I was able to obtain a Dell OEM disk of Win XP Media Center Edition, do a repair and get back on my PC. I have run Malwarebytes in both Safe Mode and regular mode. It cleaned out approx 34 virus/malware files. I also ran my McAfee which is not up-to-date (the cause of my problem) and it found 6 more items. All have been removed but I can not update/upgrade my McAfee (the download hangs). I ran the Windows Rootkit but it will also not funcition still. I also ran windows update.

Any help would be greatly appreciated.

Following is my most recent Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:27 PM, on 2/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Wolf\LOCALS~1\Temp\Rar$EX00.563\Analysethis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: HP00163557B099 HP00163557B099
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Qxuxuhasajubija] rundll32.exe "C:\WINDOWS\ewogucoru.dll",Startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)
O18 - Filter hijack: text/html - {c9bc6756-46bd-4470-9e36-8209f56fafa9} - C:\WINDOWS\system32\mst122.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 14047 bytes

Recommended Answers

All 25 Replies

basically, I think some remnant of the virus is blocking me from updating my AV and running the MS Rootkit. Running and ESET scan now...will post the log when complete.

It also tweaked my Autocad installation which will not repair from Add/Remove programs...I have to repair with install disk.

Move hijackthis out to a permanent folder instead of running it from the zip file.
Post the MBA-M log that shows what was removed.

OK...extracted Hijackthis to its own folder in My Documents and ran again. Hijack log follows the Malware Bytes Log.

Malware Bytes log:

Registry Values Infected: 3
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\kycurod.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kycurod.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\kycurod.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ES15.exe (Rogue.SecurityEsssentials) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146101105.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464854.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464857.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:51 PM, on 2/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Wolf\My Documents\Hijackthis\Analysethis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: HP00163557B099 HP00163557B099
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Qxuxuhasajubija] rundll32.exe "C:\WINDOWS\ewogucoru.dll",Startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)
O18 - Filter hijack: text/html - {c9bc6756-46bd-4470-9e36-8209f56fafa9} - C:\WINDOWS\system32\mst122.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 14163 bytes

ESET said no infections found. Inadvertently closed the window before copying the final details of the scan but it was clean. System is still behaving a bit funky though.

Having some problems with .NET. Am getting errors on startup regarding NGEN.exe, mscorworks.dll, mscoree.dll and sprtcmd.exe.

system is sloooow to react to starting of programs.

Autocad is jacked. Will not repair from Add/Remove programs. Need to do clean install to fix. :(

Ok. There is an edit button so you do not have to keep posting to the reply box.
You cut off the top of the MBA-M log. Please post it in your next reply.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Sorry...new to this board...Malware Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3755
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

2/18/2010 5:38:53 AM
mbam-log-2010-02-18 (05-38-53).txt

Scan type: Quick Scan
Objects scanned: 138360
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\kycurod.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kycurod.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\kycurod.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ES15.exe (Rogue.SecurityEsssentials) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146101105.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464854.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464857.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

FYI. MBA-M runs best in normal mode as all it's drivers are loaded then.
Are you doing the OTL scan?

Re: running MBA-M in "normal" mode, do you mean running a full scan as opposed to a quick scan? I did both. I also ran both in Safe and Normal mode...will post the log of that as well.

OK...I did the OTL scan (and then went to bed). I am going to post the OTL and Extras TXT files in separate posts since I think that is how you asked me to do it...here we go:

OTL.txt

OTL logfile created on: 2/19/2010 12:43:02 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Wolf\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 169.95 Gb Total Space | 93.93 Gb Free Space | 55.27% Space Free | Partition Type: NTFS
Drive D: | 58.18 Gb Total Space | 16.10 Gb Free Space | 27.67% Space Free | Partition Type: NTFS
Drive E: | 601.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 115.36 Gb Free Space | 49.53% Space Free | Partition Type: NTFS

Computer Name: ELISE
Current User Name: Wolf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/19 00:04:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wolf\Desktop\OTL.exe
PRC - [2010/02/17 14:07:40 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/17 14:07:39 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/29 15:57:48 | 001,095,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 21:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/08 17:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/05/21 12:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/25 13:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/24 02:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 13:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/01/09 14:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 11:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/08 23:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/08 23:30:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/08/13 20:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/12/12 13:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 13:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/06/21 00:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/03/03 23:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/03/02 04:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/02/19 07:29:46 | 000,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/08/04 04:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 06:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2004/08/10 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/19 00:04:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wolf\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,161,280 | ---- | M] () -- C:\WINDOWS\ewogucoru.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/11/08 12:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004/08/10 06:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2004/08/10 06:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/17 14:07:39 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 21:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/08 17:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/17 19:00:35 | 000,066,872 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/21 13:40:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/04/01 16:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/03/25 13:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/24 02:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 13:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/03/16 17:13:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 22:56:52 | 000,656,168 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/06 02:04:30 | 000,132,424 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/01/09 12:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 11:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/08 23:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/12/12 13:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/11 00:26:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/15 07:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/13 20:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/09 02:38:27 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/05/29 00:42:51 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/07 17:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/10 16:42:32 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Disabled | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2006/03/03 23:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/04 04:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/11/19 11:26:40 | 000,147,456 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 06:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 23:21:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BC726971-0BC7-48A4-96C9-7A8F42216976}: C:\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976} [2010/02/17 13:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 01:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 01:41:16 | 000,000,000 | ---D | M]

