Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accessed Denied, Updates Not Installed, dll.mui, etc...


  • Please log in to reply
8 replies to this topic

#1 mgkidw0

mgkidw0

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 11 March 2009 - 03:50 PM

I have two different computers that are having similar problems. I will just be posting one on this posting.

This computer is running Windows Vista. It has been running very sluggish for a couple of months now. I have actually had to reformat the hard drive two different times on it due to the computer not installing the updates that it downloads from Microsoft; for some reason, it blocks them.

I am the only one that uses this computer and after only about 2 weeks after reformatting, it will have over have of my files on my computer denied access to.

Another thing I am seeing with both of my computers is in my C:\Windows\System32 Folder, I have many folders that have been created that have two letters and a dash and then two capital letters such as "en-US". The common thing with all of these folders is that they were all created on the same day and they all have the same type of files in them: xxxxxxxx.dll.mui. I don't know what these files are, but they look suspicious. Even when I reformat my computer and wipe my hard drive clean, they files are still there.

The following is a partial copy and paste from the "WindowsUpdate.txt" log. Please note, I reformatted my hard drive today and have not had access my "D" drive since January 2. See in the log how this "WindowsUpdate" ran from that "D" drive. Also, it sent computer information, but my computer information was wrong....my computer is a Gateway...not a Dell as it shows. I have these logs and logs like these all over my computer.



