296 732 510 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 10:57:46:296 732 510 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-20 10:57:46:296 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:57:46:343 732 510 Misc Microsoft signed: Yes
2013-03-20 10:57:53:531 732 510 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:57:53:531 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:57:53:546 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:01:687 732 510 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:58:01:687 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:01:703 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:02:640 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:02:656 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:02:671 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:58:02:687 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:03:390 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:58:03:406 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:03:406 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:03:421 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:10:921 732 510 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:58:10:921 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:10:937 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:21:281 732 510 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 10:58:21:281 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:21:296 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:22:671 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 10:58:22:687 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:22:687 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:58:22:703 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:23:656 732 510 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 10:58:23:671 732 510 Misc Microsoft signed: Yes
2013-03-20 10:58:28-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:00:33:750 3736 d78 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:00:33:750 3736 d78 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 11:00:33:750 3736 d78 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 11:00:33:750 3736 d78 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:00:33-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:00:45:843 3736 d78 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:00:45-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:00:53:906 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:00:53:953 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:02:296 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:01:02:296 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:01:02:312 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:09:140 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:01:09:140 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:01:09:156 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:10:218 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:01:10:234 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:10:250 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:01:10:250 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:11:187 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:01:11:203 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:01:45:296 3736 d78 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:01:45-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:01:53:468 3736 d78 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:01:53-0600 924 540 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:02:19:437 3736 d78 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:02:19-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:02:24:921 3736 d78 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:02:24:921 3736 d78 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 11:02:24:921 3736 d78 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-20 11:02:24:921 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:24:937 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:32:218 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:02:32:218 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:32:234 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:39:750 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:02:39:750 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:39:765 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:40:718 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:40:734 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:40:750 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:02:40:765 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:41:703 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:02:41:718 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:41:718 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:41:734 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:49:671 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:02:49:671 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:49:671 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:02:59:468 3736 d78 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:02:59:468 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:02:59:484 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:03:00:625 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:03:00:640 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:03:00:656 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:03:00:656 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:03:01:812 3736 d78 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:03:01:828 3736 d78 Misc Microsoft signed: Yes
2013-03-20 11:03:04-0600 924 548 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:07:44-0600 924 548 WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {AE180EB8-1064-46D0-89C6-84E0509B13CB}
2013-03-20 11:07:44-0600 924 678 WU client executing call {AE180EB8-1064-46D0-89C6-84E0509B13CB} of type Search Call
2013-03-20 11:07:44-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 11:07:44-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 11:07:44-0600 924 678 PT: Calling GetConfig on server
2013-03-20 11:07:44-0600 924 678 Add header for accept-encoding: xpress succeeded
2013-03-20 11:07:51-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 11:07:51-0600 924 678 GetConfig: 0x80244019
2013-03-20 11:07:51-0600 924 678 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 11:07:51-0600 924 678 Sync of Updates: 0x80244019
2013-03-20 11:07:51-0600 924 678 WU client failed Searching for update with error 0x80244019
2013-03-20 11:07:51-0600 924 678 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-20 11:07:51-0600 924 678 WU client completed and deleted call {AE180EB8-1064-46D0-89C6-84E0509B13CB}
2013-03-20 11:07:52-0600 1228 4c0 Operation completed due to earlier error. (hr=80244019)
2013-03-20 11:07:52-0600 1228 4c0 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-20 11:07:52-0600 924 5bc ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-20 11:07:52-0600 1228 b70 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-20 11:07:56-0600 924 678 REPORT EVENT: {D728D0C3-ADDF-41E0-9641-DC859031622D} 27 2013-03-20 11:07:51-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 11:09:37-0600 924 548 Setting AU Approval Type to 1
2013-03-20 11:09:37-0600 924 548 AU Options changed through user preference.
2013-03-20 11:09:37-0600 924 548 AU Restart required....
2013-03-20 11:09:37-0600 924 234 AU received event of 1
2013-03-20 11:09:37-0600 924 234 AU is disabled, not initializing any handlers
2013-03-20 11:10:09:593 3028 8b0 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:10:09:593 3028 8b0 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 11:10:09:593 3028 8b0 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 11:10:09:593 3028 8b0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:10:09-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:10:23:875 3028 8b0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:10:23-0600 924 82c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:10:31:312 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:10:31:359 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:10:39:843 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:10:39:843 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:10:39:843 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:10:47:296 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:10:47:296 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:10:47:312 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:10:48:484 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:10:48:500 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:10:48:515 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:10:48:531 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:10:49:546 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:10:49:562 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:11:10:250 3028 8b0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:11:10-0600 924 82c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:11:19:687 3028 8b0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:11:19-0600 924 82c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:11:39:500 3028 8b0 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:11:39-0600 924 6a4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:11:44:562 3028 8b0 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:11:44:562 3028 8b0 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 11:11:44:562 3028 8b0 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-20 11:11:44:562 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:11:44:578 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:11:51:687 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:11:51:687 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:11:51:703 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:11:59:156 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:11:59:156 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:11:59:156 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:00:125 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:12:00:140 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:00:156 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:12:00:171 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:01:000 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:12:01:000 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:01:015 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:12:01:015 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:08:406 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:12:08:406 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:12:08:406 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:16:828 3028 8b0 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:12:16:828 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:12:16:828 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:17:843 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:12:17:859 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:17:859 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:12:17:875 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:18:781 3028 8b0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:12:18:796 3028 8b0 Misc Microsoft signed: Yes
2013-03-20 11:12:22-0600 924 6a4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:13:39-0600 924 8c4 Setting AU Approval Type to 4
2013-03-20 11:13:39-0600 924 8c4 Setting Install Schedule Day to 0
2013-03-20 11:13:39-0600 924 8c4 Setting Install Schedule Time to 3
2013-03-20 11:13:39-0600 924 8c4 AU Options changed through user preference.
2013-03-20 11:13:39-0600 924 8c4 AU Restart required....
2013-03-20 11:13:39-0600 924 234 AU received event of 1
2013-03-20 11:13:39-0600 924 234 Setting next AU detection timeout to 2013-03-20 17:13:39
2013-03-20 11:13:39-0600 924 234 Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 11:13:39-0600 924 234 AU received event of 1
2013-03-20 11:13:39-0600 924 234 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {B4CCFE4E-8210-4A6B-9513-74A747FD012A}
2013-03-20 11:13:39-0600 924 3ac WU client executing call {B4CCFE4E-8210-4A6B-9513-74A747FD012A} of type Search Call
2013-03-20 11:13:39-0600 924 3ac WU client found 0 updates and 0 categories in search
2013-03-20 11:13:39-0600 924 3ac WU client finished Searching for update
2013-03-20 11:13:39-0600 924 3ac AU Detection callback: 0 updates detected
2013-03-20 11:13:39-0600 924 3ac Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 11:13:39-0600 924 234 AU received event of 1
2013-03-20 11:13:39-0600 924 234 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {5D275BC5-3A38-40B5-8C28-E906ED7D5605}
2013-03-20 11:13:39-0600 924 3ac WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-20 11:13:39-0600 924 3ac WU client completed and deleted call {B4CCFE4E-8210-4A6B-9513-74A747FD012A}
2013-03-20 11:13:39-0600 924 3ac WU client executing call {5D275BC5-3A38-40B5-8C28-E906ED7D5605} of type Search Call
2013-03-20 11:13:39-0600 924 3ac Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-20 11:13:49-0600 924 3ac DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-20 11:13:49-0600 924 3ac Failed to download the Redirector cab on try 1: 0x80190194
2013-03-20 11:13:49-0600 924 3ac Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-20 11:13:52-0600 924 3ac Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-20 11:13:56-0600 924 3ac Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-20 11:13:56-0600 924 3ac GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-20 11:13:56-0600 924 3ac IsUpdateRequired failed with error 0x800b0003
2013-03-20 11:13:56-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 11:13:56-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 11:13:56-0600 924 3ac PT: Calling GetConfig on server
2013-03-20 11:13:56-0600 924 3ac Add header for accept-encoding: xpress succeeded
2013-03-20 11:14:02-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-20 11:14:02-0600 924 3ac GetConfig: 0x80244019
2013-03-20 11:14:02-0600 924 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 11:14:02-0600 924 3ac Sync of Updates: 0x80244019
2013-03-20 11:14:02-0600 924 3ac WU client failed Searching for update with error 0x80244019
2013-03-20 11:14:02-0600 924 3ac REPORT EVENT: {AFE88BDB-B7B0-44B0-B968-ED2C5D43F656} 28 2013-03-20 11:13:56-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-20 11:14:02-0600 924 3ac Search Callback Failed, hr is 0x80244019
2013-03-20 11:14:02-0600 924 3ac Setting next AU detection timeout to 2013-03-20 22:14:02
2013-03-20 11:14:02-0600 924 3ac Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 11:14:02-0600 924 3ac WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-20 11:14:02-0600 924 3ac WU client completed and deleted call {5D275BC5-3A38-40B5-8C28-E906ED7D5605}
2013-03-20 11:14:07-0600 924 3ac REPORT EVENT: {6AF7D620-667F-46B5-81E4-15CDFB14F7D6} 29 2013-03-20 11:14:02-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 11:14:51:359 3388 e10 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:14:51:359 3388 e10 Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2013-03-20 11:14:51:359 3388 e10 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 11:14:51:359 3388 e10 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:14:51-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:15:03:437 3388 e10 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:15:03-0600 924 6a4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:15:08:296 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:15:08:343 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:16:015 3388 e10 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:15:16:015 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:15:16:015 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:23:859 3388 e10 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 11:15:23:859 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:15:23:875 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:24:796 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 11:15:24:796 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:24:812 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:15:24:828 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:25:734 3388 e10 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 11:15:25:750 3388 e10 Misc Microsoft signed: Yes
2013-03-20 11:15:46-0600 924 54c WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {3F64D88D-4BC4-4030-893E-FC99C376CFA5}
2013-03-20 11:15:46-0600 924 4b4 WU client executing call {3F64D88D-4BC4-4030-893E-FC99C376CFA5} of type Search Call
2013-03-20 11:15:46-0600 924 4b4 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 11:15:46-0600 924 4b4 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 11:15:46-0600 924 4b4 PT: Calling GetConfig on server
2013-03-20 11:15:46-0600 924 4b4 Add header for accept-encoding: xpress succeeded
2013-03-20 11:15:54-0600 924 4b4 DetectCompressionType returning type 0, hr=0x1
2013-03-20 11:15:54-0600 924 4b4 GetConfig: 0x80244019
2013-03-20 11:15:54-0600  924 4b4 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 11:15:54-0600 924 4b4 Sync of Updates: 0x80244019
2013-03-20 11:15:54-0600 924 4b4 WU client failed Searching for update with error 0x80244019
2013-03-20 11:15:54-0600 924 4b4 WU client calls back to search call WindowsUpdate with code Call failed and error 0x80244019 
2013-03-20 11:15:54-0600 924 4b4 WU client completed and deleted call {3F64D88D-4BC4-4030-893E-FC99C376CFA5}
2013-03-20 11:15:54-0600 3388 e10 Operation completed due to earlier error. (hr=80244019)
2013-03-20 11:15:54-0600 3388 e10 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-20 11:15:59-0600 924 3ac REPORT EVENT: {688A50F4-44C0-4A33-8515-8406D05CB6DF} 30 2013-03-20 11:15:54-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 WindowsUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 11:16:32-0600 924 6c0 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-20 11:16:32-0600 3388 e10 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-20 11:20:54-0600 1060 668 Out of proc datastore is shutting down
2013-03-20 11:20:55-0600 1060 668 Out of proc datastore is now inactive
2013-03-20 11:33:23:781 2156 6bc Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 11:33:23:781 2156 6bc Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2013-03-20 11:33:23:781 2156 6bc Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 11:33:23:781 2156 6bc WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 11:33:24-0600 3852 454 Trying to make out of proc datastore active
2013-03-20 11:33:24-0600 3852 454 Out of proc datastore is now active
2013-03-20 11:33:24-0600 924 5bc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 11:38:24-0600 3852 454 Out of proc datastore is shutting down