[2008/11/03 12:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Mozilla\Extensions
[2010/02/18 14:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Mozilla\Firefox\Profiles\csnh7ey1.default\extensions
[2010/02/18 14:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Mozilla\Firefox\Profiles\csnh7ey1.default\extensions\staged-xpis
[2010/02/16 14:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/03/16 19:28:57 | 000,000,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HP00163557B099 HP00163557B099
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Qxuxuhasajubija] C:\WINDOWS\ewogucoru.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 17:48:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/22 12:35:36 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/07/02 01:36:20 | 000,000,045 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002/09/30 17:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{3ec58490-262c-11dd-af59-001372cdf019}\Shell - "" = AutoRun
O33 - MountPoints2\{3ec58490-262c-11dd-af59-001372cdf019}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ec58490-262c-11dd-af59-001372cdf019}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a8c3be84-269a-11db-897c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a8c3be84-269a-11db-897c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8c3be84-269a-11db-897c-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002/09/30 17:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{cb59fb8c-63e7-11dd-af65-001372cdf019}\Shell\AutoRun\command - "" = K:\Launch.exe -- [2004/10/21 05:38:02 | 000,126,976 | ---- | M] (Macrovision Corporation)
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Launch.exe -- [2004/10/21 05:38:02 | 000,126,976 | ---- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/18 23:58:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wolf\Desktop\OTL.exe
[2010/02/18 20:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/18 18:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wolf\My Documents\Hijackthis
[2010/02/18 16:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/18 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wolf\Application Data\QuickScan
[2010/02/18 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wolf\Local Settings\Application Data\PCHealth
[2010/02/18 08:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wolf\Application Data\Malwarebytes
[2010/02/18 08:18:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 08:18:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 08:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 08:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 08:17:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wolf\Desktop\mbam-setup.exe
[2010/02/18 00:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/02/18 00:19:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/02/18 00:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/18 00:06:09 | 002,988,632 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Wolf\Desktop\D M Setup.exe
[2010/02/17 23:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/17 23:03:15 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/17 23:03:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/17 23:03:14 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/17 23:02:12 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/17 23:02:12 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/17 23:02:12 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/17 23:01:59 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/17 16:15:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/17 14:15:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/02/17 14:08:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/17 14:08:16 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/17 14:06:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/17 14:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/17 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/17 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}
[2009/12/02 01:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/10/27 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/10/15 17:14:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/15 17:14:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/15 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/15 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/06/08 17:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/11 00:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Creative
[2008/11/06 10:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/11/06 10:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2008/09/26 15:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2007/08/31 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/02/15 11:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/08/04 04:03:16 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Wolf\My Documents\*.tmp files -> C:\Documents and Settings\Wolf\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/19 00:29:39 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2010/02/19 00:04:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wolf\Desktop\OTL.exe
[2010/02/18 22:25:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qcubitifefe.dat
[2010/02/18 20:24:56 | 000,000,150 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/02/18 12:48:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/18 12:45:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/18 12:45:01 | 000,039,523 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/18 12:43:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 12:43:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 12:43:33 | 3219,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 12:42:47 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Wolf\ntuser.dat
[2010/02/18 12:42:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wolf\ntuser.ini
[2010/02/18 12:33:22 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/02/18 12:33:22 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/02/18 12:33:22 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/02/18 12:33:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/18 12:33:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/18 12:22:11 | 001,882,786 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\SDFix.zip
[2010/02/18 12:14:19 | 000,526,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 12:14:19 | 000,443,900 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 12:14:19 | 000,072,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/18 12:11:10 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/18 12:11:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/18 12:11:10 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/02/18 12:09:48 | 002,294,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/18 12:06:31 | 000,543,104 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer [Converted].ai
[2010/02/18 12:06:09 | 000,072,654 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer [Converted].pdf
[2010/02/18 12:03:16 | 000,044,402 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\WASS badge copy.jpg
[2010/02/18 12:01:50 | 000,007,996 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\WASS_logo.jpg
[2010/02/18 11:58:00 | 000,165,581 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer.ai
[2010/02/18 10:10:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/18 09:59:48 | 002,003,036 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/02/18 08:18:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 08:18:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wolf\Desktop\mbam-setup.exe
[2010/02/18 07:34:33 | 000,314,147 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Analysethis.zip
[2010/02/18 06:52:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cxibukovi.bin
[2010/02/18 00:26:07 | 000,132,208 | ---- | M] () -- C:\Documents and Settings\Wolf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/18 00:24:59 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Wolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 00:21:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/18 00:06:17 | 002,988,632 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Wolf\Desktop\D M Setup.exe
[2010/02/17 23:12:10 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/17 23:00:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/17 23:00:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/17 23:00:46 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/17 23:00:39 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/17 22:57:53 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/17 22:57:53 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/17 22:54:46 | 000,034,380 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/17 22:54:31 | 000,001,066 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/17 22:36:23 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/17 15:24:38 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/17 15:10:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/02/17 14:08:22 | 000,618,833 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/17 14:08:16 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/17 14:06:43 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 13:11:40 | 000,055,743 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Taylor sketch to jeff.dwg
[2010/02/15 04:16:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/02/12 16:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/09 19:06:25 | 000,276,313 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Goddard logo2000.dwg
[2010/02/09 18:36:00 | 000,178,488 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Goddard logo.dwg
[2010/02/06 15:13:10 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Wolf\Desktop\Arborage.Poker.xls
[93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Wolf\My Documents\*.tmp files -> C:\Documents and Settings\Wolf\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 20:24:56 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/02/18 12:43:33 | 3219,271,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/18 12:21:55 | 001,882,786 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\SDFix.zip
