Can't install Windows updates or antivirus

lango · Oct 19, 2011

HijackThis Log
===========

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:48:48, on 19/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://login.passport.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5177 bytes

Bobbye · Oct 22, 2011

I still don't have any information to work with.

Please ask her what these entries are for:
documents and settings\erikaballantine\desktop\erika\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.eps

I tried to ID several different sections of the entry but still only came up with this thread.
=====================================
There are only a couple of minor changes I'd do in HJT, nothing that would affect the subject of this thread.

Updates are not current as you know: Windows XP SP2
Adobe reader needs to be updated: She has v6, current is v10. Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.

Please check the system and see if there is a log from Combofix: Look for C:\ComboFix.txt

What is the status of the system now?

lango · Oct 25, 2011

Thanks as always for your continuing assistance.

The .eps file is an image from Photoshop. She says it is very old and can be deleted - she also mentioned that she'd previously been unable to delete it so just left it. Do you want me to do anything with it?

No sign of Combofix.txt.

What do you mean by "What is the status of the system now?"

I haven't attempted to update windows since my initial post - should I try?

Also the Avast AV say's it has expired. When I try to click "Register Now", it then says "retrieving information" and then nothing happens. Has the free version just expired? Do I need to get something new or am I doing something wrong?

Cheers.

Bobbye · Oct 28, 2011

Unless you can get some of these scans to run and give me a log, I can't help. I'll try one more scan- if it won't run, the system will need to be reformtted and the OS reinstalled:
Download OTL from either of the links below and save it to your desktop.
Link 1
Link 2

Double click the OTL icon to run it.

The opened console will resemble this:

Set Output at the top to Minimal Output.

Check the boxes beside LOP Check and Purity Check.
Copy the entries in the Codebox below> Paste in the Custom Scan box.
Code:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Make sure all other windows are closed and to let it run uninterrupted.

When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

lango · Oct 29, 2011

Success!

Thanks as usual for your continuing help.

OTL.txt

OTL logfile created on: 29/10/2011 21:53:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\erikaballantine\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 203.94 Mb Available Physical Memory | 45.58% Memory free
1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.68 Gb Free Space | 52.81% Space Free | Partition Type: NTFS

Computer Name: ERIKA | User Name: erikaballantine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\erikaballantine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\11101901\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11101901\aswRep.dll ()
MOD - C:\WINDOWS\system32\MousePage.dll ()
MOD - C:\WINDOWS\system32\TCtrlIO.dll ()
MOD - C:\WINDOWS\system32\ati2evxx.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Raslierd) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (atiide) -- C:\WINDOWS\System32\DRIVERS\atiide.sys (ATI Technologies Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (tiumfwl) -- C:\WINDOWS\system32\drivers\tiumfwl.sys (Texas Instruments Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (DevUpper) -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys (Texas Instruments Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/22 18:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 18:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 18:23:49 | 000,000,000 | ---D | M]

[2008/12/15 11:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Extensions
[2008/02/15 22:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Firefox\Profiles\i6yqeg7c.default\extensions
[2008/01/21 20:23:17 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Firefox\Profiles\i6yqeg7c.default\searchplugins\aolsearch.xml
[2011/10/17 18:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 07:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/05 19:58:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: apple.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.net ([login] http in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BB2E300-E295-4EFB-B2C0-AA9DBEEEB4F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{586AF466-1D2A-4EFB-8C40-D987E483A5DB}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\erikaballantine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\erikaballantine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/18 07:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 19:18:51 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 21:50:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\OTL.exe
[2011/10/19 17:46:55 | 000,000,000 | ---D | C] -- C:\HijackThis
[2011/10/18 17:39:55 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\erikaballantine\Desktop\esetsmartinstaller_enu.exe
[2011/10/17 21:48:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 21:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller
[2011/10/17 20:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix
[2011/10/17 19:51:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\erikaballantine\Desktop\friday.exe.scr
[2011/10/17 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 19:14:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/17 19:08:15 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\erikaballantine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/17 18:53:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\TFC.exe
[2011/10/17 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\My Documents\Downloads
[2011/10/05 21:07:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/05 19:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/05 19:18:51 | 000,000,000 | RHSD | C] -- C:\autorun.inf