2013-03-20 11:38:26-0600 3852 454 Out of proc datastore is now inactive
2013-03-20 12:09:46-0600 3932 c58 Trying to make out of proc datastore active
2013-03-20 12:09:47-0600 3932 c58 Out of proc datastore is now active
2013-03-20 12:09:47-0600 924 f8c WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {105F2B3F-3F08-4C10-8FFB-7C91C41FE43C}
2013-03-20 12:09:47-0600 924 678 WU client executing call {105F2B3F-3F08-4C10-8FFB-7C91C41FE43C} of type Search Call
2013-03-20 12:09:47-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 12:09:47-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 12:09:47-0600 924 678 PT: Calling GetConfig on server
2013-03-20 12:09:47-0600 924 678 Add header for accept-encoding: xpress succeeded
2013-03-20 12:09:57-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 12:09:57-0600 924 678 GetConfig: 0x80244019
2013-03-20 12:09:57-0600 924 678 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 12:09:57-0600 924 678 Sync of Updates: 0x80244019
2013-03-20 12:09:57-0600 924 678 WU client failed Searching for update with error 0x80244019
2013-03-20 12:09:57-0600 924 678 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-20 12:09:57-0600 924 678 WU client completed and deleted call {105F2B3F-3F08-4C10-8FFB-7C91C41FE43C}
2013-03-20 12:09:57-0600 3412 de8 Operation completed due to earlier error. (hr=80244019)
2013-03-20 12:09:57-0600 3412 de8 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-20 12:09:57-0600 924 54c ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-20 12:09:57-0600 3412 b94 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-20 12:10:02-0600 924 4b4 REPORT EVENT: {2B1C008F-6C95-4D78-8CEF-89EBF7911377} 31 2013-03-20 12:09:57-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 12:14:57-0600 3932 c58 Out of proc datastore is shutting down
2013-03-20 12:14:58-0600 3932 c58 Out of proc datastore is now inactive
2013-03-20 14:30:33-0600 924 678 Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-20 14:30:33-0600 1244 e14 Trying to make out of proc datastore active
2013-03-20 14:30:34-0600 1244 e14 Out of proc datastore is now active
2013-03-20 14:30:34-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 14:30:34-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 14:30:34-0600 924 678 PT: Calling GetConfig on server
2013-03-20 14:30:34-0600 924 678 Add header for accept-encoding: xpress succeeded
2013-03-20 14:30:42-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 14:30:42-0600 924 678 GetConfig: 0x80244019
2013-03-20 14:30:42-0600 924 678 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 14:30:42-0600 924 678 Failed to obtain cached cookie with hr = 80244019.
2013-03-20 14:30:42-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 14:30:42-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 14:30:42-0600 924 678 URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-20 14:30:42-0600 924 678 Trying to upload 9 events using cached cookie.
2013-03-20 14:30:56-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 14:30:56-0600 924 678 Successfully uploaded 9 events.
2013-03-20 14:30:56-0600 924 678 Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-20 14:35:42-0600 1244 e14 Out of proc datastore is shutting down
2013-03-20 14:35:43-0600 1244 e14 Out of proc datastore is now inactive
2013-03-20 16:14:02-0600 924 234 AU received event of 1
2013-03-20 16:14:02-0600 924 234 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {64496377-793C-4156-81FA-FC92608580E2}
2013-03-20 16:14:02-0600 924 678 WU client executing call {64496377-793C-4156-81FA-FC92608580E2} of type Search Call
2013-03-20 16:14:02-0600 924 678 Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-20 16:14:17-0600 924 678 DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-20 16:14:17-0600 924 678 Failed to download the Redirector cab on try 1: 0x80190194
2013-03-20 16:14:17-0600 924 678 Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-20 16:14:21-0600 924 678 Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-20 16:14:37-0600 924 678 Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-20 16:14:37-0600 924 678 GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-20 16:14:37-0600 924 678 IsUpdateRequired failed with error 0x800b0003
2013-03-20 16:14:38-0600 2004 92c Trying to make out of proc datastore active
2013-03-20 16:14:39-0600 2004 92c Out of proc datastore is now active
2013-03-20 16:14:39-0600 924 678 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-20 16:14:39-0600 924 678 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-20 16:14:39-0600 924 678 PT: Calling GetConfig on server
2013-03-20 16:14:39-0600 924 678 Add header for accept-encoding: xpress succeeded
2013-03-20 16:14:47-0600 924 678 DetectCompressionType returning type 0, hr=0x1
2013-03-20 16:14:47-0600 924 678 GetConfig: 0x80244019
2013-03-20 16:14:47-0600 924 678 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-20 16:14:47-0600 924 678 Sync of Updates: 0x80244019
2013-03-20 16:14:47-0600 924 678 WU client failed Searching for update with error 0x80244019
2013-03-20 16:14:47-0600 924 678 REPORT EVENT: {00BEAB63-22FD-42C0-B611-EE4C1A3D6D58} 32 2013-03-20 16:14:37-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-20 16:14:47-0600 924 678 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-20 16:14:47-0600 924 678 Search Callback Failed, hr is 0x80244019
2013-03-20 16:14:47-0600 924 678 Setting next AU detection timeout to 2013-03-21 03:14:47
2013-03-20 16:14:47-0600 924 678 Setting AU scheduled install time to 2013-03-21 09:00:00
2013-03-20 16:14:47-0600 924 678 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-20 16:14:47-0600 924 678 WU client completed and deleted call {64496377-793C-4156-81FA-FC92608580E2}
2013-03-20 16:14:52-0600 924 4b4 REPORT EVENT: {AA57BE65-1BA0-4A40-A4DB-EF8EC3292E26} 33 2013-03-20 16:14:47-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-20 16:19:47-0600 2004 92c Out of proc datastore is shutting down
2013-03-20 16:19:49-0600 2004 92c Out of proc datastore is now inactive
2013-03-20 18:14:02:890 2600 7c Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 18:14:02:890 2600 7c Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe
2013-03-20 18:14:02:890 2600 7c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 18:14:02:890 2600 7c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:14:03-0600 2960 5f4 Trying to make out of proc datastore active
2013-03-20 18:14:03-0600 2960 5f4 Out of proc datastore is now active
2013-03-20 18:14:03-0600 924 9fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:14:11:796 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:14:11:875 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:14:23:312 2600 7c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:14:23:312 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:14:23:328 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:14:34:984 2600 7c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:14:34:984 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:14:35:000 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:14:37:875 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:14:37:890 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:14:37:906 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:14:37:921 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:14:40:156 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:14:40:171 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:15:31:968 2600 7c WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:15:31-0600 924 54c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:15:39:140 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:15:39:156 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:15:51:828 2600 7c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:15:51:828 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:15:51:828 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:16:05:156 2600 7c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:16:05:156 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:16:05:171 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:16:06:734 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:16:06:750 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:16:06:750 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:16:06:765 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:16:08:500 2600 7c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:16:08:500 2600 7c Misc Microsoft signed: Yes
2013-03-20 18:20:32-0600 2960 5f4 Out of proc datastore is shutting down
2013-03-20 18:20:33-0600 2960 5f4 Out of proc datastore is now inactive
2013-03-20 18:27:50:031 2980 7e4 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 18:27:50:031 2980 7e4 Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2013-03-20 18:27:50:031 2980 7e4 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-20 18:27:50:031 2980 7e4 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:27:50-0600 3972 918 Trying to make out of proc datastore active
2013-03-20 18:27:50-0600 3972 918 Out of proc datastore is now active
2013-03-20 18:27:50-0600 924 9f0 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:27:59:218 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:27:59:281 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:28:10:968 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:28:10:968 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:28:10:968 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:28:21:140 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:28:21:140 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:28:21:156 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:28:25:593 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:28:25:609 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:28:25:718 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:28:25:734 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:28:27:031 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:28:27:046 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:29:01:703 2980 7e4 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:29:01-0600 924 e9c WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:29:12:203 2980 7e4 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:29:12-0600 924 bd4 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:29:44:937 2980 7e4 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-20 18:29:44-0600 924 9fc WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:29:53:093 2980 7e4 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-20 18:29:53:093 2980 7e4 Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2013-03-20 18:29:53:093 2980 7e4 Misc = Module: C:\WINDOWS\system32\muweb.dll
2013-03-20 18:29:53:093 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:29:53:109 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:03:937 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:30:03:937 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:03:953 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:13:015 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:30:13:015 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:13:031 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:13:859 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:13:875 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:13:890 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:30:13:906 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:14:671 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:30:14:687 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:14:687 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:14:703 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:25:625 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:30:25:625 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:25:640 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:35:609 2980 7e4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-20 18:30:35:609 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:35:625 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:36:921 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-20 18:30:36:937 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:36:953 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:30:36:953 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:38:187 2980 7e4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-20 18:30:38:187 2980 7e4 Misc Microsoft signed: Yes
2013-03-20 18:30:43-0600 924 9ec WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-20 18:35:43-0600 3972 918 Out of proc datastore is shutting down
2013-03-20 18:35:44-0600 3972 918 Out of proc datastore is now inactive
2013-03-20 20:07:01-0600 1420 5cc 0 updates are ready to be installed at shutdown.
2013-03-20 20:07:06-0600 924 3a0 Service received logoff notification
2013-03-20 20:07:06-0600 924 234 AU received event of 3
2013-03-20 20:07:10-0600 924 9f0 AU Restart required....
2013-03-20 20:07:10-0600 924 234 AU received event of 1
2013-03-20 20:07:11-0600 992 1bc Trying to make out of proc datastore active
2013-03-20 20:07:12-0600 924 3a0 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-20 20:07:12-0600 992 1bc Out of proc datastore is now active
2013-03-20 20:07:12-0600 924 234 AU is paused, not initializing any handlers
2013-03-20 20:07:12-0600 924 234 AU Restart required....
2013-03-20 20:07:12-0600 924 234 Exiting Service Main
2013-03-20 20:07:13-0600 992 1bc Out of proc datastore is shutting down
2013-03-20 20:07:13-0600 924 234 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-20 20:07:14-0600 992 1bc Out of proc datastore is now inactive
2013-03-21 11:37:19-0600 924 3f0 Service Main starts
2013-03-21 11:37:22-0600 924 3f0 Using BatchFlushAge = 15769.
2013-03-21 11:37:22-0600 924 3f0 Using SamplingValue = 501.
2013-03-21 11:37:22-0600 924 3f0 Successfully loaded event namespace dictionary.
2013-03-21 11:37:22-0600 924 3f0 Successfully loaded client event namespace descriptor.
2013-03-21 11:37:22-0600 924 3f0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-21 11:37:22-0600 924 3f0 Successfully initialized NT event logger.
2013-03-21 11:37:22-0600 924 3f0 Successfully initialized event uploader 0.
2013-03-21 11:37:22-0600 924 3f0 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-21 11:37:22-0600 924 3f0 Successfully initialized event uploader 1.
2013-03-21 11:37:23-0600 924 3f0 WU client with version 5.4.3790.2180 successfully initialized
2013-03-21 11:37:23-0600 924 3f0 Service status is now SERVICE_RUNNING
2013-03-21 11:37:23-0600 924 3ac Successfully opened event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for reading.
2013-03-21 11:37:25-0600 1360 554 Trying to make out of proc datastore active
2013-03-21 11:37:29-0600 924 3a0 Service received connect notification
2013-03-21 11:37:30-0600 1360 554 Out of proc datastore is now active
2013-03-21 11:37:34-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 11:37:35-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 11:37:35-0600 924 3ac PT: Calling GetConfig on server
2013-03-21 11:37:35-0600 924 3ac Add header for accept-encoding: xpress succeeded
2013-03-21 11:37:55-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-21 11:37:56-0600 924 3ac GetConfig: 0x80244019
2013-03-21 11:37:56-0600 924 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 11:37:56-0600 924 3ac Failed to obtain cached cookie with hr = 80244019.
2013-03-21 11:37:56-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 11:37:56-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 11:37:56-0600 924 3ac URL for server is http://stats1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2013-03-21 11:37:56-0600 924 3ac Trying to upload 2 events using cached cookie.
2013-03-21 11:38:01-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-21 11:38:01-0600 924 3ac Successfully uploaded 2 events.
2013-03-21 11:38:01-0600 924 3ac Deleted event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin.
2013-03-21 11:38:08-0600 924 3f0 start delayed initialization of WU client
2013-03-21 11:38:08-0600 924 3f0 Client Call Recorder finished delayed initialization
2013-03-21 11:38:08-0600 924 3f0 Setting next AU detection timeout to 2013-03-21 17:38:08
2013-03-21 11:38:08-0600 924 3f0 Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 11:38:08-0600 924 3f0 AU finished delayed initialization
2013-03-21 11:38:08-0600 924 3f0 AU received event of 1
2013-03-21 11:38:08-0600 924 3ac WU client executing call {840A4609-3E1E-45AF-A803-F0D1925E33D6} of type Search Call
2013-03-21 11:38:08-0600 924 3f0 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {840A4609-3E1E-45AF-A803-F0D1925E33D6}
2013-03-21 11:38:08-0600 924 3ac WU client found 0 updates and 0 categories in search
2013-03-21 11:38:08-0600 924 3ac WU client finished Searching for update
2013-03-21 11:38:08-0600 924 3ac AU Detection callback: 0 updates detected
2013-03-21 11:38:08-0600 924 3ac Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 11:38:08-0600 924 3f0 AU received event of 1
2013-03-21 11:38:08-0600 924 3f0 WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {DA229206-5C62-4295-B987-3226E630B121}
2013-03-21 11:38:08-0600 924 3ac WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-21 11:38:08-0600 924 3ac WU client completed and deleted call {840A4609-3E1E-45AF-A803-F0D1925E33D6}
2013-03-21 11:38:08-0600 924 3ac WU client executing call {DA229206-5C62-4295-B987-3226E630B121} of type Search Call
2013-03-21 11:38:08-0600 924 3ac Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-21 11:38:19-0600 924 3ac DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-21 11:38:19-0600 924 3ac Failed to download the Redirector cab on try 1: 0x80190194
2013-03-21 11:38:19-0600 924 3ac Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-21 11:38:23-0600 924 3ac Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-21 11:38:30-0600 924 3ac Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-21 11:38:30-0600 924 3ac GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-21 11:38:30-0600 924 3ac IsUpdateRequired failed with error 0x800b0003
2013-03-21 11:38:30-0600 924 3ac OS Version = 5.1.2600.2.0.66304
2013-03-21 11:38:30-0600 924 3ac Computer Brand = Acer
2013-03-21 11:38:30-0600 924 3ac Computer Model = TravelMate 2420
2013-03-21 11:38:30-0600 924 3ac Bios Revision = V1.03 
2013-03-21 11:38:30-0600 924 3ac Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-21 11:38:30-0600 924 3ac Bios Release Date = 2006-02-06T00:00:00
2013-03-21 11:38:30-0600 924 3ac Locale ID = 1033
2013-03-21 11:38:31-0600 924 3ac ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-21 11:38:31-0600 924 3ac ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-21 11:38:32-0600 924 3ac ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-21 11:38:32-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 11:38:32-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 11:38:32-0600 924 3ac PT: Calling GetConfig on server