[2010/02/18 12:06:27 | 000,543,104 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer [Converted].ai
[2010/02/18 12:06:09 | 000,072,654 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer [Converted].pdf
[2010/02/18 12:03:16 | 000,044,402 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\WASS badge copy.jpg
[2010/02/18 12:01:50 | 000,007,996 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\WASS_logo.jpg
[2010/02/18 11:58:00 | 000,165,581 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Guard School Flyer.ai
[2010/02/18 08:18:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 07:33:22 | 000,314,147 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Analysethis.zip
[2010/02/18 00:28:54 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/18 00:21:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/17 23:12:18 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/17 23:12:18 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/17 23:03:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/17 23:03:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/17 23:03:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/17 23:03:06 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/17 23:02:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/17 23:02:44 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/17 23:02:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/17 23:02:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/17 23:02:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/17 23:02:22 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/17 23:02:17 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/17 23:02:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/17 23:02:01 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/17 23:01:58 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/17 23:01:58 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/17 23:01:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/17 23:01:57 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/17 23:01:57 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/17 23:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/17 23:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/17 23:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/17 23:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/17 23:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/17 23:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/17 23:01:56 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/17 23:01:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/17 23:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/17 23:01:54 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/17 23:01:54 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/17 23:01:54 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/17 23:01:54 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/17 23:01:54 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/17 23:01:54 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/17 23:01:54 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/17 23:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/17 23:01:52 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/17 23:01:52 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/17 23:01:52 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/17 23:01:52 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/17 23:01:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/17 23:01:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/17 23:01:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/17 23:01:51 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/17 23:01:51 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/17 23:01:42 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/02/17 22:57:53 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/17 22:57:46 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/17 22:31:14 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/17 22:31:14 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/17 22:31:14 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/17 22:31:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010/02/17 22:31:14 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/17 22:31:14 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/17 22:31:14 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/17 22:31:14 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010/02/17 22:31:14 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/17 22:31:14 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/17 22:31:14 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/17 22:31:14 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/17 22:31:14 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/17 22:31:14 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/17 22:31:14 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/02/17 22:31:14 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/17 22:31:13 | 002,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/17 22:31:13 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/17 22:31:13 | 000,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/17 22:31:13 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/17 22:31:13 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/02/17 14:09:15 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/17 14:07:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/17 14:06:43 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/17 13:50:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qcubitifefe.dat
[2010/02/17 13:50:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cxibukovi.bin
[2010/02/16 13:11:38 | 000,055,743 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Taylor sketch to jeff.dwg
[2010/02/09 19:06:25 | 000,276,313 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Goddard logo2000.dwg
[2010/02/09 18:36:00 | 000,178,488 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Goddard logo.dwg
[2010/02/06 15:13:10 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Wolf\Desktop\Arborage.Poker.xls
[2009/10/15 17:02:55 | 000,585,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/26 13:24:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Wolf\Application Data\$_hpcst$.hpc
[2009/08/24 15:16:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/05 14:01:52 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Wolf\Application Data\mcs.rma
[2009/03/05 14:01:52 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Wolf\Application Data\FB9CCE
[2009/02/07 15:20:35 | 000,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/11 00:42:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/05/11 23:24:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/05/11 23:23:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/05/11 23:23:50 | 000,000,732 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/11 23:09:59 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/28 22:33:33 | 000,000,080 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/10/28 20:46:00 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/13 12:09:21 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Wolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 13:26:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2006/12/19 10:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/18 21:49:54 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/18 21:49:54 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B58C42AD5E.sys
[2006/08/15 23:13:27 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Wolf\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/08/08 01:22:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 00:58:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/08 00:06:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Wolf\Local Settings\Application Data\fusioncache.dat
[2006/08/04 04:42:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/04 04:35:36 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/04 04:31:10 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/04 04:03:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/08/04 04:03:16 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/08/04 04:03:16 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/08/04 04:03:14 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/08/04 04:02:18 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/08/04 04:02:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/08/04 04:01:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:42 | 000,161,280 | ---- | C] () -- C:\WINDOWS\ewogucoru.dll
[2005/08/16 04:18:33 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 04:18:25 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2005/08/16 04:18:08 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/02/18 20:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/12/24 23:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2008/11/11 00:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/02/01 21:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/02/10 23:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/01/27 20:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2008/11/10 01:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 16:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/17 14:06:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/10/15 17:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/02/09 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Autodesk
[2010/02/14 02:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Image Zone Express
[2006/09/06 13:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Leadertech
[2009/08/11 20:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\MyPublisher
[2010/02/18 15:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\QuickScan
[2009/12/14 22:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\TeamViewer
[2007/01/15 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wolf\Application Data\Viewpoint
[2010/02/17 15:24:38 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/15 04:16:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 04:00:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/02/18 12:48:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAP

Extras.txt

OTL Extras logfile created on: 2/19/2010 12:43:02 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Wolf\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 169.95 Gb Total Space | 93.93 Gb Free Space | 55.27% Space Free | Partition Type: NTFS
Drive D: | 58.18 Gb Total Space | 16.10 Gb Free Space | 27.67% Space Free | Partition Type: NTFS
Drive E: | 601.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 115.36 Gb Free Space | 49.53% Space Free | Partition Type: NTFS

Computer Name: ELISE
Current User Name: Wolf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Steam\SteamApps\s3arav3n\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\s3arav3n\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Wolf\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Wolf\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- File not found
"F:\setup\HPZNET01.EXE" = F:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"F:\setup\HPONICIFS01.EXE" = F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Wolf\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Wolf\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Wolf\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Wolf\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE97748-2050-47B1-9BDD-E049626FDE63}" = Smartparts Desktop
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Atmosphere Lite (Boundless Living Edition)_is1" = Atmosphere Lite v5.0
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DC Realism 1.0" = DC Realism 1.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DesertCombat" = DesertCombat 0.7
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ESET Online Scanner" = ESET Online Scanner v3
"Fisher-Price Petshop" = Fisher-Price Petshop
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"LHTTSSPE" = L&H TTS3000 Español
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyPublisher" = MyPublisher
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"StreetPlugin" = Learn2 Player (Uninstall Only)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.0
"GoToMeeting" = GoToMeeting 4.1.0.366
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:28 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\Wolf\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB974417_20100219_045651187-Msi0.txt.

[ Application Events ]
Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:20 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:21 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25003.Error
occurred while initializing fusion.

Error - 2/19/2010 12:59:28 AM | Computer Name = ELISE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\Wolf\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB974417_20100219_045651187-Msi0.txt.

[ System Events ]
Error - 2/18/2010 4:02:08 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:02:09 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:02:39 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:02:40 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:02:43 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:03:10 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:03:11 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:03:41 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:03:42 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/18/2010 4:04:13 PM | Computer Name = ELISE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

MBA-M logs:

Malwarebytes' Anti-Malware 1.44
Database version: 3755
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/18/2010 10:55:27 AM
mbam-log-2010-02-18 (10-55-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 71186
Time elapsed: 27 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3755
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/18/2010 11:08:29 AM
mbam-log-2010-02-18 (11-08-29).txt

Scan type: Quick Scan
Objects scanned: 139740
Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3755
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/18/2010 12:31:30 PM
mbam-log-2010-02-18 (12-31-30).txt

Scan type: Quick Scan
Objects scanned: 140007
Time elapsed: 15 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.44
Database version: 3755
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

2/18/2010 12:41:38 PM
mbam-log-2010-02-18 (12-41-38).txt

Scan type: Quick Scan
Objects scanned: 138049
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: running MBA-M in "normal" mode, do you mean running a full scan as opposed to a quick scan? I did both. I also ran both in Safe and Normal mode...will post the log of that as well.

No. I mean it is not meant to be run in safe mode. It can be run in safe mode, but it is not as efficient.

==

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\imsins.BAK
C:\WINDOWS\iis6.BAK
C:\WINDOWS\System32\18467.exe

Hi Crunchie...OK so I went to Jotti's and ran the files through...all came back with a "found nothing" result except for 18467.exe which would not load in since it is a 0kb file so reads as empty.

There are corresponding LOG files for the two BAK files.

imsins.bak:

Found Nothing

Additional Info:

File size: 1374 bytes
Filetype: ASCII text, with CRLF, LF line terminators
MD5: e58d3a483a3db43ceb1b69b453c33002
SHA1: 6429b36c13bd666ce0954f8534a1e42766715bbc

imsins.log:

[2/18/2010 07:11:05] LogFile Open.
[2/18/2010 07:11:05] Entering OCEntry; Component = <ims> (0)
[2/18/2010 07:11:05] Function = OC_PREINITIALIZE (0), Param1 = 00000003 (3), Param2 = 00000000 (00000000)
[2/18/2010 07:11:05] Leaving OCEntry. Return=1

[2/18/2010 07:11:05] Entering OCEntry; Component = <ims> (0)
[2/18/2010 07:11:05] Function = OC_INIT_COMPONENT (1), Param1 = 00000000 (0), Param2 = 00068F34 (00068F34)
[2/18/2010 07:11:05] No other SMTP servers detected, installing IMS.
[2/18/2010 07:11:05] Leaving OCEntry. Return=0

[2/18/2010 07:11:06] Entering OCEntry; Component = <ims> (0), Subcomponent = <iis_smtp> (0)
[2/18/2010 07:11:06] Function = OC_QUERY_STATE (12), Param1 = 00000000 (0), Param2 = 00000000 (00000000)
[2/18/2010 07:11:06] Original state is: DEFAULT
[2/18/2010 07:11:06] Leaving OCEntry. Return=0

[2/18/2010 07:11:08] Entering OCEntry; Component = <ims> (0), Subcomponent = <iis_smtp> (0)
[2/18/2010 07:11:08] Function = OC_CALC_DISK_SPACE (6), Param1 = 00000001 (1), Param2 = 00D84568 (00D84568)
[2/18/2010 07:11:08] Leaving OCEntry. Return=0

[2/18/2010 07:11:10] Entering OCEntry; Component = <ims> (0), Subcomponent = <> (4)
[2/18/2010 07:11:10] Function = OC_CLEANUP (11), Param1 = 00000000 (0), Param2 = 00000000 (00000000)
[2/18/2010 07:11:10] Leaving OCEntry. Return=0

[2/18/2010 07:11:10] LogFile Close.


iis6.BAK

Found nothing

Additional info:

File size: 2003036 bytes
Filetype: ASCII English text, with CRLF line terminators
MD5: 81416ed5687e316750938bc6c9591224
SHA1: 55f9216cfa35ff6b8f6437e301ca9baa5b9d4f18

iss6.log:

2/18/2010 6:59:57] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 6:59:57] Initial thread locale=409
[2/18/2010 6:59:57] returned from France fix with locale 409
[2/18/2010 6:59:57] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 6:59:57] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 6:59:57] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:136d0dafce811a4d94951aeffb75f1ed
[2/18/2010 6:59:57] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 6:59:59] OC_CLEANUP:DebugLevel=3.
[2/18/2010 6:59:59] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 6:59:59] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 6:59:59] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 6:59:59] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 6:59:59] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 6:59:59] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:9] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:9] Initial thread locale=409
[2/18/2010 7:3:9] returned from France fix with locale 409
[2/18/2010 7:3:9] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:9] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:9] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:abe4da2519c486409f01b2f6dcf91128
[2/18/2010 7:3:9] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:11] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:11] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:11] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:11] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:11] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:11] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:11] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:20] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:20] Initial thread locale=409
[2/18/2010 7:3:20] returned from France fix with locale 409
[2/18/2010 7:3:20] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:20] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:20] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:8cc44322b494e24988bb59c248d5f415
[2/18/2010 7:3:20] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:23] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:23] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:23] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:23] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:23] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:23] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:23] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:42] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:42] Initial thread locale=409
[2/18/2010 7:3:42] returned from France fix with locale 409
[2/18/2010 7:3:42] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:42] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:42] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:9564aec156b2324c9137c1e62cd9c305
[2/18/2010 7:3:42] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:44] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:44] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:44] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:44] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:44] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:44] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:44] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:53] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:53] Initial thread locale=409
[2/18/2010 7:3:53] returned from France fix with locale 409
[2/18/2010 7:3:53] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:53] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:53] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:846d9fb781f3f5428560685f8db8e78b
[2/18/2010 7:3:53] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:55] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:55] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:55] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:55] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:55] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:55] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:55] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:5] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:5] Initial thread locale=409
[2/18/2010 7:4:5] returned from France fix with locale 409
[2/18/2010 7:4:5] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:5] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:5] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:b42f8bdd94d3fe4bb5c84ee33d6d0f3c
[2/18/2010 7:4:5] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:7] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:7] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:7] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:7] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:7] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:7] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:7] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:16] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:16] Initial thread locale=409
[2/18/2010 7:4:16] returned from France fix with locale 409
[2/18/2010 7:4:16] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:16] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:16] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:bf7e326b35fc274695b81abdf2d042a8
[2/18/2010 7:4:16] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:18] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:18] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:18] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:18] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:18] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:18] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:18] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:29] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:29] Initial thread locale=409
[2/18/2010 7:4:29] returned from France fix with locale 409
[2/18/2010 7:4:29] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:29] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:29] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:ed7afc5bb37ed54f8158ebf69203ccea
[2/18/2010 7:4:29] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:31] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:31] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:31] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:31] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:31] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:31] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:31] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:5:6] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:5:6] Initial thread locale=409
[2/18/2010 7:5:6] returned from France fix with locale 409
[2/18/2010 7:5:6] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:5:6] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:5:6] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:dc45041277de1b408b8d43edb7551a64
[2/18/2010 7:5:6] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:9] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:5:9] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:5:9] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:5:9] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:5:9] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:5:9] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:5:9] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:5:19] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:5:19] Initial thread locale=409
[2/18/2010 7:5:19] returned from France fix with locale 409
[2/18/2010 7:5:19] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:5:19] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:5:19] OC_INI