========== Files - Modified Within 30 Days ==========

[2011/10/29 21:50:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\OTL.exe
[2011/10/29 21:46:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 21:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/19 17:46:24 | 000,305,771 | ---- | M] () -- C:\HijackThis.zip
[2011/10/18 17:39:59 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\erikaballantine\Desktop\esetsmartinstaller_enu.exe
[2011/10/17 21:48:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/17 21:32:12 | 001,540,929 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller.zip
[2011/10/17 21:12:41 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\CKScanner.exe
[2011/10/17 21:11:45 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\exeHelper.com
[2011/10/17 21:06:32 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\rkill.com
[2011/10/17 20:47:03 | 000,000,497 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix.zip
[2011/10/17 19:51:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\erikaballantine\Desktop\friday.exe.scr
[2011/10/17 19:33:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\pfcij26u.exe
[2011/10/17 19:14:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 19:09:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\erikaballantine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/17 18:53:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\TFC.exe
[2011/10/17 18:34:27 | 001,382,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/17 18:24:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/16 21:51:33 | 263,610,632 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual1.pdf
[2011/10/16 20:59:49 | 122,353,090 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout1.pdf
[2011/10/16 20:22:42 | 099,533,483 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout.pdf
[2011/10/14 18:44:14 | 289,163,452 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual.pdf
[2011/10/05 21:09:40 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/10/05 19:58:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/02 13:07:59 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/19 17:46:17 | 000,305,771 | ---- | C] () -- C:\HijackThis.zip
[2011/10/17 21:48:25 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2011/10/17 21:32:04 | 001,540,929 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller.zip
[2011/10/17 21:12:27 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\CKScanner.exe
[2011/10/17 21:11:30 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\exeHelper.com
[2011/10/17 21:06:11 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\rkill.com
[2011/10/17 20:46:56 | 000,000,497 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix.zip
[2011/10/17 19:32:58 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\pfcij26u.exe
[2011/10/17 19:14:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 18:24:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/16 21:48:57 | 263,610,632 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual1.pdf
[2011/10/16 21:02:48 | 289,163,452 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual.pdf
[2011/10/16 20:58:40 | 122,353,090 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout1.pdf
[2011/10/16 20:06:02 | 099,533,483 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout.pdf
[2009/04/05 23:08:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/05 23:08:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/04/05 22:54:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Application Data\$_hpcst$.hpc
[2008/01/02 22:41:28 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/13 23:53:07 | 001,339,474 | ---- | C] () -- C:\WINDOWS\Uninstallvusb.dll
[2005/12/15 23:16:13 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/07 10:35:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/16 05:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/06/12 17:28:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/03 09:31:30 | 001,382,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/02/27 12:49:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/20 14:12:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/17 17:32:19 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/18 01:33:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/18 01:28:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/10/26 23:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/12 22:24:03 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2004/08/04 08:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/06/16 10:36:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/16 10:34:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FIXPATH.EXE
[2004/05/19 11:07:43 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/05/19 11:07:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/05/19 11:07:43 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/05/19 11:07:43 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/05/19 08:09:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2004/05/19 08:09:02 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2004/05/18 14:11:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/18 12:53:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/18 12:53:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/18 12:53:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/18 12:53:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/18 12:50:32 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/05/18 12:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/05/18 12:00:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/05/18 12:00:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/05/18 11:47:42 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/05/18 11:47:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/18 11:47:39 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/18 11:42:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/18 11:38:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2004/05/18 11:38:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2004/05/18 11:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
[2004/05/18 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/18 11:17:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/05/18 08:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/18 08:13:09 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2004/05/18 08:13:09 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/05/18 08:02:37 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/18 07:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/18 07:37:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/18 06:27:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/18 06:27:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/05/18 06:27:30 | 000,381,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/18 06:27:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/05/18 06:27:30 | 000,053,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/18 06:27:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/05/18 06:27:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/05/18 06:27:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/18 06:27:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/18 06:27:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/05/18 06:27:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/05/18 06:27:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/05/18 06:27:05 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/15 18:28:08 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/06/06 17:12:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DProcess.exe
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/12 16:50:06 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\RM_ABG.exe
[2002/12/05 13:18:56 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\Set_ABG.exe
[1999/08/28 23:07:05 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe

========== LOP Check ==========

[2011/09/22 18:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/21 18:46:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/21 18:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/02 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\FUJIFILM
[2004/10/22 13:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\InterVideo
[2004/11/18 01:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Nikon
[2009/04/05 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Samsung
[2004/05/18 12:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\toshiba
[2011/09/21 22:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Uksy
[2010/07/24 16:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Umud
[2004/08/12 19:13:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/07/10 20:55:32 | 002,527,232 | ---- | M] (Topala Software Solutions) -- C:\siw.exe

< MD5 for: EXPLORER.EXE >
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/03/31 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2003/03/31 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2003/03/31 12:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

Extras.txt

OTL Extras logfile created on: 29/10/2011 21:53:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\erikaballantine\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 203.94 Mb Available Physical Memory | 45.58% Memory free
1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.68 Gb Free Space | 52.81% Space Free | Partition Type: NTFS

Computer Name: ERIKA | User Name: erikaballantine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\WINDOWS\system32\sysservice.exe" = C:\WINDOWS\system32\sysservice.exe:*:Enabled:dnsclient
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*isabled:TrueVector Service
"C:\Documents and Settings\erikaballantine\Local Settings\Temp\7zS2.tmp\SymNRT.exe" = C:\Documents and Settings\erikaballantine\Local Settings\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D2E8198-25CE-4901-B8EB-8587185C5776}" = Voyager USB Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{78FC8439-5FAF-4AD2-B9FD-2F5519F3ED0B}" = WLAN
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft Software Suite" = ArcSoft Software Suite
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Skype_is1" = Skype 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WLAN 802.11g Cardbus" = WLAN 802.11g Cardbus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2007 12:56:43 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 11.0.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/12/2007 19:13:59 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.20, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 29/12/2007 20:00:17 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.20, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 06/01/2008 17:40:32 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/01/2008 17:24:28 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.1.1091, faulting module
msvcrt.dll, version 7.0.2600.2180, fault address 0x000370d0.

Error - 20/01/2008 08:13:35 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 6.5.700.0, faulting module
msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 21/01/2008 16:05:20 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.2.1800, faulting module
gen_ff.dll, version 0.0.0.0, fault address 0x000ce525.

Error - 28/01/2008 16:35:01 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
Description = Hanging application OrbTray.exe, version 2.2008.105.1830, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 31/03/2008 11:25:20 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
Description = Hanging application updater.exe, version 1.8.20080.20121, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/10/2008 11:56:40 | Computer Name = ERIKA | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 6.5.700.0, faulting module
unknown, version 0.0.0.0, fault address 0x055e0a1a.

[ System Events ]
Error - 19/10/2011 18:18:32 | Computer Name = ERIKA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 000F66D3AD0D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/10/2011 18:19:46 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Critical Update for Office XP on Windows XP Service Pack
2 (KB885884).

Error - 19/10/2011 18:19:51 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Critical Update for Windows XP (KB886185).

Error - 19/10/2011 18:19:52 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Cumulative Security Update for Internet Explorer for Windows
XP (KB896688).

Error - 25/10/2011 14:23:21 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 25/10/2011 14:24:14 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 25/10/2011 17:48:49 | Computer Name = ERIKA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 000F66D3AD0D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/10/2011 17:49:56 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 29/10/2011 16:48:14 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 29/10/2011 16:49:15 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

Bobbye · Nov 6, 2011

Have you attempted to do the Windows Update again? Or update/run the antivirus? If not, please try both.

I'd like to do the following:
Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.

You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>

You must choose to Run this tool when prompted.

Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.

If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.

After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy

Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

lango · Nov 8, 2011

Hi there,

Tried to use Windows Update - I get an ActiveX message bar warning in IE and I only get the option "Information Bar Help" nothing like "Install ActiveX Control" that I expected.

Also the yellow shield in the Notification Area for the Windows updates isn't being displayed anymore either (I'm not sure when it stopped being displayed).

Avast appears to be updating itself fine.

Ran the Diagnostics tool and when I clicked "Resolve" IE opened and I ended up at a page saying: "Validation Status: Action Required". On this page I encountered the same ActiveX message bar warning problem again.