2013-03-21 11:38:32-0600 924 3ac Add header for accept-encoding: xpress succeeded
2013-03-21 11:38:34-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-21 11:38:34-0600 924 3ac GetConfig: 0x80244019
2013-03-21 11:38:34-0600 924 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 11:38:34-0600 924 3ac Sync of Updates: 0x80244019
2013-03-21 11:38:34-0600 924 3ac WU client failed Searching for update with error 0x80244019
2013-03-21 11:38:34-0600 924 3ac Search Callback Failed, hr is 0x80244019
2013-03-21 11:38:34-0600 924 3ac Setting next AU detection timeout to 2013-03-21 22:38:34
2013-03-21 11:38:34-0600 924 3ac Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 11:38:34-0600 924 3ac WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-21 11:38:34-0600 924 3ac WU client completed and deleted call {DA229206-5C62-4295-B987-3226E630B121}
2013-03-21 11:38:37-0600 924 3ac REPORT EVENT: {87BD974F-5336-4D7B-9AE4-893436F588D7} 34 2013-03-21 11:38:30-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-21 11:38:37-0600 924 3ac REPORT EVENT: {8EC258E1-55DD-45A8-981F-0F976B40BAFA} 35 2013-03-21 11:38:34-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-21 11:38:37-0600 924 3ac Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-21 11:38:37-0600 924 3ac Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-21 11:43:34-0600 1360 554 Out of proc datastore is shutting down
2013-03-21 11:43:35-0600 1360 554 Out of proc datastore is now inactive
2013-03-21 11:47:26-0600 3156 c50 Trying to make out of proc datastore active
2013-03-21 11:47:27-0600 3156 c50 Out of proc datastore is now active
2013-03-21 11:47:27-0600 924 bac WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {5E22AF0C-E900-4BF6-A79E-4E630DEE146E}
2013-03-21 11:47:27-0600 924 4a4 WU client executing call {5E22AF0C-E900-4BF6-A79E-4E630DEE146E} of type Search Call
2013-03-21 11:47:27-0600 924 4a4 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 11:47:27-0600 924 4a4 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 11:47:27-0600 924 4a4 PT: Calling GetConfig on server
2013-03-21 11:47:27-0600 924 4a4 Add header for accept-encoding: xpress succeeded
2013-03-21 11:47:33-0600 924 4a4 DetectCompressionType returning type 0, hr=0x1
2013-03-21 11:47:33-0600 924 4a4 GetConfig: 0x80244019
2013-03-21 11:47:33-0600 924 4a4 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 11:47:33-0600 924 4a4 Sync of Updates: 0x80244019
2013-03-21 11:47:33-0600 924 4a4 WU client failed Searching for update with error 0x80244019
2013-03-21 11:47:33-0600 924 4a4 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-21 11:47:33-0600 924 4a4 WU client completed and deleted call {5E22AF0C-E900-4BF6-A79E-4E630DEE146E}
2013-03-21 11:47:33-0600 3088 9b4 Operation completed due to earlier error. (hr=80244019)
2013-03-21 11:47:33-0600 3088 9b4 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-21 11:47:33-0600 924 bac ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-21 11:47:33-0600 3088 5bc ISusInternal:isconnectCall failed, hr=8024000C
2013-03-21 11:47:38-0600 924 4a4 REPORT EVENT: {CAA8C9AC-44E8-4027-9AE7-8C6F40588058} 36 2013-03-21 11:47:33-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-21 11:52:33-0600 3156 c50 Out of proc datastore is shutting down
2013-03-21 11:52:35-0600 3156 c50 Out of proc datastore is now inactive
2013-03-21 12:04:34-0600 924 3a0 Service received logoff notification
2013-03-21 12:04:34-0600 924 3f0 AU received event of 3
2013-03-21 12:04:39-0600 924 bac AU Restart required....
2013-03-21 12:04:39-0600 924 3f0 AU received event of 1
2013-03-21 12:04:39-0600 3820 f20 Trying to make out of proc datastore active
2013-03-21 12:04:40-0600 924 3a0 Service received SERVICE_CONTROL_SHUTDOWN control
2013-03-21 12:04:40-0600 3820 f20 Out of proc datastore is now active
2013-03-21 12:04:40-0600 924 3f0 AU is paused, not initializing any handlers
2013-03-21 12:04:40-0600 924 3f0 AU Restart required....
2013-03-21 12:04:40-0600 924 3f0 Exiting Service Main
2013-03-21 12:04:40-0600 3820 f20 Out of proc datastore is shutting down
2013-03-21 12:04:40-0600 924 3f0 WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-21 12:04:41-0600 3820 f20 Out of proc datastore is now inactive
2013-03-21 12:05:29-0600 924 7cc Service Main starts
2013-03-21 12:05:32-0600 924 7cc Using BatchFlushAge = 15769.
2013-03-21 12:05:32-0600 924 7cc Using SamplingValue = 501.
2013-03-21 12:05:32-0600 924 7cc Successfully loaded event namespace dictionary.
2013-03-21 12:05:32-0600 924 7cc Successfully loaded client event namespace descriptor.
2013-03-21 12:05:32-0600 924 7cc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-21 12:05:32-0600 924 7cc Successfully initialized NT event logger.
2013-03-21 12:05:32-0600 924 7cc Successfully initialized event uploader 0.
2013-03-21 12:05:32-0600 924 7cc Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-21 12:05:32-0600 924 7cc Successfully initialized event uploader 1.
2013-03-21 12:05:32-0600 924 7cc WU client with version 5.4.3790.2180 successfully initialized
2013-03-21 12:05:32-0600 924 7cc Service status is now SERVICE_RUNNING
2013-03-21 12:05:40-0600 924 3a0 Service received connect notification
2013-03-21 12:06:17-0600 924 7cc start delayed initialization of WU client
2013-03-21 12:06:19-0600 2724 aa8 Trying to make out of proc datastore active
2013-03-21 12:06:19-0600 2724 aa8 Out of proc datastore is now active
2013-03-21 12:06:19-0600 924 7cc Client Call Recorder finished delayed initialization
2013-03-21 12:06:19-0600 924 7cc Setting next AU detection timeout to 2013-03-21 18:06:19
2013-03-21 12:06:19-0600 924 7cc Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 12:06:19-0600 924 7cc AU finished delayed initialization
2013-03-21 12:06:19-0600 924 7cc AU received event of 1
2013-03-21 12:06:19-0600 924 7cc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {8765186C-60EF-4DD1-B599-28D25EFD8034}
2013-03-21 12:06:19-0600 924 3ac WU client executing call {8765186C-60EF-4DD1-B599-28D25EFD8034} of type Search Call
2013-03-21 12:06:20-0600 924 3ac WU client found 0 updates and 0 categories in search
2013-03-21 12:06:20-0600 924 3ac WU client finished Searching for update
2013-03-21 12:06:20-0600 924 3ac AU Detection callback: 0 updates detected
2013-03-21 12:06:20-0600 924 3ac Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 12:06:20-0600 924 7cc AU received event of 1
2013-03-21 12:06:20-0600 924 7cc WU client succeeds CClientCallRecorder::BeginFindUpdates from AutomaticUpdates with call id {D55B04BD-7518-4D2F-BD7F-BDC59851A3B2}
2013-03-21 12:06:20-0600 924 3ac WU client calls back to search call AutomaticUpdates with code Call complete and error 0 
2013-03-21 12:06:20-0600 924 3ac WU client completed and deleted call {8765186C-60EF-4DD1-B599-28D25EFD8034}
2013-03-21 12:06:20-0600 924 3ac WU client executing call {D55B04BD-7518-4D2F-BD7F-BDC59851A3B2} of type Search Call
2013-03-21 12:06:20-0600 924 3ac Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2013-03-21 12:06:40-0600 924 3ac DownloadFileInternal failed for http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab: error 0x80190194
2013-03-21 12:06:40-0600 924 3ac Failed to download the Redirector cab on try 1: 0x80190194
2013-03-21 12:06:40-0600 924 3ac Checking for different Redirector at: http://download.microsoft.com/windowsupdate/v5/redir/wuredir.cab
2013-03-21 12:06:44-0600 924 3ac Checking for different Redirector at: http://windowsupdate.microsoft.com/v5/redir/wuredir.cab
2013-03-21 12:06:50-0600 924 3ac Failed to download the Redirector cab on try 3: 0x800b0003
2013-03-21 12:06:50-0600 924 3ac GetWuidentUrlFromRedirector failed due to error 0x800b0003
2013-03-21 12:06:50-0600 924 3ac IsUpdateRequired failed with error 0x800b0003
2013-03-21 12:06:50-0600 924 3ac OS Version = 5.1.2600.2.0.66304
2013-03-21 12:06:50-0600 924 3ac Computer Brand = Acer
2013-03-21 12:06:50-0600 924 3ac Computer Model = TravelMate 2420
2013-03-21 12:06:50-0600 924 3ac Bios Revision = V1.03 
2013-03-21 12:06:50-0600 924 3ac Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-21 12:06:50-0600 924 3ac Bios Release Date = 2006-02-06T00:00:00
2013-03-21 12:06:50-0600 924 3ac Locale ID = 1033
2013-03-21 12:06:50-0600 924 3ac ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-21 12:06:50-0600 924 3ac ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-21 12:06:51-0600 924 3ac ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-21 12:06:51-0600 924 3ac PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 12:06:51-0600 924 3ac PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 12:06:51-0600 924 3ac PT: Calling GetConfig on server
2013-03-21 12:06:51-0600 924 3ac Add header for accept-encoding: xpress succeeded
2013-03-21 12:06:57-0600 924 3ac DetectCompressionType returning type 0, hr=0x1
2013-03-21 12:06:57-0600 924 3ac GetConfig: 0x80244019
2013-03-21 12:06:57-0600 924 3ac PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 12:06:57-0600 924 3ac Sync of Updates: 0x80244019
2013-03-21 12:06:57-0600 924 3ac WU client failed Searching for update with error 0x80244019
2013-03-21 12:06:57-0600 924 498 Search Callback Failed, hr is 0x80244019
2013-03-21 12:06:57-0600 924 498 Setting next AU detection timeout to 2013-03-21 23:06:57
2013-03-21 12:06:57-0600 924 498 Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 12:06:57-0600 924 3ac REPORT EVENT: {812E6A5E-ED5F-4D17-A5F6-F8B46262DCDC} 37 2013-03-21 12:06:50-0600 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 800b0003 SelfUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x800b0003
2013-03-21 12:06:57-0600 924 3ac Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-21 12:06:57-0600 924 498 WU client calls back to search call AutomaticUpdates with code Call failed and error 0x80244019 
2013-03-21 12:06:57-0600 924 498 WU client completed and deleted call {D55B04BD-7518-4D2F-BD7F-BDC59851A3B2}
2013-03-21 12:07:02-0600 924 3ac REPORT EVENT: {71FA3DDD-3ADE-490C-838A-296CD403412F} 38 2013-03-21 12:06:57-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 AutomaticUpdates Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-21 12:11:57-0600 2724 aa8 Out of proc datastore is shutting down
2013-03-21 12:11:58-0600 2724 aa8 Out of proc datastore is now inactive
2013-03-21 12:15:28-0600 2364 928 Trying to make out of proc datastore active
2013-03-21 12:15:29-0600 2364 928 Out of proc datastore is now active
2013-03-21 12:15:29-0600 924 560 WU client succeeds CClientCallRecorder::BeginFindUpdates from Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with call id {090255DE-A548-4323-8741-0C16E4B9D90C}
2013-03-21 12:15:29-0600 924 670 WU client executing call {090255DE-A548-4323-8741-0C16E4B9D90C} of type Search Call
2013-03-21 12:15:29-0600 924 670 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 12:15:29-0600 924 670 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 12:15:29-0600 924 670 PT: Calling GetConfig on server
2013-03-21 12:15:29-0600 924 670 Add header for accept-encoding: xpress succeeded
2013-03-21 12:15:34-0600 924 670 DetectCompressionType returning type 0, hr=0x1
2013-03-21 12:15:34-0600 924 670 GetConfig: 0x80244019
2013-03-21 12:15:34-0600 924 670 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 12:15:34-0600 924 670 Sync of Updates: 0x80244019
2013-03-21 12:15:34-0600 924 670 WU client failed Searching for update with error 0x80244019
2013-03-21 12:15:34-0600 924 670 WU client calls back to search call Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) with code Call failed and error 0x80244019 
2013-03-21 12:15:34-0600 924 670 WU client completed and deleted call {090255DE-A548-4323-8741-0C16E4B9D90C}
2013-03-21 12:15:35-0600 2328 f4 Operation completed due to earlier error. (hr=80244019)
2013-03-21 12:15:35-0600 2328 f4 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-21 12:15:35-0600 924 5c0 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-21 12:15:35-0600 2328 528 ISusInternal:isconnectCall failed, hr=8024000C
2013-03-21 12:15:39-0600 924 3ac REPORT EVENT: {92484D63-F5AF-47BC-B0AD-8892E3A0637F} 39 2013-03-21 12:15:34-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Microsoft Security Essentials ( Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-21 12:20:34-0600 2364 928 Out of proc datastore is shutting down
2013-03-21 12:20:36-0600 2364 928 Out of proc datastore is now inactive
2013-03-21 12:40:42-0600 924 3a0 Service received SERVICE_CONTROL_STOP control
2013-03-21 12:40:42-0600 924 7cc Exiting Service Main
2013-03-21 12:40:42-0600 3916 f38 Trying to make out of proc datastore active
2013-03-21 12:40:43-0600 3916 f38 Out of proc datastore is now active
2013-03-21 12:40:43-0600 3916 f38 Out of proc datastore is shutting down
2013-03-21 12:40:43-0600 924 7cc WUAUENG ServiceMain exits. Exit code is 0x240001
2013-03-21 12:40:44-0600 3916 f38 Out of proc datastore is now inactive
2013-03-21 12:42:27-0600 924 428 Service Main starts
2013-03-21 12:42:27-0600 924 428 Using BatchFlushAge = 15769.
2013-03-21 12:42:27-0600 924 428 Using SamplingValue = 501.
2013-03-21 12:42:27-0600 924 428 Successfully loaded event namespace dictionary.
2013-03-21 12:42:27-0600 924 428 Successfully loaded client event namespace descriptor.
2013-03-21 12:42:27-0600 924 428 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2013-03-21 12:42:27-0600 924 428 Successfully initialized NT event logger.
2013-03-21 12:42:27-0600 924 428 Successfully initialized event uploader 0.
2013-03-21 12:42:27-0600 924 428 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{E7143614-82D8-4246-9A5A-95A13047A01F}.bin for writing.
2013-03-21 12:42:27-0600 924 428 Successfully initialized event uploader 1.
2013-03-21 12:42:28-0600 924 428 WU client with version 5.4.3790.2180 successfully initialized
2013-03-21 12:42:28-0600 924 428 Service status is now SERVICE_RUNNING
2013-03-21 12:43:07-0600 2596 438 Trying to make out of proc datastore active
2013-03-21 12:43:08-0600 2596 438 Out of proc datastore is now active
2013-03-21 12:43:08-0600 924 560 Client Call Recorder finished delayed initialization
2013-03-21 12:43:08-0600 924 560 Setting AU scheduled install time to 2013-03-22 09:00:00
2013-03-21 12:43:08-0600 924 560 AU finished delayed initialization
2013-03-21 12:43:13-0600 924 428 start delayed initialization of WU client
2013-03-21 12:43:41:578 2032 a74 Misc =========== Logging initialized (build: 7.6.7600.257, tz: -0600) ===========
2013-03-21 12:43:41:578 2032 a74 Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2013-03-21 12:43:41:578 2032 a74 Misc = Module: C:\WINDOWS\system32\wuweb.dll
2013-03-21 12:43:41:578 2032 a74 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-21 12:43:41-0600 924 560 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-21 12:43:47:609 2032 a74 WUWeb FATAL: CreateObject for Microsoft.Update.AgentInfo failed: error 0x800401f3
2013-03-21 12:43:47-0600 924 6f8 WU client succeeds CClientCallRecorder::EnumerateService 
2013-03-21 12:43:51:718 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-21 12:43:51:859 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:02:343 2032 a74 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-21 12:44:02:343 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-21 12:44:02:343 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:12:125 2032 a74 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-21 12:44:12:125 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-21 12:44:12:140 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:14:281 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-21 12:44:14:281 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:14:312 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-21 12:44:14:343 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:16:375 2032 a74 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2013-03-21 12:44:16:390 2032 a74 Misc Microsoft signed: Yes
2013-03-21 12:44:25-0600 924 6f8 WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {3F0BFD33-066A-4464-8889-6212EE76D487}
2013-03-21 12:44:25-0600 924 670 WU client executing call {3F0BFD33-066A-4464-8889-6212EE76D487} of type Search Call
2013-03-21 12:44:25-0600 924 670 PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-03-21 12:44:25-0600 924 670 PT: Using server URL https://update.microsoft.com/ClientWebService/client.asmx
2013-03-21 12:44:25-0600 924 670 PT: Calling GetConfig on server
2013-03-21 12:44:25-0600 924 670 Add header for accept-encoding: xpress succeeded
2013-03-21 12:44:42-0600 924 670 DetectCompressionType returning type 0, hr=0x1
2013-03-21 12:44:42-0600 924 670 GetConfig: 0x80244019
2013-03-21 12:44:42-0600 924 670 PT: Cannot recover from fault, origin=GetConfig, hr=0x80244019
2013-03-21 12:44:42-0600 924 670 Sync of Updates: 0x80244019
2013-03-21 12:44:42-0600 924 670 OS Version = 5.1.2600.2.0.66304
2013-03-21 12:44:43-0600 924 670 Computer Brand = Acer
2013-03-21 12:44:43-0600 924 670 Computer Model = TravelMate 2420
2013-03-21 12:44:43-0600 924 670 Bios Revision = V1.03 
2013-03-21 12:44:43-0600 924 670 Bios Name = PhoenixBIOS 4.0 Release 6.1 
2013-03-21 12:44:43-0600 924 670 Bios Release Date = 2006-02-06T00:00:00
2013-03-21 12:44:43-0600 924 670 Locale ID = 1033
2013-03-21 12:44:43-0600 924 670 ClientVersion: iuengine.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuapi.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuauclt.exe = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuauclt1.exe = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuaucpl.cpl = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuaueng.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuaueng1.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wuauserv.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 ClientVersion: wucltui.dll = 5.4.3790.2180
2013-03-21 12:44:43-0600 924 670 WU client failed Searching for update with error 0x80244019
2013-03-21 12:44:43-0600 924 670 WU client calls back to search call WindowsUpdate with code Call failed and error 0x80244019 
2013-03-21 12:44:43-0600 924 670 WU client completed and deleted call {3F0BFD33-066A-4464-8889-6212EE76D487}
2013-03-21 12:44:43-0600 2032 a74 Operation completed due to earlier error. (hr=80244019)
2013-03-21 12:44:43-0600 2032 a74 Unable to complete asynchronous search successfully. (hr=80244019)
2013-03-21 12:44:48-0600 924 670 REPORT EVENT: {98B8C1B8-3747-47D7-92E2-4E6766D4054C} 40 2013-03-21 12:44:42-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 WindowsUpdate Failure Software Synchronization Error: Agent failed detecting with reason: 0x80244019
2013-03-21 12:44:48-0600 924 670 Reopened existing event cache file at C:\WINDOWS\SoftwareDistribution\EventCache\{1152CACC-0AAE-4C55-93C8-82DE262CD209}.bin for writing.
2013-03-21 12:45:08-0600 924 560 ISusInternal API failed CClientCallRecorder:isconnectCall with error 0x8024000c
2013-03-21 12:45:08-0600 2032 a74 ISusInternal:isconnectCall failed, hr=8024000C