Looks like that last log post got cutoff....here is the full paste of iis6.log

2/18/2010 6:59:57] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 6:59:57] Initial thread locale=409
[2/18/2010 6:59:57] returned from France fix with locale 409
[2/18/2010 6:59:57] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 6:59:57] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 6:59:57] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:136d0dafce811a4d94951aeffb75f1ed
[2/18/2010 6:59:57] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 6:59:57] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 6:59:59] OC_CLEANUP:DebugLevel=3.
[2/18/2010 6:59:59] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 6:59:59] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 6:59:59] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 6:59:59] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 6:59:59] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 6:59:59] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 6:59:59] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 6:59:59] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 6:59:59] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 6:59:59] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 6:59:59] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:0:0] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:9] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:9] Initial thread locale=409
[2/18/2010 7:3:9] returned from France fix with locale 409
[2/18/2010 7:3:9] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:9] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:9] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:abe4da2519c486409f01b2f6dcf91128
[2/18/2010 7:3:9] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:9] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:11] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:11] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:11] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:11] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:11] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:11] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:11] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:11] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:11] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:11] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:11] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:11] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:11] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:20] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:20] Initial thread locale=409
[2/18/2010 7:3:20] returned from France fix with locale 409
[2/18/2010 7:3:20] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:20] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:20] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:8cc44322b494e24988bb59c248d5f415
[2/18/2010 7:3:20] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:20] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:23] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:23] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:23] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:23] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:23] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:23] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:23] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:23] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:23] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:23] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:23] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:23] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:23] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:42] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:42] Initial thread locale=409
[2/18/2010 7:3:42] returned from France fix with locale 409
[2/18/2010 7:3:42] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:42] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:42] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:9564aec156b2324c9137c1e62cd9c305
[2/18/2010 7:3:42] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:42] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:44] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:44] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:44] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:44] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:44] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:44] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:44] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:44] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:44] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:44] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:44] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:44] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:44] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:3:53] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:3:53] Initial thread locale=409
[2/18/2010 7:3:53] returned from France fix with locale 409
[2/18/2010 7:3:53] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:3:53] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:3:53] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:846d9fb781f3f5428560685f8db8e78b
[2/18/2010 7:3:53] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:3:55] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:3:55] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:3:55] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:3:55] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:3:55] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:3:55] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:3:55] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:3:55] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:3:55] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:3:55] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:3:55] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:3:55] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:3:56] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:5] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:5] Initial thread locale=409
[2/18/2010 7:4:5] returned from France fix with locale 409
[2/18/2010 7:4:5] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:5] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:5] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:b42f8bdd94d3fe4bb5c84ee33d6d0f3c
[2/18/2010 7:4:5] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:5] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:7] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:7] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:7] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:7] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:7] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:7] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:7] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:7] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:7] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:7] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:7] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:7] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:7] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:16] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:16] Initial thread locale=409
[2/18/2010 7:4:16] returned from France fix with locale 409
[2/18/2010 7:4:16] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:16] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:16] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:bf7e326b35fc274695b81abdf2d042a8
[2/18/2010 7:4:16] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:16] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:18] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:18] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:18] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:18] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:18] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:18] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:18] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:18] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:18] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:18] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:18] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:18] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:18] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:4:29] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:4:29] Initial thread locale=409
[2/18/2010 7:4:29] returned from France fix with locale 409
[2/18/2010 7:4:29] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:4:29] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:4:29] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:ed7afc5bb37ed54f8158ebf69203ccea
[2/18/2010 7:4:29] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:29] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:4:31] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:4:31] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:4:31] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:4:31] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:4:31] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:4:31] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:4:31] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:4:31] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:4:31] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:4:31] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:4:31] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:4:31] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:4:31] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:5:6] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:5:6] Initial thread locale=409
[2/18/2010 7:5:6] returned from France fix with locale 409
[2/18/2010 7:5:6] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:5:6] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:5:6] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:dc45041277de1b408b8d43edb7551a64
[2/18/2010 7:5:6] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:6] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:9] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:5:9] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:5:9] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:5:9] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:5:9] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:5:9] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=41...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start.
[2/18/2010 7:5:9] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=6...
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start.
[2/18/2010 7:5:9] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1.
[2/18/2010 7:5:9] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End.
[2/18/2010 7:5:9] OC_CLEANUP:...ProcessEntry:100=47...
[2/18/2010 7:5:9] OC_CLEANUP:ProcessEntry_If:check if [51=6]
[2/18/2010 7:5:9] OC_CLEANUP:[iis,(null)] End. Return=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:=======================
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_CLEANUP Called=1
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:OC_DEFAULT Called=0
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
[2/18/2010 7:5:9] OC_CLEANUP:Final Check:LogFile Close.
[2/18/2010 7:5:19] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
[2/18/2010 7:5:19] Initial thread locale=409
[2/18/2010 7:5:19] returned from France fix with locale 409
[2/18/2010 7:5:19] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[2/18/2010 7:5:19] OC_INIT_COMPONENT:[iis,(null)] Start.
[2/18/2010 7:5:19] OC_INIT_COMPONENT:8/10/2004 11:00:00 A_______ 6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86: C:\WINDOWS\system32\Setup\iis.dll
[2/18/2010 7:5:19] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[2/18/2010 7:5:19] OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er /ParentInfo:84a2a015512da04bba3cc829a28ba850
[2/18/2010 7:5:19] OC_INIT_COMPONENT:DebugLevel=3.
[2/18/2010 7:5:19] OC_INIT_COMPONENT:DebugValidateHeap=1.
[2/18/2010 7:5:19] OC_INIT_COMPONENT:GlobalFastLoad=1.
[2/18/2010 7:5:19] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:19] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
[2/18/2010 7:5:21] OC_CLEANUP:DebugLevel=3.
[2/18/2010 7:5:21] OC_CLEANUP:DebugValidateHeap=1.
[2/18/2010 7:5:21] OC_CLEANUP:GlobalFastLoad=1.
[2/18/2010 7:5:21] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0
[2/18/2010 7:5:21] OC_CLEANUP: --- Display status of services which are required for IIS to run ---
[2/18/2010 7:5:21] OC_CLEANUP:SERVICE_RUNNING [LanmanServer].
[2/18/2010 7:5:21] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation].
[2/18/2010 7:5:21] OC_CLEANUP:SERVICE_RUNNING [RpcSs].
[2/18/2010 7:5:21] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp].
[2/18/2010 7:5:21] OC_CLEANUP:SERVICE_RUNNING [EventLog].
[2/18/2010 7:5:21] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start.
[2/18/2010 7:5:21] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:21] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start.
[2/18/2010 7:5:21] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start.
[2/18/2010 7:5:21] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:21] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1
[2/18/2010 7:5:21] OC_CLEANUP:...ProcessEntry:100=5...
[2/18/2010 7:5:21] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start.
[2/18/2010 7:5:21] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start.
[2/18/2010 7:5:21] OC_CLEANUP:...ProcessEntry:100=45...
[2/18/2010 7:5:21] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1
[2/18/201

Ok. Let's do this;

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

OK...followed the instructions and ran Combofix. It did its thing and then it restarted the computer. Upon restart it was creating a log file when I got errors for the mscoree.dll and then the computer blue screened. Crap. So, I manually restarted and waited to see if Combofix might start itself up...it didn't so I clicked on the desktop icon to see if that might get it to resume where it left off. It started all over again and I remembered seeing "ony run combofix ONCE." Crap. But I let it run through again, this time it just created the log file without shuting down. It said the log file would be available in C:\Combofix but no such path/folder exists (it opened the log file automatically anyway). There is a folder for Qoobox which has a ComboFix-quarantined-files.txt that I will post as well.