2008-01-20 17:35:09:065 828 28c Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:35:09:065 828 28c Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 17:35:09:065 828 28c Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 17:35:09:065 828 28c Service *************
2008-01-20 17:35:09:065 828 28c Service ** START ** Service: Service startup
2008-01-20 17:35:09:065 828 28c Service *********
2008-01-20 17:35:09:065 828 28c Agent * WU client version 6.0.6000.16386
2008-01-20 17:35:09:065 828 28c Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 17:35:09:081 828 28c Agent * Access type: No proxy
2008-01-20 17:35:09:081 828 28c Agent * Network state: Disconnected
2008-01-20 17:35:09:190 828 40c Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 17:35:09:190 828 40c Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 17:35:09:190 828 40c Agent * WSUS server: <NULL>
2008-01-20 17:35:09:190 828 40c Agent * WSUS status server: <NULL>
2008-01-20 17:35:09:190 828 40c Agent * Target group: (Unassigned Computers)
2008-01-20 17:35:09:190 828 40c Agent * Windows Update access disabled: No
2008-01-20 17:35:09:205 828 28c Report *********** Report: Initializing static reporting data ***********
2008-01-20 17:35:09:205 828 28c Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 17:35:09:205 828 28c Report * OS Product Type = 0x00000003
2008-01-20 17:35:09:268 828 28c Report WARNING: Failed to load reporting information from Win32_ComputerSystem with hr = 8004100a.
2008-01-20 17:35:09:283 828 28c Report WARNING: Failed to load reporting information from Win32_BiosProperties with hr = 8004100a.
2008-01-20 17:35:09:283 828 28c Report * Locale ID = 1033
2008-01-20 17:35:11:265 828 40c DtaStor Default service for AU is {00000000-0000-0000-0000-000000000000}
2008-01-20 17:35:11:452 828 40c DtaStor Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2008-01-20 17:35:11:483 828 40c Agent WARNING: Failed to read the service id for re-registration 0x80070002
2008-01-20 17:35:11:483 828 40c Agent WARNING: Missing service entry in the backup data store; cleaning up
2008-01-20 17:35:11:514 828 40c DnldMgr Download manager restoring 0 downloads
2008-01-20 17:35:11:545 828 40c AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 17:35:11:545 828 40c AU # AU is not configured yet
2008-01-20 17:35:11:545 828 40c AU # Accelerated install is required
2008-01-20 17:35:11:545 828 40c AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 17:35:11:545 828 40c AU AU finished delayed initialization
2008-01-20 17:35:11:545 828 40c AU Triggering AU detection through DetectNow API
2008-01-20 17:35:11:545 828 40c AU Can not perform non-interactive scan if AU is interactive-only
2008-01-20 17:35:11:577 2008 7dc Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:35:11:577 2008 7dc Misc = Process: D:\Windows\system32\DrvInst.exe
2008-01-20 17:35:11:577 2008 7dc Misc = Module: D:\Windows\system32\wuapi.dll
2008-01-20 17:35:11:577 2008 7dc COMAPI WARNING: Unable to trigger Automatic Updates to detect now, hr=8024A000
2008-01-20 17:35:39:501 828 28c AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 17:36:17:785 828 28c AU WARNING: AU found no suitable session to launch client in
2008-01-20 17:36:47:191 828 28c AU AU initiates service shutdown
2008-01-20 17:36:47:207 828 28c AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 17:36:47:347 828 28c Service *********
2008-01-20 17:36:47:347 828 28c Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 17:36:47:347 828 28c Service *************
2008-01-20 17:43:03:681 824 9a8 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:43:03:759 824 9a8 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 17:43:04:118 824 9a8 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 17:43:03:681 824 9a8 Service *************
2008-01-20 17:43:04:321 824 9a8 Service ** START ** Service: Service startup
2008-01-20 17:43:04:430 824 9a8 Service *********
2008-01-20 17:43:04:757 824 9a8 Agent * WU client version 6.0.6000.16386
2008-01-20 17:43:05:116 824 9a8 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 17:43:05:428 824 9a8 Agent * Access type: No proxy
2008-01-20 17:43:05:537 824 9a8 Agent * Network state: Connected
2008-01-20 17:43:50:640 824 9a8 Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 17:43:50:640 824 9a8 Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 17:43:50:640 824 9a8 Agent * WSUS server: <NULL>
2008-01-20 17:43:50:640 824 9a8 Agent * WSUS status server: <NULL>
2008-01-20 17:43:50:640 824 9a8 Agent * Target group: (Unassigned Computers)
2008-01-20 17:43:50:640 824 9a8 Agent * Windows Update access disabled: No
2008-01-20 17:43:50:827 824 9a8 DnldMgr Download manager restoring 0 downloads
2008-01-20 17:43:50:827 824 9a8 AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 17:43:50:827 824 9a8 AU # AU is not configured yet