I then attempted to "launch the alternate validation process" (legitcheck.hta) and got the following message: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

I also tried the Genuine Windows page in Firefox using the WgaPluginInstaller.exe the page says it is installed correctly but when I press continue it loops back to the first page again.

The Mircorsoft CoA is stuck on the bottom of the laptop: There is no reference to the edition of XP, I cannot see "OEM Software" or "OEM Product" in black lettering, I also cannot see the computer manufacturer's name in black lettering.

However my girlfriend still has all the original documentation (was bought from PC World), and it includes the Windows XP Home Edition booklet ("for distribution only with a new PC") in which it says; the CoA label has been removed by your PC manufacturer and should be attached to your PC.

However I have noticed that the last three blocks of the Windows Product Key found by the WGA Diagnostic tool are different to the CoA sticker on the laptop??

Here's the diagnostic report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-W3R3K-J2VF4-JFP8W
Windows Product Key Hash: XPfxGkd+SaYWqIyXYZav/kIic8c=
Windows Product ID: 55277-OEM-2111907-00111
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {D59B37B5-49EE-4B28-A2E6-E523BC3D9481}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-800b0001_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
Resolution Status: Validation Control not Installed

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\licdll.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.2622], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.2180], Hr = 0x80004005

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D59B37B5-49EE-4B28-A2E6-E523BC3D9481}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JFP8W</PKey><PID>55277-OEM-2111907-00111</PID><PIDType>2</PIDType><SID>S-1-5-21-2494479079-576879021-1610809673</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A60</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 1.40</Version><SMBIOSVersion major="2" minor="3"/><Date>20040701000000.000000+000</Date><SLPBIOS>TOSHIBA,TOSHIBA</SLPBIOS></BIOS><HWID>32743D07018400D2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>TOSHIBA</name><model>Personal Computer</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17400</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FED0:Inventec(Taipei)|B174:Semp Toshiba Informatica Ltda|B174:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: TOSHIBA,TOSHIBA

OEM Activation 2.0 Data-->
N/A

Bobbye · Nov 15, 2011

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Volume License Key (VLK) has either been blocked by Microsoft or generated by a fake product key code generator. VL editions should not be sold to individual consumers. Also, Volume Licenses for Windows XP is Upgrade licenses ONLY and cannot be used as the original or base license for a new computer.

If this computer is not a corporate system please uninstall Office Professional Edition 2003. Next please restart your computer and try to Validate once again.

However my girlfriend still has all the original documentation (was bought from PC World), and it includes the Windows XP Home Edition booklet ("for distribution only with a new PC") in which it says; the CoA label has been removed by your PC manufacturer and should be attached to your PC.

Have her take the documentation back to the seller and ask why they didn't give her a legitimate license- I hope it includes the sales slip.

There are also many mismatched files which likely indicates conflict in the Registry. She will not be able to do the updates until she gets valid license.

It is also curious that there are 2 blocked entries which are the same and no indication that the OS itself is genuine.

lango · Nov 22, 2011

Hi there, sorry for the delay in getting back to you and thank you for your continuing help.

Her ex ran his own company so it is possible that the MS Office licence came from there. Should I uninstall it in any case (I'm not particularly worried as Libre Office will be fine for her needs).

We don't have a sales receipt and I'm not sure what has happened with the XP licence... However as last three blocks of the Windows Product Key found by the WGA Diagnostic tool are different to the CoA sticker on the laptop, is there any way to "switch" the key to that (the one on the sticker on the base of the laptop)?

Thanks as always.

Bobbye · Nov 23, 2011

When the computer was purchased to PC World, it had the original, valid Windows XP license key.

When this was done:

Her ex ran his own company so it is possible that the MS Office licence came from there.

The business used a 'volume license' on the system which was not valid for the install to the one PC.

However as last three blocks of the Windows Product Key found by the WGA Diagnostic tool are different to the CoA sticker on the laptop, is there any way to "switch" the key to that (the one on the sticker on the base of the laptop)?

You cannot 'switch a license or key.' What ever you tried to change will tell you the key has already been used. As long as this isn't valid, you will not be able to update.

So while the Windows XP Pro may be genuine, a volume license for corporate users was used for Office XP with Front Page and is not valid for a single PC.