----------



## Mark1956 (May 7, 2011)

It looks like Windows Update is failing to connect and I am curious as to why the log shows dates back to 2004 after a re-install. When you did the Recovery were you given a choice to retain all your original data and settings?


----------



## Rena30 (Jan 19, 2013)

Not that I recall.


----------



## Mark1956 (May 7, 2011)

Was there anything left on the system from the previous install, personal files or software?

Please run DDS, instructions Here and *Copy and Paste* both the logs into your next reply.

Please also run these two scans so we can see if anything bad has got back on the system.

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post. If the log does not appear you should find it on your C: drive using Windows Explorer as ADWCleaner[S1].










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## Rena30 (Jan 19, 2013)

I do not think so.


----------



## Rena30 (Jan 19, 2013)

Ok my pc just started to do the same thing that it was doing (freezing up and everything disappearing). I just received a message asking if I wanted to report the error. I said yes and it sent me to this link. I don't know if it means anything but I just wanted you to know. Be right back with the logs.

*Problem caused by Microsoft Internet Explorer*

This problem occurred because *Microsoft Internet Explorer*, which was created by *Microsoft Corporation*, was slow or unresponsive.
This type of problem occurs when a program is slow or has stopped responding and you choose to shut it down. This is also referred to as an _application hang_. Most of the time, there's nothing you could have done to prevent this type of error, but there are some troubleshooting steps you can try.
*Troubleshooting*

It's hard to determine exactly what causes Internet Explorer to stop responding, but it's usually due to one of the following reasons:

*Spyware, adware, or other malicious software. *If you have downloaded free software from the Internet, you might have inadvertently downloaded spyware with it. Spyware is software that can display advertisements (such as pop-up ads), collect information about you, or change settings on your computer, usually without your permission.
*Internet Explorer add-ons: *Add-ons are software that add features or tools (an Internet toolbar for example) to Internet Explorer.
*Computer viruses: *If your computer has a virus, the virus can cause Internet Explorer to stop responding.
Before using other troubleshooting options, you can try running a troubleshooter that will find and automatically fix some common problems with Internet Explorer add-ons.
Tap or click to download and run the automatic troubleshooter

Click *Run* or *Open*. Follow the steps in the troubleshooter.
If this troubleshooter doesn't work, continue to the following steps:

Install the latest security updates for Internet Explorer
These updates address many issues that have caused Internet Explorer to stop responding
Install latest security updates for Internet Explorer
Update your Windows software
Follow the steps below to view updates that are available for your computer. 
Tap or click to go online to the Windows Update website
*Note*
If Microsoft Update is not installed, you will be taken to the Windows Update website. See the note below if Microsoft Update is not installed.

Click *Custom* to check for available updates. In the left pane, under Select by Type, click each of the following links to view all available updates:
*High Priority*
*Software, Optional*
*Hardware, Optional*

Select the updates you want, click *Review and install updates*, and then click *Install Updates*.
What do I do if Microsoft Update is not installed?
Follow the steps below to install Microsoft Update and check for updates.
Tap or click to go online to the Windows Update website
Tap or click the *Go* button next to the *Get Microsoft Update Today!* message, and then tap or click *Start Now*.
Review the license agreement, and then tap or click *Continue*.
After setup is complete, tap or click *Check for Updates*.
Tap or click *Custom* to check for available updates. In the left pane, under *Select by Type*, tap or click each of the following links to view all available updates:
*High Priority*
*Software, Optional*
*Hardware, Optional*

Select the updates you want, tap or click *Review and install updates*, and then tap or click *Install Updates*.

Install, run, and regularly update your antispyware, anti-adware, and antivirus software
To see a list of Microsoft and third-party solutions for spyware, adware, and antivirus software, go to the following website online.
Security software providers
You can also use the free Microsoft Safety Scanner to check your computer for malware:
Go to the following website: Microsoft Safety Scanner
Tap or click *Download Now*, and then follow the instructions on the screen.

Start Internet Explorer with no add-ons
Depending on your version of Internet Explorer, do one of the following:

In Internet Explorer 7 or 8, do the following:
Close all Internet Explorer windows.
Click *Start*, click *Run*, type *iexplore.exe -extoff*, and then click *OK*.
Internet Explorer will open a new window with all add-ons turned off.
In Internet Explorer 6, do the following:
Close all Internet Explorer windows.
Click *Start*, and then click *Control Panel*.
Double-click *Internet Options*.
Click the *Advanced* tab.
Under *Browsing*, clear the *Enable third-party browser extensions (requires restart)* check box.
Restart Internet Explorer.
*Note*
When you turn off third-party browser extensions and restart Internet Explorer, all third-party browser extensions will be unavailable. You can easily turn on these components again.
Continue using Internet Explorer the same way you did when you received a crash report. If Internet Explorer starts and runs with all of the add-ons turned off, then the next step will help you determine which add-on is causing it to crash.

 Disable add-ons one at a time until you can no longer reproduce the problem 

Close all Internet Explorer windows.
Click *Start*, and then click *Control Panel*.
Click *Network and Internet Connections*, and then click *Internet Options*.
Click the *Programs *tab, and then click *Manage Add-ons*.
Tap or click the name of the add-on you want to turn off, and then tap or click *Disable*.
Tap or click *OK*.
Restart Internet Explorer. Continue using Internet Explorer the same way you did when you received a crash report. If Internet Explorer continues to crash after disabling this add-on, continue with the next step.
Repeat these steps for each add-on listed. When you can no longer reproduce the problem, the most recently disabled add-on is the cause of the problem. Please report this add-on to us by using the survey at the bottom of this page to help us improve our error responses.
If Internet Explorer crashes with all of the add-ons turned off, then you need to reset Internet Explorer:
Reset Internet Explorer settings
By resetting Internet Explorer settings, you return it to the state it was in when it was first installed on your computer. This is useful for troubleshooting problems that might be caused by settings that were changed after installation. When you restore Internet Explorer's default settings, some webpages that rely on previously stored cookies, form data, passwords, or previously installed browser add-ons might not work correctly. Resetting Internet Explorer to its default settings does not delete your favorites, RSS feeds, and a few other personalized settings. The following table describes what will happen to various settings when you reset Internet Explorer.
Settings categories​Items affected​Settings that are deleted

Browser history, temporary Internet files, cookies, form data, and stored passwords
Typed URL information, offline webpages, menu extensions
Websites added to intranet, trusted, or restricted zones
Websites added for special cookie handling under the Privacy tab
Websites allowed to use pop-ups under Pop-up Blocker settings
Explorer most recently used list
Settings that are reset to Windows or manufacturer defaults
Home page
Search providers, tabbed browsing settings
Colors, languages, fonts and accessibility settings (General tab)
Security settings for all zones (Security tab)
Advanced tab settings
Privacy tab settings
Pop-up blocker, AutoComplete, Phishing Filter, and Zoom settings
Page setup, toolbar, and text size settings
Feeds settings (sync and notification, not feeds themselves)
ActiveX controls that are not on the pre-approved list (reset to opt-in state)
Toolbars, browser helper objects, and browser extensions are disabled
Settings and items that are maintained
Favorites
Feeds
Content Advisor settings
Pre-approved ActiveX controls
Temporary Internet file (cache) path settings
Certificate information
Internet Programs (e‑mail, instant messenger, and other programs associated with Internet use)
Internet connection, proxy, and VPN settings
Default web browser setting
*Steps to reset Internet Explorer settings*

In Internet Explorer 7 or 8, do the following:
Close all Internet Explorer windows.
Click *Start*, and then click *Control Panel*.
Click *Network and Internet Connections*, and then click *Internet Options*.
Click the *Advanced* tab.
Under *Reset Internet Explorer settings*, click *Reset*.
Click *Reset*, click *Close*, and then click *OK*.
Restart Internet Explorer.
In Internet Explorer 6, do the following:
Close all Internet Explorer windows.
Click *Start*, and then click *Control Panel*.
Click *Network and Internet Connections*, and then click *Internet Options*.
Click the *Advanced* tab, and then click *Restore Defaults*.
Restart Internet Explorer.


If you are using Yahoo! Toolbar, download a fix.
If you are using the Yahoo! Toolbar, a fix has been released to help prevent the problem you have experienced. Go to the Yahoo! Toolbar website online and click *Download the Yahoo! Toolbar*.