2008-01-20 17:43:50:827 824 9a8 AU # Accelerated install is required
2008-01-20 17:43:50:827 824 9a8 AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 17:43:50:827 824 9a8 AU AU finished delayed initialization
2008-01-20 17:43:50:827 824 9a8 Report *********** Report: Initializing static reporting data ***********
2008-01-20 17:43:50:827 824 9a8 Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 17:43:50:827 824 9a8 Report * OS Product Type = 0x00000003
2008-01-20 17:43:50:874 824 9a8 Report * Computer Brand = Dell Computer Corporation
2008-01-20 17:43:50:874 824 9a8 Report * Computer Model = PowerEdge 2850
2008-01-20 17:43:50:874 824 9a8 Report * Bios Revision = A04
2008-01-20 17:43:50:874 824 9a8 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 17:43:50:874 824 9a8 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 17:43:50:874 824 9a8 Report * Locale ID = 1033
2008-01-20 17:43:50:889 824 9a8 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 17:44:05:928 824 9a8 AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2008-01-20 17:44:05:990 1372 b70 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:44:05:990 1372 b70 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 17:44:05:990 1372 b70 AUClnt Launched Client UI process
2008-01-20 17:44:06:224 1372 b70 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:44:06:240 1372 b70 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 17:44:06:240 1372 b70 Misc = Module: D:\Windows\system32\wucltux.dll
2008-01-20 17:44:06:224 1372 b70 CltUI AU client got new directive = 'Opt-In', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0
2008-01-20 17:53:23:440 824 9a8 AU AU initiates service shutdown
2008-01-20 17:53:23:440 1372 b70 CltUI AU client got new directive = 'None', serviceId = {00000000-0000-0000-0000-000000000000}, return = 80010108
2008-01-20 17:53:23:472 824 9a8 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 17:53:23:940 824 9a8 Service *********
2008-01-20 17:53:23:940 824 9a8 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 17:53:23:940 824 9a8 Service *************
2008-01-20 17:58:42:124 968 e4 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 17:58:42:468 968 e4 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 17:58:42:889 968 e4 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 17:58:42:124 968 e4 Service *************
2008-01-20 17:58:42:998 968 e4 Service ** START ** Service: Service startup
2008-01-20 17:58:43:092 968 e4 Service *********
2008-01-20 17:58:43:185 968 e4 Agent * WU client version 6.0.6000.16386
2008-01-20 17:58:43:201 968 e4 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 17:58:43:279 968 e4 Agent * Access type: No proxy
2008-01-20 17:58:43:357 968 e4 Agent * Network state: Connected
2008-01-20 17:59:19:096 968 e4 AU AU initiates service shutdown
2008-01-20 17:59:19:112 968 e4 Report *********** Report: Initializing static reporting data ***********
2008-01-20 17:59:19:112 968 e4 Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 17:59:19:112 968 e4 Report * OS Product Type = 0x00000003
2008-01-20 17:59:19:174 968 e4 Report * Computer Brand = Dell Computer Corporation
2008-01-20 17:59:19:174 968 e4 Report * Computer Model = PowerEdge 2850
2008-01-20 17:59:19:174 968 e4 Report * Bios Revision = A04
2008-01-20 17:59:19:174 968 e4 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 17:59:19:174 968 e4 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 17:59:19:174 968 e4 Report * Locale ID = 1033
2008-01-20 17:59:19:190 968 e4 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 17:59:19:237 968 e4 Service *********
2008-01-20 17:59:19:237 968 e4 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 17:59:19:237 968 e4 Service *************
2008-01-20 18:09:49:363 1076 b50 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:09:50:018 1076 b50 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 18:09:50:127 1076 b50 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 18:09:49:363 1076 b50 Service *************
2008-01-20 18:09:50:299 1076 b50 Service ** START ** Service: Service startup
2008-01-20 18:09:50:455 1076 b50 Service *********
2008-01-20 18:09:50:642 1076 b50 Agent * WU client version 6.0.6000.16386
2008-01-20 18:09:50:658 1076 b50 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 18:09:50:736 1076 b50 Agent * Access type: No proxy
2008-01-20 18:09:51:016 1076 b50 Agent * Network state: Connected
2008-01-20 18:10:30:079 1076 b50 AU AU initiates service shutdown
2008-01-20 18:10:30:110 1076 b50 Report *********** Report: Initializing static reporting data ***********
2008-01-20 18:10:30:110 1076 b50 Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 18:10:30:110 1076 b50 Report * OS Product Type = 0x00000003
2008-01-20 18:10:30:172 1076 b50 Report * Computer Brand = Dell Computer Corporation