First things first:

ComboFix 10-02-19.03 - Wolf 02/19/2010 18:28:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2351 [GMT -5:00]
Running from: c:\documents and settings\Wolf\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome.manifest
c:\documents and settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome\content\_cfg.js
c:\documents and settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome\content\overlay.xul
c:\documents and settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\install.rdf
c:\windows\ewogucoru.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\18467.exe
K:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 23:35 . 2010-02-19 23:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-02-18 21:17 . 2010-02-18 21:17 -------- d-----w- c:\program files\ESET
2010-02-18 20:38 . 2010-02-18 20:46 -------- d-----w- c:\documents and settings\Wolf\Application Data\QuickScan
2010-02-18 17:14 . 2010-02-18 17:14 -------- d-----w- c:\documents and settings\Wolf\Local Settings\Application Data\PCHealth
2010-02-18 14:44 . 2010-01-14 19:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 13:51 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 13:50 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 13:49 . 2009-08-04 12:49 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 13:49 . 2009-08-04 12:51 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 13:49 . 2009-08-04 12:02 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 13:49 . 2009-08-04 12:02 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 13:18 . 2010-02-18 13:18 -------- d-----w- c:\documents and settings\Wolf\Application Data\Malwarebytes
2010-02-18 13:18 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:18 . 2010-02-18 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 13:18 . 2010-02-18 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 13:18 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 05:21 . 2010-02-18 05:22 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-18 04:02 . 2004-08-10 11:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-02-18 04:01 . 2004-08-10 11:00 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys
2010-02-18 03:31 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-18 03:31 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-18 03:31 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-18 03:31 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-17 19:15 . 2010-02-17 19:15 -------- d-----w- c:\windows\dell
2010-02-17 19:07 . 2010-02-17 19:07 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-17 19:07 . 2010-02-17 19:07 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-17 19:07 . 2010-02-17 19:07 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-17 19:07 . 2010-02-17 19:07 962496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-17 19:07 . 2010-02-17 19:07 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-17 19:07 . 2010-02-17 19:07 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-17 19:07 . 2010-02-17 19:07 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-17 19:07 . 2010-02-17 19:07 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-17 19:07 . 2010-02-17 19:07 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-17 19:06 . 2010-02-17 19:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-17 19:06 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-17 19:06 . 2010-02-17 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-17 19:06 . 2010-02-17 19:06 -------- d-----w- c:\program files\Lavasoft
2010-02-17 18:50 . 2010-02-19 22:53 120 ----a-w- c:\windows\Qcubitifefe.dat
2010-02-17 18:50 . 2010-02-19 08:21 0 ----a-w- c:\windows\Cxibukovi.bin
2010-01-21 00:21 . 2010-01-21 00:21 36864 ----a-w- c:\documents and settings\Wolf\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2010-01-21 00:13 . 2010-01-21 00:17 -------- d-----w- c:\program files\AutoCAD 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 08:20 . 2006-08-08 05:38 132208 ----a-w- c:\documents and settings\Wolf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 01:18 . 2008-05-29 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-02-18 20:46 . 2005-08-16 09:41 89319 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-18 03:54 . 2005-08-16 09:38 34380 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 19:10 . 2009-10-15 22:02 585216 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 19:28 . 2007-02-04 17:14 -------- d-----w- c:\program files\Steam
2010-02-14 07:51 . 2008-07-01 04:57 -------- d-----w- c:\documents and settings\Wolf\Application Data\Image Zone Express
2010-02-10 00:05 . 2008-05-29 05:37 -------- d-----w- c:\documents and settings\Wolf\Application Data\Autodesk
2010-02-04 15:53 . 2010-02-17 19:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-27 06:41 . 2006-08-04 09:36 -------- d-----w- c:\program files\Google
2010-01-27 06:41 . 2009-10-07 22:25 -------- d-----w- c:\program files\Coupons
2010-01-21 00:19 . 2009-03-17 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-21 00:17 . 2008-05-29 05:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-06 02:04 . 2007-02-15 16:32 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-02 21:51 . 2006-08-04 09:35 -------- d-----w- c:\program files\McAfee
2009-12-31 16:14 . 2004-08-10 11:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2009-12-22 05:42 662016 ----a-w- c:\windows\system32\SET4D8.tmp
2009-12-22 05:42 . 2009-12-22 05:42 624640 ----a-w- c:\windows\system32\SET4D9.tmp
2009-12-22 05:42 . 2006-03-04 03:33 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2009-12-22 05:42 1506304 ----a-w- c:\windows\system32\SET4DC.tmp
2009-12-22 05:42 . 2009-12-22 05:42 3063808 ----a-w- c:\windows\system32\SET4E1.tmp
2009-12-22 05:42 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:42 . 2009-12-22 05:42 1023488 ----a-w- c:\windows\system32\SET4E9.tmp
2009-12-16 13:33 . 2009-12-16 13:33 352768 ------w- c:\windows\system32\SET4EB.tmp
2009-12-16 12:58 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:13 . 2009-12-08 09:13 474112 ------w- c:\windows\system32\SET4DB.tmp
2009-12-04 14:41 . 2004-08-10 11:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 14:51 . 2007-03-21 19:59 70984 ----a-w- c:\documents and settings\Wolf\g2mdlhlpx.exe
2009-12-02 23:23 . 2009-12-02 23:23 149040 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-11-27 17:33 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2008-04-23 07:12 . 2006-08-19 02:49 88 --sha-r- c:\windows\system32\B58C42AD5E.sys
2008-04-23 07:12 . 2006-08-19 02:49 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-5-7 118784]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-11 05:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-03-06 07:50 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 18:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-03-02 09:00 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2007-11-02 16:59 31816 ----a-w- c:\program files\Citrix\GoToMeeting\198\g2mstart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 03:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-01-09 04:30 645328 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 22:00 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-14 05:34 1217808 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 12:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-13 18:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"MSK80Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GoToAssist"=3 (0x3)
"DM1Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\s3arav3n\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Wolf\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wolf\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/17/2010 2:08 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 10:41 AM 93320]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 7:46 AM 284016]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 6:47 PM 20640]
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:07]