----------



## Rena30 (Jan 19, 2013)

DDS (Ver_2012-11-20.01) - FAT32_x86 
Internet Explorer: 8.0.6001.18702
Run by Sarena Hurt at 17:45:08 on 2013-03-21
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1614 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [PowerKey] "c:\program files\launch manager\PowerKey.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363637986812
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363638390578
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 66.82.4.8
TCP: Interfaces\{9EFD5CEC-3694-4642-B57D-2C4734E89E5B} : DHCPNameServer = 66.82.4.8
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKslaba5015c;MpKslaba5015c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36bf6c29-d28a-4221-a3b8-fa26bf8cf8be}\MpKslaba5015c.sys [2013-3-21 29904]
R3 POWERKEY;POWERKEY;c:\program files\launch manager\POWERKEY.SYS [2013-3-17 2343]
S1 mailKmd;mailKmd; [x]
.
=============== Created Last 30 ================
.
2013-03-21 18:05:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36bf6c29-d28a-4221-a3b8-fa26bf8cf8be}\MpKslaba5015c.sys
2013-03-21 17:52:28 -------- d-----w- c:\documents and settings\sarena hurt\local settings\application data\Adobe
2013-03-20 20:29:32 -------- d-sh--w- c:\documents and settings\sarena hurt\IECompatCache
2013-03-19 01:52:11 63488 ------w- c:\program files\internet explorer\mui\041e\browselc.dll
2013-03-19 01:52:11 48128 ------w- c:\program files\internet explorer\mui\041e\inetres.dll
2013-03-19 01:52:10 56832 ------w- c:\program files\internet explorer\mui\041e\mshtmler.dll
2013-03-19 01:52:09 2479616 ------w- c:\program files\internet explorer\mui\041e\msoeres.dll
2013-03-19 01:52:08 549376 ------w- c:\program files\internet explorer\mui\041e\shdoclc.dll
2013-03-19 01:52:08 249856 ------w- c:\program files\internet explorer\mui\041e\wab32res.dll
2013-03-19 01:52:07 249856 ------w- c:\program files\common files\system\mui\041e\wab32res.dll
2013-03-19 01:50:58 1737856 ------w- c:\windows\system32\mtxparhd.dll
2013-03-19 01:50:55 4274816 ------w- c:\windows\system32\nv4_disp.dll
2013-03-19 01:50:55 397056 ------w- c:\windows\system32\s3gnb.dll
2013-03-19 01:50:54 73832 ------w- c:\windows\system32\slcoinst.dll
2013-03-19 01:50:52 286792 ------w- c:\windows\system32\slextspk.dll
2013-03-19 01:50:51 188508 ------w- c:\windows\system32\slgen.dll
2013-03-19 01:50:50 73796 ------w- c:\windows\system32\slserv.exe
2013-03-19 01:50:50 32866 ------w- c:\windows\system32\slrundll.exe
2013-03-19 01:50:48 28672 ------w- c:\windows\system32\vidcap.ax
2013-03-19 01:50:47 32866 ------w- c:\windows\slrundll.exe
2013-03-19 01:22:38 -------- d-----w- c:\windows\ServicePackFiles
2013-03-19 01:20:07 19528 ----a-w- c:\windows\000001_.tmp
2013-03-19 01:16:43 -------- d-----w- c:\windows\EHome
2013-03-18 21:52:38 6954968 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36bf6c29-d28a-4221-a3b8-fa26bf8cf8be}\mpengine.dll
2013-03-18 21:52:38 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-18 21:28:23 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-18 21:00:23 -------- d--h--w- c:\windows\$hf_mig$
2013-03-18 20:44:10 -------- d-----w- c:\program files\Microsoft Download Manager
2013-03-18 20:17:00 -------- d-sh--w- c:\documents and settings\sarena hurt\PrivacIE
2013-03-18 20:16:16 -------- d-sh--w- c:\documents and settings\sarena hurt\IETldCache
2013-03-18 20:13:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-03-18 20:12:41 -------- d--h--w- c:\windows\ie8
2013-03-18 20:05:48 -------- d-sh--w- C:\Recycled
2013-03-18 16:05:00 -------- d-----w- c:\documents and settings\sarena hurt\local settings\application data\Help
2013-03-18 00:09:32 -------- d-sh--w- c:\documents and settings\sarena hurt\UserData
2013-03-17 23:52:50 -------- d-----w- c:\documents and settings\sarena hurt\application data\Acer
2013-03-17 23:52:47 -------- d-----w- c:\documents and settings\all users\application data\Acer
2013-03-17 23:52:46 4392 ----a-w- c:\windows\system32\drivers\NdisFilt.sys
2013-03-17 23:52:43 4010 ----a-w- c:\windows\system32\drivers\osanbm.sys
2013-03-17 23:52:43 12106 ----a-w- c:\windows\system32\drivers\OsaFsLoc.sys
2013-03-17 23:52:42 7296 ----a-w- c:\windows\system32\drivers\osaio.sys
2013-03-17 23:51:10 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2013-03-17 23:50:39 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2013-03-17 23:50:39 -------- d-----w- C:\Acer
2013-03-17 23:50:05 9867 ----a-w- c:\windows\system32\drivers\HOTKEY.sys
2013-03-17 23:50:04 -------- d-----w- c:\program files\Launch Manager
2013-03-17 23:49:16 147456 ----a-w- c:\windows\UNINST32.EXE
2013-03-17 23:49:02 997376 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2013-03-17 23:49:02 114688 ----a-w- c:\windows\system32\UCI32102.dll
.
==================== Find3M ====================
.
2013-01-20 21:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:48:32.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2013 5:47:39 PM
System Uptime: 3/21/2013 12:04:57 PM (5 hours ago)
.
Motherboard: Acer | | Garda-910 
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 179/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 16 GiB total, 7.489 GiB free.
D: is FIXED (FAT32) - 18 GiB total, 17.178 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/17/2013 5:47:41 PM - System Checkpoint
RP2: 3/17/2013 5:50:04 PM - Installed Launch Manager V1.0.9.3
RP3: 3/17/2013 5:50:39 PM - Installed Acer ePower Management
RP4: 3/17/2013 5:51:09 PM - Installed eRecovery
RP5: 3/17/2013 5:52:37 PM - Installed Acer Empowering Technology framework
RP6: 3/17/2013 5:53:12 PM - Installed Acer eSettings Management
RP7: 3/17/2013 5:53:41 PM - Installed eDataSecurity
RP8: 3/17/2013 5:54:28 PM - Installed Acer eLock Management
RP9: 3/17/2013 5:55:01 PM - Installed Acer ePerformance Management
RP10: 3/18/2013 2:13:30 PM - Installed Windows Internet Explorer 8.
RP11: 3/18/2013 2:44:09 PM - Installed Microsoft Download Manager
RP12: 3/18/2013 3:01:14 PM - Installed Windows XP KB914882.
RP13: 3/18/2013 3:19:02 PM - Installed Windows Installer KB893803v2.
RP14: 3/18/2013 7:20:15 PM - Installed Windows XP Service Pack 2.
RP15: 3/20/2013 2:53:07 PM - System Checkpoint
RP16: 3/21/2013 12:01:36 PM - Removed Adobe Reader 7.0
RP17: 3/21/2013 12:01:46 PM - Installed Adobe Reader 9.5.0.
.
==== Installed Programs ======================
.
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.21
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Adobe Reader 9.5.0
Intel(R) Graphics Media Accelerator Driver for Mobile
Launch Manager V1.0.9.3
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Security Client
Microsoft Security Essentials
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerDVD
Realtek AC'97 Audio
Soft Data Fax Modem with SmartCP
SoftV90 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Update for Windows XP (KB914882)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
3/21/2013 12:15:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.2079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/21/2013 11:55:35 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/21/2013 11:55:35 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Adobe\AIH.3f224cb1da7cf8e681c1ba9b2c1c1c92bb238c79\gdrcheck.exe. Reference error message: The operation completed successfully. .
3/21/2013 11:55:35 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/21/2013 11:47:33 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.2079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/20/2013 12:09:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.2079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/20/2013 11:07:52 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.2079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/20/2013 10:16:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.2079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/18/2013 3:29:42 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/18/2013 3:29:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/18/2013 3:02:36 PM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The process cannot access the file because it is being used by another process.
3/18/2013 11:16:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
3/18/2013 11:15:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


----------



## Rena30 (Jan 19, 2013)

Here is the Adware log

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 18:12:21
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Sarena Hurt - ACER-684C9A655D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sarena Hurt\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [1332 octets] - [21/03/2013 18:12:21]
########## EOF - C:\AdwCleaner[S1].txt - [1392 octets] ##########