2008-01-20 18:10:30:172 1076 b50 Report * Computer Model = PowerEdge 2850
2008-01-20 18:10:30:172 1076 b50 Report * Bios Revision = A04
2008-01-20 18:10:30:172 1076 b50 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 18:10:30:172 1076 b50 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 18:10:30:172 1076 b50 Report * Locale ID = 1033
2008-01-20 18:10:30:204 1076 b50 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 18:10:30:250 1076 b50 Service *********
2008-01-20 18:10:30:250 1076 b50 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 18:10:30:250 1076 b50 Service *************
2008-01-20 18:17:12:550 1088 7e8 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:17:12:581 1088 7e8 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 18:17:12:674 1088 7e8 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 18:17:12:550 1088 7e8 Service *************
2008-01-20 18:17:12:830 1088 7e8 Service ** START ** Service: Service startup
2008-01-20 18:17:12:940 1088 7e8 Service *********
2008-01-20 18:17:13:049 1088 7e8 Agent * WU client version 6.0.6000.16386
2008-01-20 18:17:13:064 1088 7e8 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 18:17:13:096 1088 7e8 Agent * Access type: No proxy
2008-01-20 18:17:13:314 1088 7e8 Agent * Network state: Connected
2008-01-20 18:17:58:476 1088 7e8 Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 18:17:58:476 1088 7e8 Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 18:17:58:476 1088 7e8 Agent * WSUS server: <NULL>
2008-01-20 18:17:58:476 1088 7e8 Agent * WSUS status server: <NULL>
2008-01-20 18:17:58:476 1088 7e8 Agent * Target group: (Unassigned Computers)
2008-01-20 18:17:58:476 1088 7e8 Agent * Windows Update access disabled: No
2008-01-20 18:17:59:006 1088 7e8 DnldMgr Download manager restoring 0 downloads
2008-01-20 18:17:59:006 1088 7e8 AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 18:17:59:006 1088 7e8 AU # AU is not configured yet
2008-01-20 18:17:59:006 1088 7e8 AU # Accelerated install is required
2008-01-20 18:17:59:006 1088 7e8 AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 18:17:59:022 1088 7e8 AU AU finished delayed initialization
2008-01-20 18:17:59:022 1088 7e8 Report *********** Report: Initializing static reporting data ***********
2008-01-20 18:17:59:022 1088 7e8 Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 18:17:59:022 1088 7e8 Report * OS Product Type = 0x00000003
2008-01-20 18:17:59:100 1088 7e8 Report * Computer Brand = Dell Computer Corporation
2008-01-20 18:17:59:100 1088 7e8 Report * Computer Model = PowerEdge 2850
2008-01-20 18:17:59:100 1088 7e8 Report * Bios Revision = A04
2008-01-20 18:17:59:100 1088 7e8 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 18:17:59:100 1088 7e8 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 18:17:59:100 1088 7e8 Report * Locale ID = 1033
2008-01-20 18:17:59:131 1088 7e8 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:18:14:170 1088 7e8 AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2008-01-20 18:18:14:372 3852 efc Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:18:14:372 3852 efc Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:18:14:372 3852 efc AUClnt Launched Client UI process
2008-01-20 18:18:14:544 3852 efc Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:18:14:544 3852 efc Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:18:14:544 3852 efc Misc = Module: D:\Windows\system32\wucltux.dll
2008-01-20 18:18:14:544 3852 efc CltUI AU client got new directive = 'Opt-In', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0
2008-01-20 18:28:04:988 1088 7e8 AU AU received handle event
2008-01-20 18:28:04:988 1088 7e8 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:28:08:966 1088 7e8 AU AU initiates service shutdown
2008-01-20 18:28:08:982 1088 7e8 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 18:28:09:294 1088 7e8 Service *********
2008-01-20 18:28:09:294 1088 7e8 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 18:28:09:294 1088 7e8 Service *************
2008-01-20 18:28:24:738 1088 5f4 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:28:24:738 1088 5f4 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 18:28:24:738 1088 5f4 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 18:28:24:738 1088 5f4 Service *************
2008-01-20 18:28:24:738 1088 5f4 Service ** START ** Service: Service startup
2008-01-20 18:28:24:738 1088 5f4 Service *********
2008-01-20 18:28:24:738 1088 5f4 Agent * WU client version 6.0.6000.16386
2008-01-20 18:28:24:738 1088 5f4 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 18:28:24:754 1088 5f4 Agent * Access type: No proxy
2008-01-20 18:28:24:754 1088 5f4 Agent * Network state: Connected
2008-01-20 18:28:24:800 1088 a70 Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 18:28:24:800 1088 5f4 Report *********** Report: Initializing static reporting data ***********