2010-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 18:53]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 18:53]

2010-02-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
Trusted Zone: musicmatch.com\online
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
FF - ProfilePath - c:\documents and settings\Wolf\Application Data\Mozilla\Firefox\Profiles\csnh7ey1.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Qxuxuhasajubija - c:\windows\ewogucoru.dll
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-HijackThis - c:\docume~1\Wolf\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 18:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1592)
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-02-19 18:40:08
ComboFix-quarantined-files.txt 2010-02-19 23:40

Pre-Run: 98,976,763,904 bytes free
Post-Run: 98,929,774,592 bytes free

- - End Of File - - BA7F2BB20C86B4ABAA61E78026BBD241


HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:52 PM, on 2/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Wolf\My Documents\Hijackthis\Analysethis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 13713 bytes

AND THE COMBOFIX QUARANTINE LOG:

2010-02-19 23:39:03 . 2010-02-19 23:39:03 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WebCyberCoach_wtrb.reg.dat
2010-02-19 23:39:03 . 2010-02-19 23:39:03 794 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat
2010-02-19 23:38:46 . 2010-02-19 23:38:46 668 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat
2010-02-19 23:38:44 . 2010-02-19 23:38:44 658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Acrobat Assistant 7.reg.dat
2010-02-19 23:38:32 . 2010-02-19 23:38:32 153 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Qxuxuhasajubija.reg.dat
2010-02-19 23:36:48 . 2010-02-19 23:36:48 319 ----a-w- C:\Qoobox\Quarantine\K\av1.zip
2010-02-19 23:36:48 . 2007-07-02 06:36:20 45 ----a-w- C:\Qoobox\Quarantine\K\autorun.inf.vir
2010-02-19 23:18:36 . 2010-02-19 23:34:47 8,375 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-02-19 23:05:38 . 2010-02-19 23:27:10 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-02-17 19:07:28 . 2010-02-17 20:10:24 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\18467.exe.vir
2010-02-17 18:50:46 . 2010-02-17 18:50:46 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome.manifest.vir
2010-02-17 18:50:46 . 2010-02-17 18:50:46 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\install.rdf.vir
2010-02-17 18:50:46 . 2010-02-17 18:50:46 6,778 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome\content\overlay.xul.vir
2010-02-17 18:50:46 . 2010-02-17 18:50:46 2,018 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Wolf\Local Settings\Application Data\{BC726971-0BC7-48A4-96C9-7A8F42216976}\chrome\content\_cfg.js.vir
2005-08-16 09:18:42 . 2007-03-08 15:36:28 161,280 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ewogucoru.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 1,835,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000013_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000016_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000017_.tmp.dll.vir
2004-08-10 11:00:00 . 2004-08-10 11:00:00 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000018_.tmp.dll.vir

Hey Crunchie, so it appears that ComboFix has done the trick (along with all the previous steps). After running it last night I was able to download and install my McAfee update. Things seem to be back to normal.

I really appreciate all your help. You saved me from having to do clean install of windows and all the hassle that would have gone with that (re-installing 3 years worth of various programs, etc.). So, you are the man! Thank you.

One last question: McAfee is a huge memory hog, is there another program you would recommend that offers that level of protection but runs a little leaner?

Thanks again!

I would drop McAfee like a hot rock :). I see you already have Microsoft Security Essentials installed. You should not have more than one AV on board unless one has a disabled startup and is used as an on-demand scanner.
Personally I use Comodo AV and firewall and have no problem with it.

==

  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • Select it and click Remove.
  • Then Download and install the newest version from here:
  • http://www.java.com/en/download/manual.jsp

==

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O4 - Global Startup: McAfee Security Scan.lnk = ?

O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)

O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log.

strange thing...ie explorer stopped working after my last post. Also cannot click link in email notification...in other words, I got an email with a link to this discussion thread...when I click it it just opens up an windows explorer window to open a file.

Are you able to do anything from my last post? If not, run combofix again please.

Hey Crunchie...sorry was out of town for the last few days. Back again. Will review your posts, follow the instructions and repost the results.

Hey Crunchie,

Ran hijackthis and fixed the items you listed (except for the Global startup one for McAfee...will fixing that cause my McAfee to stop working?...I figure I will keep it for now since I jsut paid for it and will swap it out when the subscription expires...maybe?)

Also, I installed IE Explorer 8 which fixed the previous problem of IE Explorer not working. So, here is my latest hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:38 AM, on 2/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Wolf\My Documents\Hijackthis\Analysethis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100219225729.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 13417 bytes

The ? at the end of the entry in Hijackthis suggests a broken shortcut, hence my reason for fixing it. Not a biggie :).

How are things now?

Ah...ok...will fix it. Things seem to be back to normal.

Good news :).

Let's get rid of Combofix now that we are finished with it.


  • Click START then RUN
  • Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

==

Launch OTL and click on the Cleanup button. Follow the prompts.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.