----------



## Rena30 (Jan 19, 2013)

Here is the Rouge Killer Log

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Sarena Hurt [Admin rights]
Mode : Scan -- Date : 03/21/2013 18:49:13
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : preload (C:\WINDOWS\RUNXMLPL.EXE) [-] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\ACER.SCR) [-] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys [-] --> FOUND
[Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys [-] --> FOUND
[Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys [-] --> FOUND
[Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys [-] --> FOUND
[Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys [-] --> FOUND
[Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys [-] --> FOUND
[Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys [-] --> FOUND
[Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys [-] --> FOUND
[Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys [-] --> FOUND
[Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys [-] --> FOUND
[Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys [-] --> FOUND
[Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys [-] --> FOUND
[Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys [-] --> FOUND
[Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys [-] --> FOUND
[Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys [-] --> FOUND
[Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys [-] --> FOUND
[Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys [-] --> FOUND
[Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys [-] --> FOUND
[Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys [-] --> FOUND
[Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys [-] --> FOUND
[Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys [-] --> FOUND
[Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys [-] --> FOUND
[Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys [-] --> FOUND
[Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys [-] --> FOUND
[Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys [-] --> FOUND
[Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys [-] --> FOUND
[Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys [-] --> FOUND
[Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys [-] --> FOUND
[Faked.Drv][FILE] SISAGP.SYS : C:\WINDOWS\system32\drivers\SISAGP.SYS [-] --> FOUND
[Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys [-] --> FOUND
[Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys [-] --> FOUND
[Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys [-] --> FOUND
[Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys [-] --> FOUND
[Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys [-] --> FOUND
[Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys [-] --> FOUND
[Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys [-] --> FOUND
[Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys [-] --> FOUND
[Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys [-] --> FOUND
[Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys [-] --> FOUND
[Faked.Drv][FILE] VIAAGP.SYS : C:\WINDOWS\system32\drivers\VIAAGP.SYS [-] --> FOUND
[Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys [-] --> FOUND
[Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys [-] --> FOUND
[Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys [-] --> FOUND
[Faked.Drv][FILE] intelide.sys : C:\WINDOWS\system32\drivers\intelide.sys [-] --> FOUND
[Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys [-] --> FOUND
[Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys [-] --> FOUND
[Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys [-] --> FOUND
[Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys [-] --> FOUND
[Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys [-] --> FOUND
[Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys [-] --> FOUND
[Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys [-] --> FOUND
[Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys [-] --> FOUND
[Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys [-] --> FOUND
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys [-] --> FOUND
[Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys [-] --> FOUND
[Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys [-] --> FOUND
[Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys [-] --> FOUND
[Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys [-] --> FOUND
[Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys [-] --> FOUND
[Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys [-] --> FOUND
[Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys [-] --> FOUND
[Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys [-] --> FOUND
[Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys [-] --> FOUND
[Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys [-] --> FOUND
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys [-] --> FOUND
[Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys [-] --> FOUND
[Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys [-] --> FOUND
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> FOUND
[Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys [-] --> FOUND
[Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys [-] --> FOUND
[Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys [-] --> FOUND
[Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys [-] --> FOUND
[Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys [-] --> FOUND
[Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys [-] --> FOUND
[Faked.Drv][FILE] AGPCPQ.SYS : C:\WINDOWS\system32\drivers\AGPCPQ.SYS [-] --> FOUND
[Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys [-] --> FOUND
[Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys [-] --> FOUND
[Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys [-] --> FOUND
[Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys [-] --> FOUND
[Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys [-] --> FOUND
[Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys [-] --> FOUND
[Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys [-] --> FOUND
[Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys [-] --> FOUND
[Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys [-] --> FOUND
[Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys [-] --> FOUND
[Faked.Drv][FILE] srv.sys : C:\WINDOWS\system32\drivers\srv.sys [-] --> FOUND
[Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys [-] --> FOUND
[Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys [-] --> FOUND
[Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys [-] --> FOUND
[Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys [-] --> FOUND
[Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys [-] --> FOUND
[Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys [-] --> FOUND
[Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys [-] --> FOUND
[Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys [-] --> FOUND
[Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys [-] --> FOUND
[Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys [-] --> FOUND
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys [-] --> FOUND
[Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys [-] --> FOUND
[Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys [-] --> FOUND
[Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys [-] --> FOUND
[Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys [-] --> FOUND
[Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys [-] --> FOUND
[Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys [-] --> FOUND
[Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys [-] --> FOUND
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys [-] --> FOUND
[Faked.Drv][FILE] AGP440.SYS : C:\WINDOWS\system32\drivers\AGP440.SYS [-] --> FOUND
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys [-] --> FOUND
[Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys [-] --> FOUND
[Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys [-] --> FOUND
[Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys [-] --> FOUND
[Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys [-] --> FOUND
[Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys [-] --> FOUND
[Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys [-] --> FOUND
[Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys [-] --> FOUND
[Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys [-] --> FOUND
[Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys [-] --> FOUND
[Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys [-] --> FOUND
[Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys [-] --> FOUND
[Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys [-] --> FOUND
[Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys [-] --> FOUND
[Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys [-] --> FOUND
[Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys [-] --> FOUND
[Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys [-] --> FOUND
[Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys [-] --> FOUND
[Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys [-] --> FOUND
[Faked.Drv][FILE] ohci1394.sys : C:\WINDOWS\system32\drivers\ohci1394.sys [-] --> FOUND
[Faked.Drv][FILE] 1394bus.sys : C:\WINDOWS\system32\drivers\1394bus.sys [-] --> FOUND
[Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys [-] --> FOUND
[Faked.Drv][FILE] toside.sys : C:\WINDOWS\system32\drivers\toside.sys [-] --> FOUND
[Faked.Drv][FILE] usbstor.sys : C:\WINDOWS\system32\drivers\usbstor.sys [-] --> FOUND
[Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys [-] --> FOUND
[Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys [-] --> FOUND
[Faked.Drv][FILE] sparrow.sys : C:\WINDOWS\system32\drivers\sparrow.sys [-] --> FOUND
[Faked.Drv][FILE] adpu160m.sys : C:\WINDOWS\system32\drivers\adpu160m.sys [-] --> FOUND
[Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys [-] --> FOUND
[Faked.Drv][FILE] perc2hib.sys : C:\WINDOWS\system32\drivers\perc2hib.sys [-] --> FOUND
[Faked.Drv][FILE] aic78xx.sys : C:\WINDOWS\system32\drivers\aic78xx.sys [-] --> FOUND
[Faked.Drv][FILE] aha154x.sys : C:\WINDOWS\system32\drivers\aha154x.sys [-] --> FOUND
[Faked.Drv][FILE] CmBatt.sys : C:\WINDOWS\system32\drivers\CmBatt.sys [-] --> FOUND
[Faked.Drv][FILE] dpti2o.sys : C:\WINDOWS\system32\drivers\dpti2o.sys [-] --> FOUND
[Faked.Drv][FILE] aic78u2.sys : C:\WINDOWS\system32\drivers\aic78u2.sys [-] --> FOUND
[Faked.Drv][FILE] battc.sys : C:\WINDOWS\system32\drivers\battc.sys [-] --> FOUND
[Faked.Drv][FILE] cpqarray.sys : C:\WINDOWS\system32\drivers\cpqarray.sys [-] --> FOUND
[Faked.Drv][FILE] symc810.sys : C:\WINDOWS\system32\drivers\symc810.sys [-] --> FOUND
[Faked.Drv][FILE] compbatt.sys : C:\WINDOWS\system32\drivers\compbatt.sys [-] --> FOUND
[Faked.Drv][FILE] cd20xrnt.sys : C:\WINDOWS\system32\drivers\cd20xrnt.sys [-] --> FOUND
[Faked.Drv][FILE] hpn.sys : C:\WINDOWS\system32\drivers\hpn.sys [-] --> FOUND
[Faked.Drv][FILE] GAGP30KX.SYS : C:\WINDOWS\system32\drivers\GAGP30KX.SYS [-] --> FOUND
[Faked.Drv][FILE] perc2.sys : C:\WINDOWS\system32\drivers\perc2.sys [-] --> FOUND
[Faked.Drv][FILE] sym_hi.sys : C:\WINDOWS\system32\drivers\sym_hi.sys [-] --> FOUND
[Faked.Drv][FILE] fetnd5.sys : C:\WINDOWS\system32\drivers\fetnd5.sys [-] --> FOUND
[Faked.Drv][FILE] symc8xx.sys : C:\WINDOWS\system32\drivers\symc8xx.sys [-] --> FOUND
[Faked.Drv][FILE] sym_u3.sys : C:\WINDOWS\system32\drivers\sym_u3.sys [-] --> FOUND
[Faked.Drv][FILE] enum1394.sys : C:\WINDOWS\system32\drivers\enum1394.sys [-] --> FOUND
[Faked.Drv][FILE] ql10wnt.sys : C:\WINDOWS\system32\drivers\ql10wnt.sys [-] --> FOUND
[Faked.Drv][FILE] ql1080.sys : C:\WINDOWS\system32\drivers\ql1080.sys [-] --> FOUND
[Faked.Drv][FILE] nscirda.sys : C:\WINDOWS\system32\drivers\nscirda.sys [-] --> FOUND
[Faked.Drv][FILE] ql1240.sys : C:\WINDOWS\system32\drivers\ql1240.sys [-] --> FOUND
[Faked.Drv][FILE] ql12160.sys : C:\WINDOWS\system32\drivers\ql12160.sys [-] --> FOUND
[Faked.Drv][FILE] irda.sys : C:\WINDOWS\system32\drivers\irda.sys [-] --> FOUND
[Faked.Drv][FILE] ql1280.sys : C:\WINDOWS\system32\drivers\ql1280.sys [-] --> FOUND
[Faked.Drv][FILE] i2omgmt.sys : C:\WINDOWS\system32\drivers\i2omgmt.sys [-] --> FOUND
[Faked.Drv][FILE] rasirda.sys : C:\WINDOWS\system32\drivers\rasirda.sys [-] --> FOUND
[Faked.Drv][FILE] mraid35x.sys : C:\WINDOWS\system32\drivers\mraid35x.sys [-] --> FOUND
[Faked.Drv][FILE] i2omp.sys : C:\WINDOWS\system32\drivers\i2omp.sys [-] --> FOUND
[Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys [-] --> FOUND
[Faked.Drv][FILE] dac2w2k.sys : C:\WINDOWS\system32\drivers\dac2w2k.sys [-] --> FOUND
[Faked.Drv][FILE] dac960nt.sys : C:\WINDOWS\system32\drivers\dac960nt.sys [-] --> FOUND
[Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys [-] --> FOUND
[Faked.Drv][FILE] asc3550.sys : C:\WINDOWS\system32\drivers\asc3550.sys [-] --> FOUND
[Faked.Drv][FILE] asc.sys : C:\WINDOWS\system32\drivers\asc.sys [-] --> FOUND
[Faked.Drv][FILE] asc3350p.sys : C:\WINDOWS\system32\drivers\asc3350p.sys [-] --> FOUND
[Faked.Drv][FILE] ABP480N5.SYS : C:\WINDOWS\system32\drivers\ABP480N5.SYS [-] --> FOUND
[Faked.Drv][FILE] amsint.sys : C:\WINDOWS\system32\drivers\amsint.sys [-] --> FOUND
[Faked.Drv][FILE] ini910u.sys : C:\WINDOWS\system32\drivers\ini910u.sys [-] --> FOUND
[Faked.Drv][FILE] aliide.sys : C:\WINDOWS\system32\drivers\aliide.sys [-] --> FOUND
[Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys [-] --> FOUND
[Faked.Drv][FILE] ultra.sys : C:\WINDOWS\system32\drivers\ultra.sys [-] --> FOUND
[Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys [-] --> FOUND
[Faked.Drv][FILE] viaide.sys : C:\WINDOWS\system32\drivers\viaide.sys [-] --> FOUND
[Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys [-] --> FOUND
[Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys [-] --> FOUND
[Faked.Drv][FILE] cmdide.sys : C:\WINDOWS\system32\drivers\cmdide.sys [-] --> FOUND
[Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys [-] --> FOUND
[Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys [-] --> FOUND
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys [-] --> FOUND
[Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys [-] --> FOUND
[Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys [-] --> FOUND
[Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys [-] --> FOUND
[Faked.Drv][FILE] ALIM1541.SYS : C:\WINDOWS\system32\drivers\ALIM1541.SYS [-] --> FOUND
[Faked.Drv][FILE] AMDAGP.SYS : C:\WINDOWS\system32\drivers\AMDAGP.SYS [-] --> FOUND
[Faked.Drv][FILE] wmiacpi.sys : C:\WINDOWS\system32\drivers\wmiacpi.sys [-] --> FOUND
[Faked.Drv][FILE] Rtlnicxp.sys : C:\WINDOWS\system32\drivers\Rtlnicxp.sys [-] --> FOUND
[Faked.Drv][FILE] BCMWL5.SYS : C:\WINDOWS\system32\drivers\BCMWL5.SYS [-] --> FOUND
[Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys [-] --> FOUND
[Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys [-] --> FOUND
[Faked.Drv][FILE] usbuhci.sys : C:\WINDOWS\system32\drivers\usbuhci.sys [-] --> FOUND
[Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys [-] --> FOUND
[Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys [-] --> FOUND
[Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys [-] --> FOUND
[Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys [-] --> FOUND
[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys [-] --> FOUND
[Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys [-] --> FOUND
[Faked.Drv][FILE] MSPCLOCK.sys : C:\WINDOWS\system32\drivers\MSPCLOCK.sys [-] --> FOUND
[Faked.Drv][FILE] MSPQM.sys : C:\WINDOWS\system32\drivers\MSPQM.sys [-] --> FOUND
[Faked.Drv][FILE] MSKSSRV.sys : C:\WINDOWS\system32\drivers\MSKSSRV.sys [-] --> FOUND
[Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys [-] --> FOUND
[Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys [-] --> FOUND
[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> FOUND
[Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys [-] --> FOUND
[Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys [-] --> FOUND
[Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys [-] --> FOUND
[Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys [-] --> FOUND
[Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_DP.sys : C:\WINDOWS\system32\drivers\HSF_DP.sys [-] --> FOUND
[Faked.Drv][FILE] pfc.sys : C:\WINDOWS\system32\drivers\pfc.sys [-] --> FOUND
[Faked.Drv][FILE] ialmnt5.sys : C:\WINDOWS\system32\drivers\ialmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] SynTP.sys : C:\WINDOWS\system32\drivers\SynTP.sys [-] --> FOUND
[Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys [-] --> FOUND
[Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys [-] --> FOUND
[Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys [-] --> FOUND
[Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys [-] --> FOUND
[Faked.Drv][FILE] ALCXWDM.SYS : C:\WINDOWS\system32\drivers\ALCXWDM.SYS [-] --> FOUND
[Faked.Drv][FILE] UBHelper.sys : C:\WINDOWS\system32\drivers\UBHelper.sys [-] --> FOUND
[Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys [-] --> FOUND
[Faked.Drv][FILE] ar5211.sys : C:\WINDOWS\system32\drivers\ar5211.sys [-] --> FOUND
[Faked.Drv][FILE] HOTKEY.sys : C:\WINDOWS\system32\drivers\HOTKEY.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_CNXT.sys : C:\WINDOWS\system32\drivers\HSF_CNXT.sys [-] --> FOUND
[Faked.Drv][FILE] HSFHWICH.sys : C:\WINDOWS\system32\drivers\HSFHWICH.sys [-] --> FOUND
[Faked.Drv][FILE] HSF_DPV.sys : C:\WINDOWS\system32\drivers\HSF_DPV.sys [-] --> FOUND
[Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys [-] --> FOUND
[Faked.Drv][FILE] epm-psd.sys : C:\WINDOWS\system32\drivers\epm-psd.sys [-] --> FOUND
[Faked.Drv][FILE] epm-shd.sys : C:\WINDOWS\system32\drivers\epm-shd.sys [-] --> FOUND
[Faked.Drv][FILE] osaio.sys : C:\WINDOWS\system32\drivers\osaio.sys [-] --> FOUND
[Faked.Drv][FILE] osanbm.sys : C:\WINDOWS\system32\drivers\osanbm.sys [-] --> FOUND
[Faked.Drv][FILE] OsaFsLoc.sys : C:\WINDOWS\system32\drivers\OsaFsLoc.sys [-] --> FOUND
[Faked.Drv][FILE] NdisFilt.sys : C:\WINDOWS\system32\drivers\NdisFilt.sys [-] --> FOUND
[Faked.Drv][FILE] NETMNT.sys : C:\WINDOWS\system32\drivers\NETMNT.sys [-] --> FOUND
[Faked.Drv][FILE] fltMgr.sys : C:\WINDOWS\system32\drivers\fltMgr.sys [-] --> FOUND
[Faked.Drv][FILE] MpFilter.sys : C:\WINDOWS\system32\drivers\MpFilter.sys [-] --> FOUND
[Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys [-] --> FOUND
[Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys [-] --> FOUND
[Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys [-] --> FOUND
[Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys [-] --> FOUND
[Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys [-] --> FOUND
[Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys [-] --> FOUND
[Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys [-] --> FOUND
[Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys [-] --> FOUND
[Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys [-] --> FOUND
[Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys [-] --> FOUND
[Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys [-] --> FOUND
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys [-] --> FOUND
[Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys [-] --> FOUND
[Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys [-] --> FOUND
[Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys [-] --> FOUND
[Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys [-] --> FOUND
[Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys [-] --> FOUND
[Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys [-] --> FOUND
[Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys [-] --> FOUND
[Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys [-] --> FOUND
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys [-] --> FOUND
[Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys [-] --> FOUND
[Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys [-] --> FOUND
[Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys [-] --> FOUND
[Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys [-] --> FOUND
[Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys [-] --> FOUND
[Faked.Drv][FILE] bthusb.sys : C:\WINDOWS\system32\drivers\bthusb.sys [-] --> FOUND
[Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys [-] --> FOUND
[Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys [-] --> FOUND
[Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys [-] --> FOUND
[Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys [-] --> FOUND
[Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys [-] --> FOUND
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys [-] --> FOUND
[Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys [-] --> FOUND
[Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys [-] --> FOUND
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys [-] --> FOUND
[Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys [-] --> FOUND
[Faked.Drv][FILE] TrueSight.sys : C:\WINDOWS\system32\drivers\TrueSight.sys [-] --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] e4e2811d5bb93111c3ab227b8f3278d4
[BSP] afd663b62beb710eabd66cab9e298a9d : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3200 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6554520 | Size: 16872 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 41110335 | Size: 18128 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03212013_02d1849.txt >>
RKreport[1]_S_03212013_02d1849.txt


----------



## Mark1956 (May 7, 2011)

I think we now have to be looking at a hardware fault. The thread is so big now it would take a long time to look back at what was tried earlier so if you have already done this please let me know. This test below will check the hard drive, I will follow this, if it passes, with a memory test (have we done that before?).

I would recommend you use a fully functional PC to create the CD.

Open Internet Explorer and click on this: Seatools

Save the download to your desktop.

In Windows 7 right click the ISO file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program and start the application. Select the top left hand option to *Write image file to disc* and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

You will need a blank recordable CD or a re-recordable CD. You cannot use this software on a USB flash drive.

When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test.

A full set of instructions can be found here: Seatools instructions

When the test completes it will show a Pass or Fail.


----------



## Rena30 (Jan 19, 2013)

read post #224 on page 15. I think we did it before but I didnt use a cd last time.


----------



## Mark1956 (May 7, 2011)

As we are getting low on tests to run I think it would be worth doing the test from a CD as it can examine the drive while it is not in use and should give a more accurate diagnosis. If it passes again run this test:

Download Memtest86+ from here
If you wish to run the test from a USB flash drive use this link Auto installer for USB key
When the download is complete right click the file and select Extract Here and burn the image to a CD.

In windows 7 right click the extracted file, select *Open With*, then select *Windows Disc Image Burning Tool* then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn 
Install the program and start the application. Select the top left hand option to *Write image file to disk* and then on the next window click on the small yellow folder icon and browse to the ISO file you have downloaded. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Testing


Boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence.
Insert the disk in the drive then reboot and the disc will load into dos.
Leave the test to run through* at least 8 passes* or until it is showing some errors.
If errors show in the test, stop the test and remove all but one of your RAM sticks then start the test again. Repeat the test on each stick until you find the one that is faulty.

*NOTE:* This is a long slow test and for convenience should ideally be run overnight.

The memtest will not be 100% accurate but should easily detect any major faults.


----------



## Rena30 (Jan 19, 2013)

Ok so I should follow the instructions in post number 261 and then the instructions from post 263? 
I am getting a message at the top of my screen saying "This website wants to run asdd-on Adobe Flash Player," what should I do?
Also I do not have another computer to use Qoute from #261
"I would recommend you use a fully functional PC to create the CD."?


----------



## Mark1956 (May 7, 2011)

Ahh yes, that has just reminded me, you had a problem with burning the SP3 CD. Lets try it again with the Seatools CD and see how it goes.

Try Seatools first and if it passes try the Memtest. Memtest can also be run from a Flash Drive/USB Key if you have one.


----------



## Rena30 (Jan 19, 2013)

While trying to burn the cd I received an Error Message: 
Verify failed: Reasons Layouts do not match.


----------



## Mark1956 (May 7, 2011)

That confirms there is a problem with your CD drive.

Have you got a Flash Drive or can you borrow one to run the Memtest?


----------



## Rena30 (Jan 19, 2013)

What is a flash drive and how do I know if I have it? I do not know anyone to borrow anything computer related from.


----------



## Mark1956 (May 7, 2011)

If you don't know what one is then you are unlikely to have one, they are also known as a memory stick, thumb drive or USB drive and look something like this: http://www.google.co.uk/imgres?q=fl...tbnh=185&tbnw=175&start=0&ndsp=22&tx=98&ty=75

Without the ability to burn CD's, no Flash Drive and no Windows XP disc we are now very limited to what else we can use to try and find out what is wrong with the PC, but I am becoming convinced it is a hardware fault after what we have already tried. As the hard drive has already been tested from within Windows there is only a slim chance that running the same test from a CD would produce a different result, but if it were my own system I would want to run it just to be sure. The other likely cause of all the problems is the RAM, but I would not want to suggest you replace it without running any tests to determine if a fault exists. There is also a possibility the motherboard is faulty, but there are no available tests that we can run to check it.

There is an item of software we can run which will check a few things we have not looked at. Run this test below and post the logs produced. My only concern with this is the instability of your system may stop it from running correctly, but it may show me something that might give a clue to the problem and there is now little else we can use.

*OCCT Instructions*


Go here: OCCT and click on the Download tab.
Scroll to the bottom of the page and click on the Installer.exe button and save the download to your desktop
Double click on the OCCT icon and allow it to install, on completion the program will run.
Click on the *CPU: OCCT* tab. Check the *Automatic* button, set the duration for 1 hour and leave the rest set at default. Click on the green ON button and leave the test to run. Make sure all programs and your browser are closed and do not use the PC during the test.
When the test ends click on the *OFF* button to close the software.
The Results window should open, if not open Documents > OCCT. You should find a folder with todays date on it. Zip the folder and send it as an attachment with your next post.
*NOTE*

If the test stops before the set time this will indicate it has detected a fault. The program will still save a results folder for you to post.