2008-01-20 18:28:24:800 1088 5f4 Report * OS Version = 6.0.6000.0.0.66304
2008-01-20 18:28:24:800 1088 5f4 Report * OS Product Type = 0x00000003
2008-01-20 18:28:24:800 1088 a70 Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 18:28:24:800 1088 a70 Agent * WSUS server: <NULL>
2008-01-20 18:28:24:800 1088 a70 Agent * WSUS status server: <NULL>
2008-01-20 18:28:24:800 1088 a70 Agent * Target group: (Unassigned Computers)
2008-01-20 18:28:24:816 1088 a70 Agent * Windows Update access disabled: No
2008-01-20 18:28:24:863 1088 5f4 Report * Computer Brand = Dell Computer Corporation
2008-01-20 18:28:24:863 1088 5f4 Report * Computer Model = PowerEdge 2850
2008-01-20 18:28:24:863 1088 5f4 Report * Bios Revision = A04
2008-01-20 18:28:24:863 1088 5f4 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 18:28:24:863 1088 5f4 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 18:28:24:863 1088 5f4 Report * Locale ID = 1033
2008-01-20 18:28:25:050 1088 a70 DnldMgr Download manager restoring 0 downloads
2008-01-20 18:28:25:066 1088 a70 AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 18:28:25:066 1088 a70 AU # AU is not configured yet
2008-01-20 18:28:25:066 1088 a70 AU # Accelerated install is required
2008-01-20 18:28:25:066 1088 a70 AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 18:28:25:066 1088 a70 AU AU finished delayed initialization
2008-01-20 18:28:25:066 1088 a70 AU Triggering AU detection through DetectNow API
2008-01-20 18:28:25:066 1088 a70 AU Can not perform non-interactive scan if AU is interactive-only
2008-01-20 18:28:25:066 1088 5f4 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:28:25:112 3708 e98 Misc =========== Logging initialized (build: 6.0.6000.16386, tz: -0800) ===========
2008-01-20 18:28:25:112 3708 e98 Misc = Process: D:\Windows\system32\DrvInst.exe
2008-01-20 18:28:25:112 3708 e98 Misc = Module: D:\Windows\system32\wuapi.dll
2008-01-20 18:28:25:112 3708 e98 COMAPI WARNING: Unable to trigger Automatic Updates to detect now, hr=8024A000
2008-01-20 18:28:40:073 1088 5f4 AU WARNING: AU found no suitable session to launch client in
2008-01-20 18:37:27:883 1088 5f4 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 18:37:29:443 1088 5f4 Service *********
2008-01-20 18:37:29:443 1088 5f4 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 18:37:29:443 1088 5f4 Service *************
2008-01-20 18:43:13:133 1020 c68 Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:43:13:133 1020 c68 Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 18:43:13:211 1020 c68 Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 18:43:13:133 1020 c68 Service *************
2008-01-20 18:43:13:305 1020 c68 Service ** START ** Service: Service startup
2008-01-20 18:43:13:414 1020 c68 Service *********
2008-01-20 18:43:13:664 1020 c68 Agent * WU client version 7.0.6001.18000
2008-01-20 18:43:13:664 1020 c68 Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 18:43:13:757 1020 c68 Agent * Access type: No proxy
2008-01-20 18:43:13:882 1020 c68 Agent * Network state: Connected
2008-01-20 18:43:59:294 1020 c68 Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 18:43:59:294 1020 c68 Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 18:43:59:294 1020 c68 Agent * WSUS server: <NULL>
2008-01-20 18:43:59:294 1020 c68 Agent * WSUS status server: <NULL>
2008-01-20 18:43:59:294 1020 c68 Agent * Target group: (Unassigned Computers)
2008-01-20 18:43:59:294 1020 c68 Agent * Windows Update access disabled: No
2008-01-20 18:43:59:980 1020 c68 DnldMgr Download manager restoring 0 downloads
2008-01-20 18:43:59:996 1020 c68 AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 18:43:59:996 1020 c68 AU # AU is not configured yet
2008-01-20 18:43:59:996 1020 c68 AU # Accelerated install is required
2008-01-20 18:43:59:996 1020 c68 Agent Switching to hardware-verified ClientId.
2008-01-20 18:44:00:011 1020 c68 AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 18:44:00:011 1020 c68 AU AU finished delayed initialization
2008-01-20 18:44:00:432 1020 c68 Agent Created new random SusClientId 094b53e1-c720-49e0-a980-c96305561625. Old Id: 141777d7-ba61-4694-a226-971f69ea0ed8.
2008-01-20 18:44:00:432 1020 c68 Report *********** Report: Initializing static reporting data ***********
2008-01-20 18:44:00:432 1020 c68 Report * OS Version = 6.0.6001.1.0.66304
2008-01-20 18:44:00:432 1020 c68 Report * OS Product Type = 0x00000003
2008-01-20 18:44:00:526 1020 c68 Report * Computer Brand = Dell Computer Corporation
2008-01-20 18:44:00:526 1020 c68 Report * Computer Model = PowerEdge 2850
2008-01-20 18:44:00:573 1020 c68 Report * Bios Revision = A04
2008-01-20 18:44:00:573 1020 c68 Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 18:44:00:573 1020 c68 Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 18:44:00:573 1020 c68 Report * Locale ID = 1033