To use the Office program, you will need to uninstall the current version, then purchase the single version:
To uninstall Office products:

1. Quit all Office programs.
2. Click Start, and then click Control Panel.
3. Double-click Add or Remove Programs.
4. In the Currently installed programs list, locate and select products that did not pass validation
5. Click Remove to remove the product(s) that you want to uninstall from the computer.
-------------------------------------
If you need assistance with the uninstall, please see the following links HERE:

Method 1: Uninstall Microsoft Office 2003 suites from Control Panel

Method 2: Uninstall Microsoft Office 2003 suites with Microsoft Fix it
* Method 3: Uninstall Microsoft Office 2003 suites with the Program Install and Uninstall troubleshooter

Method 4: Remove Microsoft Office 2003 suites manually

Keep in mind that it appears this was actually installed twice:
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2

If you are using another 'office-type' program and it is sufficient for you needs, then don't make the purchase.

lango · Jan 11, 2012

Hello Bobbye,

Sorry for the long absence from the Board, change of jobs, two weddings, a stag do and Christmas & New Year! Things kind of got on top of me.

Right then; Before I started I ran a full scan in Avast, it found an infected file:

ACT20.EXE C:/SUPPORT/TOOLS Win32:Malware-gen (moved to chest)

It then prompted me to do a scan on start up; it found 7 threats:

5 x Win32:Beagle-NF [Wrm]
2 x HTML:Malware-gen
(all deleted)

All of them were in Microsoft\OutlookExpress\Deleted Items.dbx
(Let me know if you need full folder address)

I've uninstalled MS Office and tried running MGA Tool again (Diagnostic Report below).

Still the same problem with the ActiveX Control.

Still unable to install updates.

Thanks as always.

New Diagnostic Report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-W3R3K-J2VF4-JFP8W
Windows Product Key Hash: XPfxGkd+SaYWqIyXYZav/kIic8c=
Windows Product ID: 55277-OEM-2111907-00111
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {D59B37B5-49EE-4B28-A2E6-E523BC3D9481}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-800b0001_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\licdll.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.2622], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.2180], Hr = 0x80004005
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80004005]
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.2180], Hr = 0x80004005

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D59B37B5-49EE-4B28-A2E6-E523BC3D9481}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JFP8W</PKey><PID>55277-OEM-2111907-00111</PID><PIDType>2</PIDType><SID>S-1-5-21-2494479079-576879021-1610809673</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A60</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 1.40</Version><SMBIOSVersion major="2" minor="3"/><Date>20040701000000.000000+000</Date><SLPBIOS>TOSHIBA,TOSHIBA</SLPBIOS></BIOS><HWID>32743D07018400D2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>TOSHIBA</name><model>Personal Computer</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FED0:Inventec(Taipei)|B174:Semp Toshiba Informatica Ltda|B174:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: TOSHIBA,TOSHIBA

OEM Activation 2.0 Data-->
N/A

Bobbye · Jan 13, 2012

Actually, the thread should have been closed almost a month ago- it slipped by me.
The bottom line is that the OS on the system doesn't appear t be valid. The mismatched files are another indication. you will not be able to update until the license, validation and mismatched files have been resolved.

I suggest you contact Microsoft and request their guidance.
================================================
As for this:

All of them were in Microsoft\OutlookExpress\Deleted Items.dbx
(Let me know if you need full folder address)

---------------------------------------------
This location is the store folder for the OE Deleted mail. You can delete that folder. OE will create a new one: It is a hidden folder: Show Hidden Folders/Files

Use the path you have to find the Delete.dbx folder. Note that deleting this folder with remove everything in the Deleted folder in OE.

Open My Computer.
[*] Go to Tools > Folder Options.
[*] Select the View tab.
[*] Scroll down to Hidden files and folders.
[*] Select Show hidden files and folders.
[*] Uncheck (untick) Hide extensions of known file types.
[*] Uncheck (untick) Hide protected operating system files (Recommended).
[*] Click Yes when prompted.
[*] Click OK.
[*] Close My Computer.

Reset Hidden/System Files & Folders

TechSpot

Welcome to TechSpot

Can't install Windows updates or antivirus

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

lango Newcomer, in training Posts: 16

Bobbye Helper on the Fringe Posts: 16,406 +16

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.