If the tabs for the PSU and GPU are greyed out it means your DirectX 9 version is too old. OCCT requires DirectX 9.
You can manually check it easily : just look for the file *d3dx9_37.dll* in the following folder C:\Windows\System32 
If it is not present, just download the latest Direct X9 Update for your OS and everything should run fine afterwards.

*How to send an attachment.*


Below the *Message Box* click on *Go Advanced*.
Scroll down until you see a button, *Manage Attachments*, click on it and a new window will open.
Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
Now click on the *Upload* button.
When you see the Upload has completed, click on the *Close this window* button at the bottom of the page.
Then type in any message you wish to add in the message box and click on *Submit Message/Reply.*


----------



## Rena30 (Jan 19, 2013)

Ok the test finished and a folder opened. Am I supposed to zip the folder and send it as an attachment or am I just supposed to attach and send each item?


----------



## Mark1956 (May 7, 2011)

Please zip it and send as an attachment as per the instructions.

As it completed and didn't crash that is a good sign, but I'd now like you to run it again. When the program opens check it is on the CPU:LINPAK tab, change the settings from Infinite to Automatic and click on the ON button and let it run. Post the new results folder. This test will stress the Memory.


----------



## Rena30 (Jan 19, 2013)

Ok, here is the first test result.


----------



## Mark1956 (May 7, 2011)

Ok, that all looks ok, post the next one when done.


----------



## Rena30 (Jan 19, 2013)

Here is the second log.


----------



## Mark1956 (May 7, 2011)

Ok, that test passed with no problems indicated. There are two more tests available using the GPU 3D and Power Supply tabs. Run both of the tests for 1 hour making sure that Automatic is checked and post the two reports.


----------



## Rena30 (Jan 19, 2013)

Here is the GPU3D test results.


----------



## Rena30 (Jan 19, 2013)

And here is the Power Supply test results.


----------



## Mark1956 (May 7, 2011)

Those other tests have also come up with no errors.

We have now reached a point where the only other tests that we can run require a reliable CD burner and other tests that also require a Flash Drive and a copy of Windows XP. Without any of those items your only other choice is to take the PC to a Computer Repairer.

At the moment my best guess would be a hard drive fault or bad memory.

Is there nobody you know who's PC you could use to burn the Seatools, Memtest86+ and SP3 discs?


----------



## Rena30 (Jan 19, 2013)

No there really isnt. My mother has a computer but she lives 40 miles from me. I will call around and see if I can find someone but Im pretty sure its a no go.


----------



## Rena30 (Jan 19, 2013)

What is NTI CD and DVD maker?
Can those images be burned on my computer if I don't have a cd burner?
What exactaly is a cd burner, cause I am not sure if my pc even has one?
Could that be why they are not burning correctly?


----------



## Rena30 (Jan 19, 2013)

I got it!!! I googled what the error message "Verified Failed" meant. I wasn't getting very far. But I read somewhere to change the speed to 4x. Well I went to imgburn and tried again, first I received the same eroor message. Then I said "what the heck" and I chaged the speed to 4x (it was set on AWS. Then I tried it and it worked!! I downloaded Seatools. I am going to run the test.


----------



## Mark1956 (May 7, 2011)

Ok, let us know what the result is. It isn't normally necessary to change the burn speed when using ImgBurn to create a CD but possibly you have an older CD burner which could not handle burning at higher speeds.

NTI CD and DVD maker are just items of software used to burn CD's and DVD's.

As you may have already figured a CD/DVD burner is your CD/DVD drive which has the ability to burn disks.

If the Seatools test passes then try the Memtest86+ which is a very similar process, but the test has to run for a lot longer, best to set it running and leave it overnight and see what the screen shows in the morning.


----------



## Rena30 (Jan 19, 2013)

Ok I went into BIOS setup and set the cd/dvd drive to 1st in boot, inserted the disk and rebooted. The disk loaded to DOS and I clicked on long test it will run for a few minutes and then the whole computer just shut off! I tried 4 different times.


----------



## Mark1956 (May 7, 2011)

Not sure what to conclude from that but it could indicate a problem with the RAM. When the test is running it uses the RAM to make it operate, I can't think of another reason for it to crash like that unless something is overheating, when it happened did you notice if the fan was running at high speed? 

As we are almost out of options and this is looking more like a hardware fault try burning and running the Memtest following the instructions I gave earlier.


----------



## Rena30 (Jan 19, 2013)

I thought maybe it was the fan to, so I waited and let it cool down completely. Then tried again but received the same results. I didn't notice the fan spinning faster though. Ok I will try the other test.


----------



## Mark1956 (May 7, 2011)

:up:


----------



## Rena30 (Jan 19, 2013)

What exactly does this mean?
Qoute: "If errors show in the test, stop the test and remove all but one of your RAM sticks then start the test again. Repeat the test on each stick until you find the one that is faulty."


----------



## Rena30 (Jan 19, 2013)

I do not have a ram stick.


----------



## Mark1956 (May 7, 2011)

You do have at least one RAM stick or your PC would be inoperable.

Have you run the test yet, if not please proceed and let me know how it goes, it is a long test so it is best set up to run and then left overnight.


----------



## Rena30 (Jan 19, 2013)

I tried to run Memtest and I encountered the same problem. The computer just shut completely off.
I am going to turn off my pc to let it cool down. When I get ready to go to bed I will try to run the test again and let you know something in the AM.


----------



## Mark1956 (May 7, 2011)

OK.


----------



## Rena30 (Jan 19, 2013)

Well I set the test to run last night. Got up to get me a drink and the computer had shut off. I got up this morning an tried again, it ran for about 15 minutes and then shut off again.


----------



## Mark1956 (May 7, 2011)

Quite strange why it should be doing that after it passed all the stress tests run with OCCT without crashing, may be a fault in the CD drive. Are you aware if your PC has built in diagnostics, if you are not sure Google the make and model number with the word diagnostics on the end and see if you can find any infomation on it. If you cannot find anything let me have the make and model number again and I'll see what I can find.


----------



## Rena30 (Jan 19, 2013)

I am not having much luck finding anything but it seems like I might have seen it before. I just can't recall where. It is an Acer TravelMate 2420 Model number MS2180. I will keep looking as well.


----------



## Mark1956 (May 7, 2011)

I've not been able to find anything and on the Acer site the Utilities available for that PC do not include a diagnostics program.

Please run this so I can see the error logs, it may just give some clues.

Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon









The window will open as shown below.

Click on each of the boxes as indicated in the list below, then click on the *GO* button.

Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•List last 10 Event Viewer Errors
•List Devices Check options for *Only Problems*
•List Users, Partitions and Memory size.
•List Minidump Files


----------



## Rena30 (Jan 19, 2013)

MiniToolBox by Farbar Version:05-03-2013
Ran by Sarena Hurt (administrator) on 27-03-2013 at 07:36:52
Running from "C:\Documents and Settings\Sarena Hurt\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/26/2013 02:15:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.50.2162.0, fault address 0x000098bd.
Processing media-specific event for [iexplore.exe!ws!]
Error: (03/24/2013 04:50:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/24/2013 04:50:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/24/2013 00:20:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9302.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Error: (03/24/2013 00:06:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9302.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Error: (03/23/2013 05:07:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/23/2013 05:07:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/23/2013 11:52:41 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.50.2162.0, fault address 0x000098bd.
Processing media-specific event for [iexplore.exe!ws!]
Error: (03/22/2013 06:52:32 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (03/27/2013 07:24:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.147.366.0
Update Source: %NT AUTHORITY59
Update Stage: 4.2.0223.00
Source Path: 4.2.0223.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (03/26/2013 11:01:15 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.147.366.0
Update Source: %NT AUTHORITY59
Update Stage: 4.2.0223.00
Source Path: 4.2.0223.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (03/25/2013 06:49:43 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.147.366.0
Update Source: %NT AUTHORITY59
Update Stage: 4.2.0223.00
Source Path: 4.2.0223.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (03/25/2013 06:19:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.147.366.0
Update Source: %NT AUTHORITY59
Update Stage: 4.2.0223.00
Source Path: 4.2.0223.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (03/25/2013 06:19:21 PM) (Source: 0) (User: )
Description: \Device\ACPIEC
Error: (03/25/2013 06:16:59 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 000AE4F910CC has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (03/25/2013 05:52:16 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qsvg4.dll.
Reference error message: The operation completed successfully.
.
Error: (03/25/2013 05:52:16 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/25/2013 05:52:16 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/25/2013 05:52:16 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll.
Reference error message: The operation completed successfully.
.

Microsoft Office Sessions:
=========================
Error: (03/26/2013 02:15:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.50.2162.0000098bd
Error: (03/24/2013 04:50:36 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (03/24/2013 04:50:36 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (03/24/2013 00:20:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.2.223.0timeout1.1.9302.0fixed1 _ 20485 _ not bootNILNILNIL
Error: (03/24/2013 00:06:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.2.223.0timeout1.1.9302.0fixed1 _ 20485 _ not bootNILNILNIL
Error: (03/23/2013 05:07:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (03/23/2013 05:07:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (03/23/2013 11:52:41 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.50.2162.0000098bd
Error: (03/22/2013 06:52:32 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

========================= Devices: ================================
Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5211
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================
Percentage of memory in use: 20%
Total physical RAM: 2038.42 MB
Available physical RAM: 1623.91 MB
Total Pagefile: 3930.34 MB
Available Pagefile: 3680.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.24 MB
========================= Partitions: =====================================
1 Drive c: (ACER) (Fixed) (Total:16.47 GB) (Free:6.05 GB) FAT32
2 Drive d: (ACERDATA) (Fixed) (Total:17.69 GB) (Free:17.17 GB) FAT32
========================= Users: ========================================
User accounts for \\ACER-684C9A655D
Administrator Guest HelpAssistant 
Sarena Hurt SUPPORT_388945a0 
========================= Minidump Files ==================================
No minidump file found

**** End of log ****


----------



## Mark1956 (May 7, 2011)

Nothing much in that log to give any clues as to the cause of the crashes, but it does show Internet Explorer and Microsoft Security Essentials have been experiencing problems. What ever the cause, it is not showing in the logs.

Unfortunately I think we have now reached a point where your PC needs to be looked at by a professional repairer in order to conduct more tests to determine what the problem is. Sorry that I have not been able to get this to a more satisfactory conclusion.

All we have been able to determine is that something is causing a major issue when you try to run a diagnostic disk in the CD drive which could be either the CD drive itself, a motherboard fault or faulty memory. Without being able to run the diagnostic disks to test the memory, or anything else, we can't go any further.


----------



## Rena30 (Jan 19, 2013)

Well thank you very much for all of your time. Unfortunately I do not have the funds to take it to a repair man so I will just continue to use it until it doesn't work anymore.
Would it still be worth a try to burn that service pack 3?
If by chance I ever get the tests to run, will I still be able to reach you through this post? 
Also is all this information safe here on this site?


----------



## Mark1956 (May 7, 2011)

You're most welcome and it is a shame when we have to give in, but there is only so much we can do from a distance.

You might get some improvement from running the SP3 disk as it will update XP, if you can get the disk to burn correctly and then run without the system crashing, in fact I would be interested to hear if it does work OK as that would eliminate the CD drive as a possible cause. Installing SP3 with the disk, as I said, might make some improvements, but it may be short lived as I believe this is a hardware problem.

If you do get the tests to run you can post back here at any time or if you click on my name in any of 
my posts you can select the option to send me a PM. I always remain subscribed to threads I have helped in so when you make a new post I get notified by email.

There is no personal or security information displayed in any of the posts only what software is on your system.

I wish you the best of luck.


----------



## Rena30 (Jan 19, 2013)

Ok, well I will keep you informed. Again thanks alot!!


----------



## Mark1956 (May 7, 2011)

I look forward to hearing from you in due course.


----------



## Rena30 (Jan 19, 2013)

Well I tried to burn the xp3 cd with no luck. I received a totally different error. I took a screen shot of the error and posted the imgburn log. Just in hopes that it might give you some kind of clue. If not well it was worth a try.