2008-01-20 18:44:00:604 1020 c68 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:44:15:689 1020 c68 AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2008-01-20 18:44:17:202 3272 cc4 Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:44:17:202 3272 cc4 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:44:17:202 3272 cc4 AUClnt Launched Client UI process
2008-01-20 18:44:17:405 3272 cc4 Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:44:17:405 3272 cc4 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:44:17:405 3272 cc4 Misc = Module: D:\Windows\system32\wucltux.dll
2008-01-20 18:44:17:405 3272 cc4 CltUI AU client got new directive = 'Opt-In', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0
2008-01-20 18:44:41:554 1020 c68 AU AU received handle event
2008-01-20 18:44:41:554 1020 c68 AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:44:45:204 1020 c68 AU AU initiates service shutdown
2008-01-20 18:44:45:204 1020 c68 AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 18:44:45:392 1020 c68 Service *********
2008-01-20 18:44:45:392 1020 c68 Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 18:44:45:392 1020 c68 Service *************
2008-01-20 18:50:05:901 1064 e6c Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:50:05:948 1064 e6c Misc = Process: D:\Windows\system32\svchost.exe
2008-01-20 18:50:06:026 1064 e6c Misc = Module: d:\windows\system32\wuaueng.dll
2008-01-20 18:50:05:901 1064 e6c Service *************
2008-01-20 18:50:06:120 1064 e6c Service ** START ** Service: Service startup
2008-01-20 18:50:06:213 1064 e6c Service *********
2008-01-20 18:50:06:479 1064 e6c Agent * WU client version 7.0.6001.18000
2008-01-20 18:50:06:494 1064 e6c Agent * Base directory: D:\Windows\SoftwareDistribution
2008-01-20 18:50:06:572 1064 e6c Agent * Access type: No proxy
2008-01-20 18:50:06:666 1064 e6c Agent * Network state: Connected
2008-01-20 18:50:51:828 1064 e6c Agent *********** Agent: Initializing Windows Update Agent ***********
2008-01-20 18:50:51:828 1064 e6c Agent *********** Agent: Initializing global settings cache ***********
2008-01-20 18:50:51:828 1064 e6c Agent * WSUS server: <NULL>
2008-01-20 18:50:51:828 1064 e6c Agent * WSUS status server: <NULL>
2008-01-20 18:50:51:828 1064 e6c Agent * Target group: (Unassigned Computers)
2008-01-20 18:50:51:828 1064 e6c Agent * Windows Update access disabled: No
2008-01-20 18:50:51:999 1064 e6c DnldMgr Download manager restoring 0 downloads
2008-01-20 18:50:51:999 1064 e6c AU ########### AU: Initializing Automatic Updates ###########
2008-01-20 18:50:51:999 1064 e6c AU # AU is not configured yet
2008-01-20 18:50:51:999 1064 e6c AU # Accelerated install is required
2008-01-20 18:50:51:999 1064 e6c AU AU is not configured yet, generating timeout to launch setup wizard
2008-01-20 18:50:51:999 1064 e6c AU AU finished delayed initialization
2008-01-20 18:50:52:062 1064 e6c Report *********** Report: Initializing static reporting data ***********
2008-01-20 18:50:52:077 1064 e6c Report * OS Version = 6.0.6001.1.0.66304
2008-01-20 18:50:52:077 1064 e6c Report * OS Product Type = 0x00000003
2008-01-20 18:50:52:109 1064 e6c Report * Computer Brand = Dell Computer Corporation
2008-01-20 18:50:52:109 1064 e6c Report * Computer Model = PowerEdge 2850
2008-01-20 18:50:52:109 1064 e6c Report * Bios Revision = A04
2008-01-20 18:50:52:109 1064 e6c Report * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A04
2008-01-20 18:50:52:109 1064 e6c Report * Bios Release Date = 2005-09-22T00:00:00
2008-01-20 18:50:52:109 1064 e6c Report * Locale ID = 1033
2008-01-20 18:50:52:124 1064 e6c AU AU setting pending client directive to 'Setup Wizard'
2008-01-20 18:51:07:147 1064 e6c AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2008-01-20 18:51:07:209 3228 af4 Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:51:07:209 3228 af4 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:51:07:194 3228 af4 AUClnt Launched Client UI process
2008-01-20 18:51:07:272 3228 af4 Misc =========== Logging initialized (build: 7.0.6001.18000, tz: -0800) ===========
2008-01-20 18:51:07:272 3228 af4 Misc = Process: D:\Windows\system32\wuauclt.exe
2008-01-20 18:51:07:272 3228 af4 Misc = Module: D:\Windows\system32\wucltux.dll
2008-01-20 18:51:07:272 3228 af4 CltUI AU client got new directive = 'Opt-In', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0
2008-01-20 18:58:24:555 1064 e6c AU ########### AU: Uninitializing Automatic Updates ###########
2008-01-20 18:58:24:555 3228 af4 CltUI AU client got new directive = 'None', serviceId = {00000000-0000-0000-0000-000000000000}, return = 80010108
2008-01-20 18:58:24:571 1064 e6c Service *********
2008-01-20 18:58:24:571 1064 e6c Service ** END ** Service: Service exit [Exit code = 0x240001]
2008-01-20 18:58:24:571 1064 e6c Service *************