I 08:36:49 ImgBurn Version 2.5.7.0 started!
I 08:36:49 Microsoft Windows XP Home Edition (5.1, Build 2600 : Service Pack 2)
I 08:36:49 Total Physical Memory: 2,087,344 KB - Available: 1,593,424 KB
W 08:36:49 Drive C:\ (FAT32) does not support single files > 4 GB in size.
W 08:36:49 Drive D:\ (FAT32) does not support single files > 4 GB in size.
I 08:36:49 Initialising SPTI...
I 08:36:49 Searching for SCSI / ATAPI devices...
I 08:36:50 -> Drive 1 - Info: PHILIPS CDRW/DVD SCB5265 TX11 (E (ATA)
I 08:36:50 Found 1 DVD-ROM/CD-RW!
I 08:38:11 Operation Started!
I 08:38:11 Source File: C:\Documents and Settings\Sarena Hurt\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
I 08:38:11 Source File Sectors: 278,966 (MODE1/2048)
I 08:38:11 Source File Size: 571,322,368 bytes
I 08:38:11 Source File Volume Identifier: GRTMUPD_EN
I 08:38:11 Source File Volume Set Identifier: GRTMUPD_EN
I 08:38:11 Source File Application Identifier: CDIMAGE 2.52 (03/09/2004 TM)
I 08:38:11 Source File File System(s): ISO9660
I 08:38:11 Destination Device: [0:1:0] PHILIPS CDRW/DVD SCB5265 TX11 (E (ATA)
I 08:38:11 Destination Media Type: CD-RW (Disc ID: 97m26s65f, CMC Magnetics Corp.)
I 08:38:11 Destination Media Supported Write Speeds: 4x, 10x
I 08:38:11 Destination Media Sectors: 359,847
I 08:38:11 Write Mode: CD
I 08:38:11 Write Type: SAO
I 08:38:11 Write Speed: 4x
I 08:38:11 Lock Volume: Yes
I 08:38:11 Test Mode: No
I 08:38:11 OPC: No
I 08:38:11 BURN-Proof: Enabled
I 08:38:11 Write Speed Successfully Set! - Effective: 705 KB/s (4x)
I 08:38:11 Filling Buffer... (80 MB)
I 08:38:14 Writing LeadIn...
I 08:38:56 Writing Session 1 of 1... (1 Track, LBA: 0 - 278965)
I 08:38:56 Writing Track 1 of 1... (MODE1/2048, LBA: 0 - 278965)
I 08:54:20 Synchronising Cache...
I 08:55:03 Exporting Graph Data...
I 08:55:04 Graph Data File: C:\Documents and Settings\Sarena Hurt\Application Data\ImgBurn\Graph Data Files\PHILIPS_CDRW-DVD_SCB5265_TX11_THURSDAY-MARCH-28-2013_8-38_AM_97m26s65f_4x.ibg
I 08:55:04 Export Successfully Completed!
I 08:55:04 Operation Successfully Completed! - Duration: 00:16:52
I 08:55:04 Average Write Rate: 603 KB/s (4.0x) - Maximum Write Rate: 615 KB/s (4.1x)
I 08:55:04 Cycling Tray before Verify...
W 08:55:20 Waiting for device to become ready...
I 08:55:30 Device Ready!
I 08:55:32 Operation Started!
I 08:55:32 Source Device: [0:1:0] PHILIPS CDRW/DVD SCB5265 TX11 (E (ATA)
I 08:55:32 Source Media Type: CD-RW (Disc ID: 97m26s65f, CMC Magnetics Corp.)
I 08:55:32 Source Media Supported Read Speeds: 8x, 12x, 16x, 20x, 24x
I 08:55:32 Image File: C:\Documents and Settings\Sarena Hurt\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
I 08:55:32 Image File Sectors: 278,966 (MODE1/2048)
I 08:55:32 Image File Size: 571,322,368 bytes
I 08:55:32 Image File Volume Identifier: GRTMUPD_EN
I 08:55:32 Image File Volume Set Identifier: GRTMUPD_EN
I 08:55:32 Image File Application Identifier: CDIMAGE 2.52 (03/09/2004 TM)
I 08:55:32 Image File File System(s): ISO9660
I 08:55:32 Read Speed (Data/Audio): MAX / MAX
I 08:55:33 Verifying Session 1 of 1... (1 Track, LBA: 0 - 278965)
I 08:55:33 Verifying Track 1 of 1... (MODE1/2048, LBA: 0 - 278965)
W 09:01:12 Failed to Read Sectors 171776 - 171807 - Reason: Timeout on Logical Unit
W 09:01:20 Failed to Read Sector 171784 - Reason: Timeout on Logical Unit
W 09:01:20 Sector 171784 maps to File: \DOTNETFX\DOTNETFX.EXE
W 09:04:59 Retrying (1)...
W 09:05:07 Retry Failed - Reason: Timeout on Logical Unit
W 09:05:10 Failed to Read Sector 171784 - Reason: Timeout on Logical Unit
W 09:05:10 Sector 171784 maps to File: \DOTNETFX\DOTNETFX.EXE
W 09:05:16 Failed to Read Sector 171785 - Reason: Timeout on Logical Unit
W 09:05:16 Sector 171785 maps to File: \DOTNETFX\DOTNETFX.EXE
W 09:05:32 Failed to Read Sector 171802 - Reason: Timeout on Logical Unit
W 09:05:32 Sector 171802 maps to File: \DOTNETFX\DOTNETFX.EXE
E 09:05:34 Failed to Read Sector 171802 - Reason: Timeout on Logical Unit
E 09:05:34 Sector 171802 maps to File: \DOTNETFX\DOTNETFX.EXE
E 09:05:35 Failed to Verify Sectors!
I 09:05:36 Exporting Graph Data...
I 09:05:36 Graph Data File: C:\Documents and Settings\Sarena Hurt\Application Data\ImgBurn\Graph Data Files\PHILIPS_CDRW-DVD_SCB5265_TX11_THURSDAY-MARCH-28-2013_8-38_AM_97m26s65f_4x.ibg
I 09:05:36 Export Successfully Completed!
E 09:05:36 Operation Failed! - Duration: 00:10:02
I 09:05:36 Average Verify Rate: 571 KB/s (3.8x) - Maximum Verify Rate: 2,410 KB/s (16.1x)


----------



## Mark1956 (May 7, 2011)

Put the CD in the drive and try opening it in Windows Explorer, send a screenshot of what you see.

The ImgBurn log only shows an issue when it tried to verify the disk so it might be ok.

There is also a possibility that the blank CD's you have are not good quality, some discs are better than others and an older burner may not work well with some makes of disks, what make are you using.

You could also try to run a CD drive cleaner which will remove any dirt from the laser, they are available at most music or computer stores.


----------



## Rena30 (Jan 19, 2013)

Ok I will go give it a try. I am using - memorex.


----------



## Rena30 (Jan 19, 2013)

When I put the cd in it automatically started. I am not sure how to open it in widows explorer. Anyways it started up an says "welcome to windows service pack3 click to continue". So I assume that is did it. I clicked the X closed the window, took the cd out and came here to tell you. Should I just put it in and follow the prompts, or do I need to open it in windows explorer?


----------



## Mark1956 (May 7, 2011)

Yup, sounds like it did burn ok so go ahead and run it. But, as I said earlier this probably won't fix the problem and if it does, as with the re-install, it may be short lived. I hope I am wrong .


----------



## Rena30 (Jan 19, 2013)

Ok thanks again, sorry if I have been a bother but I just have to try to make it with what I have to make it with. therefore I hope you are wrong to, lol.


----------



## Mark1956 (May 7, 2011)

You never know your luck .


----------



## Rena30 (Jan 19, 2013)

Well I just wanted to let you know that I was able to install Service Pack 3 and afterwards I went to updates and I was able to update. Thank you again and I will let you know if I am ever able to do those tests.


----------



## Rena30 (Jan 19, 2013)

I have one more question before we stop comunicating. I can not find anything about Java on my pc now. Can you please tell me how to get it back or how to get the latest update?


----------



## Mark1956 (May 7, 2011)

Java is available from here: Java Download


----------



## Rena30 (Jan 19, 2013)

Thank you.


----------



## Mark1956 (May 7, 2011)

You're welcome.


----------



## Rena30 (Jan 19, 2013)

I hate to bother you again but I am really nervous. When I turned on my pc this morning my computer did a disk check. I noticed it said a lot about bad clusters. I started to search around and see what that meant. The information I foun made me quite paranoid. I do not know if there is anything you can do to help, but you are my only source of help. So I attached the report. When you have time I would certainly appreciate if you would look it over and see if there is anything that can be done. If not maybe you could at least help me know for sure what it means.

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 4/4/2013
Time: 11:44:28 AM
User: N/A
Computer: ACER-684C9A655D
Description:
Checking file system on C:
The type of the file system is FAT32.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk. 
Volume Serial Number is 1568-13FD
Read failure with status 0xc000009c at offset 0x84c59400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x84c5d400 for 0x4000 bytes.
Windows replaced bad clusters in file \Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
of name (null).
Read failure with status 0xc000009c at offset 0xd9a31400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9a35400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9a89400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9ae1400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9b99400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9bf1400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9c45400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd8ee1400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd8f35400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd8f8d400 for 0x4000 bytes.
Windows replaced bad clusters in file \Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
of name (null).
Read failure with status 0xc000009c at offset 0x138101400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x138101400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x138159400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1381ad400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2758857$\kernel32.dll
of name (null).
Read failure with status 0xc000009c at offset 0x137cdd400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137cdd400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137d31400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2544893-v2$\inetcomm.dll
of name (null).
Read failure with status 0xc000009c at offset 0x137d81400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137d89400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x1372e1400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1372ed400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137345400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137399400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1373f1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2778344$\win32k.sys
of name (null).
Read failure with status 0xc000009c at offset 0x137441400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137445400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x13749d400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2778344$\spuninst\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136e0d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136e19400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys
of name (null).
Read failure with status 0xc000009c at offset 0x136e65400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136e71400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2536276-v2$\spuninst\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136ec5400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136ec5400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
of name (null).
Read failure with status 0xc000009c at offset 0x136a59400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136a59400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2646524$\winsrv.dll.000
of name (null).
Read failure with status 0xc000009c at offset 0x136aa9400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136aad400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2646524$\spuninst\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136af9400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136b05400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe
of name (null).
Read failure with status 0xc000009c at offset 0x137b7d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137b81400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\ServicePackCache\i386\fxscover.exe
of name (null).
Read failure with status 0xc000009c at offset 0xd90f1400 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0xd90f1400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd90f5400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\i386\wschelp.chm
of name (null).
Read failure with status 0xc000009c at offset 0xd97c5400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd97c9400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd97cd400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9821400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\i386\msrdp.ocx
of name (null).
Read failure with status 0xc000009c at offset 0xd98d9400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd98d9400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\i386\xmlp_ecu.xdr
of name (null).
Read failure with status 0xc000009c at offset 0xd98dd400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd98dd400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9931400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9989400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\i386\hsfdpsp2.sys
of name (null).
Read failure with status 0xc000009c at offset 0xd9c9d400 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0xd9c9d400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\ServicePackFiles\i386\l3codeca.acm
of name (null).
Read failure with status 0xc000009c at offset 0x136d61400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136d6d400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2387149\update\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x137179400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137185400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1371dd400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
of name (null).
Read failure with status 0xc000009c at offset 0x136f19400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136f1d400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136f75400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2536276-v2\update\update.exe
of name (null).
Read failure with status 0xc000009c at offset 0x13699d400 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x13699d400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2712808\spuninst.exe
of name (null).
Read failure with status 0xc000009c at offset 0x138041400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x138049400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
of name (null).
Read failure with status 0xc000009c at offset 0x137e39400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137e41400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137e99400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137ef1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2544893-v2\update\update.exe
of name (null).
Read failure with status 0xc000009c at offset 0x137f45400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137f45400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2544893-v2\update\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x137a15400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137a1d400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137a71400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2491683\update\update.exe
of name (null).
Read failure with status 0xc000009c at offset 0x137ac1400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137ac9400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2491683\update\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x1374f1400 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0x1374f1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2778344\update\update_SP3QFE.inf
of name (null).
Read failure with status 0xc000009c at offset 0x1375a9400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1375ad400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2778344\update\update.exe
of name (null).
Read failure with status 0xc000009c at offset 0x137605400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137605400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137659400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2778344\update\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136d0d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136d19400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136b4d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136b59400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136bb1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2646524\update\update.exe
of name (null).
Read failure with status 0xc000009c at offset 0x136c09400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136c05400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136c09400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2646524\update\updspapi.dll
of name (null).
Read failure with status 0xc000009c at offset 0x136629400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136631400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136689400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1366dd400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntkrpamp.exe
of name (null).
Read failure with status 0xc000009c at offset 0x136799400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x136799400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1367ed400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136845400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x136899400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1368f1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntkrnlmp.exe
of name (null).
Read failure with status 0xc000009c at offset 0x1370d5400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1370d9400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\Driver Cache\i386\mrxsmb.sys
of name (null).
Read failure with status 0xc000009c at offset 0x65671400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x6593d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137f95400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137f9d400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137ff1400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\system32\inetcomm.dll
of name (null).
Read failure with status 0xc000009c at offset 0xe08c9400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xe08c9400 for 0x4000 bytes.
Folder \WINDOWS\system32\oobe\mui is entirely unreadable.
Folder entry removed.
Read failure with status 0xc000009c at offset 0x137bd9400 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x137bd9400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\system32\dllcache\fxscover.exe
of name (null).
Read failure with status 0xc000009c at offset 0x137125400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x137131400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\system32\dllcache\mrxsmb.sys
of name (null).
Read failure with status 0xc000009c at offset 0x1378bd400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1378c1400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1378c5400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137919400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x137971400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x1379c5400 for 0x4000 bytes.
Windows replaced bad clusters in file \WINDOWS\system32\dllcache\win32k.sys
of name (null).
Convert lost chains to files (Y/N)? Yes
928 KB in 20 recovered files.
Windows is verifying free space...
Read failure with status 0xc000009c at offset 0x52921400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x52921400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x52921400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x52929400 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0x5292d400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x5292f400 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0x52930400 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x52930400 for 0x800 bytes.
Read failure with status 0xc000009c at offset 0x52930400 for 0x400 bytes.
Read failure with status 0xc000009c at offset 0x52930400 for 0x200 bytes.
Read failure with status 0xc000009c at offset 0xd9039400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9099400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9039400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9099400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9039400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9099400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd9041400 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0xd9099400 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0xd9045400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd909d400 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0xd9047400 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xd909d400 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xd909f400 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0xd913d400 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0xd919d400 for 0x10000 bytes.
Read failure with status 0xc
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks again!!!


----------



## Mark1956 (May 7, 2011)

All the above log indicates is that your hard drive is failing and you should replace it ASAP.


----------



## Rena30 (Jan 19, 2013)

Well, that is the news that I did not want, lol. But thank you anyway.


----------



## Rena30 (Jan 19, 2013)

By any chance do you know where to buy a new hard drive and about how much they might cost?


----------



## Mark1956 (May 7, 2011)

Depends where you live, Newegg is good for the US and Amazon for the UK.

You need to look for SATA drives not IDE and 2.5". Your existing drive is only 40GB and I doubt you will find one that small these days so get what you can afford, the bigger the drive the higher the price, a Western Digital Scorpio Blue would be a good one to look for or Seagate.

You are going to have one hitch replacing the drive as you do not have Recovery discs or a copy of Windows to reinstall from. You will either need to get the hard drive Recovery Partition cloned onto the new drive or make the Recovery discs if your CD burner will function correctly. The other option is to purchase a set of Recovery discs from Acer.


----------



## Rena30 (Jan 19, 2013)

Ok thank you very much, could you tell me how to do these?
"You will either need to get the hard drive Recovery Partition cloned onto the new drive or make the Recovery discs if your CD burner will function correctly."


----------



## Mark1956 (May 7, 2011)

Best to try and make the Recovery discs first, this guide will shoe you how to do it using the built in facility eRecovery. You need to use the F10 key to get there as you did when you ran the Factory Restore.

http://voices.yahoo.com/how-create-recovery-disks-acer-erecovery-management-7750793.html?cat=15


----------



## Rena30 (Jan 19, 2013)

Sorry, I have not gotten back to you sooner. Thank you for the information. It will take me some time to get this done. But when I am finished I will let you know the outcome. Again thank you for your time and patience!


----------



## Mark1956 (May 7, 2011)

As always, you're welcome and I look forward to hearing from you.


----------



## Rena30 (Jan 19, 2013)

Hi Mark. I need your help ASAP!!!! My computer has been doing ok, but somehow I got Search Conduit on here. My Hardware is already not doing so hot, so I do not need anything making it worse!! Please help me remove it, fast, safe and for FREE!!!! Thanks


----------



## Mark1956 (May 7, 2011)

I have sent you a message, but will reply here also. As this is a new issue please start a new thread in the Malware forum and post the logs requested. I will do my best to answer it or another helper may get there first.


----------