Can anyone help me? I do believe my computer is infected with something. After my first reformat, I lost access to my "D" drive for a second time. I purchased this computer only 6-7 months ago and I want to be able to enjoy it...not to have to trash it. Please help me take the steps in getting rid of whatever I have. Thank you. Any help will be appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:34 PM

Posted 11 March 2009 - 10:47 PM

Hi and welcome. I guess the best place to start is with a scan log.
Please run MBAM:
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mgkidw0

mgkidw0
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 12 March 2009 - 08:40 AM

Thanks for your reply. Here are the MBAM results.

Malwarebytes' Anti-Malware 1.34
Database version: 1840
Windows 6.0.6001 Service Pack 1

3/12/2009 9:04:27 AM
mbam-log-2009-03-12 (09-04-27).txt

Scan type: Quick Scan
Objects scanned: 51165
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I guess I should also say that I have been seeing with this "weirdness" on both my computers in the task managers, spoolsv.exe is always running and even when I end it, it always pops immediately back up. Of course, I wish I would have posted before I reformatted this computer, because it is not truly showing anything in the processes.

I don't have much knowledge when it comes to computers, but this is kinda what I have seen before I reformatted this last time. Whatever this computer has, copies Windows files and hides itself as legit Windows files, so that it can't be found by scans. I did have Antivirus 2009 pop up on this computer but it was completely cleaned from it by AVG (or so I thought) about 5 months ago. Since then, I have tried and doesn't find anything. I lost access to my partitioned "D" drive. It actually changed the name of my "D" drive to "ACCESS DENIED". I could not access it even in safe mode or anything. I attempted everything that I knew to do; once I reformatted, I found several text logs that showed that Windows files were being copied to the "D" drive.

I also find many text logs where something downloads and "installs on reboot" and stuff like that. These logs are logging all the time and "are being used by used by another program/user and can't be deleted". I do not believe this is the Windows Update stuff.

I know this doesn't make much sense and I wish I could explain this better or I wish I had these logs still. I just know my computer has something and I want to get rid of whatever it has and I hope you all can sure help me.

Edited by mgkidw0, 12 March 2009 - 08:47 AM.


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:34 PM

Posted 12 March 2009 - 09:40 AM

Are you reloading and formating from the hard drive or by booting to a cd from the factory?

If you burned cd's for reloading did you do it after your last infection?
Chewy

No. Try not. Do... or do not. There is no try.

#5 mgkidw0

mgkidw0
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 12 March 2009 - 06:45 PM

Hi. Thanks for the reply. I am reformatting the hard drive by booting from the CD from the factory. It is the CD that came with the Gateway computer for reformatting and such.

I put the CD in when the computer is on. Then I restart the computer. When I see the prompt to press any key to boot from the CD, I do and it does go ahead and boot from the CD.

Thanks and I do appreciate your replies and anybody else that can help me.


#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:34 PM

Posted 12 March 2009 - 07:30 PM

Would you run a full scan of all drives except cd/dvd with MBAM?
Chewy

No. Try not. Do... or do not. There is no try.

#7 mgkidw0

mgkidw0
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 13 March 2009 - 05:35 AM

Malwarebytes' Anti-Malware 1.34
Database version: 1840
Windows 6.0.6001 Service Pack 1

3/13/2009 6:33:54 AM
mbam-log-2009-03-13 (06-33-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124763
Time elapsed: 1 hour(s), 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 mgkidw0

mgkidw0
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 15 March 2009 - 12:08 PM

I have been doing such searching around on the internet. I don't know for sure, but I have found something called Dimpy.Win32VBsy that sounds very, very similar to what my computer is doing. It also seems as though the same processes are running all the time:

spoolsv.exe
winlogon.exe (which doesn't show the user name nor the description in the task manager)
csrss.exe (which doesn't show the user name nor the description in the task manager either)
wuauclt.exe
svchost.exe (usually more than 6 of these processes)
jusched.exe

I know these are legit Windows files, but these along with a few others were ones that were copied to the "D" drive before I reformatted this last time.

Could this virus that I stated above be what I have? I only found information about it and no removable tool. It states that it is very difficult to detect since this virus copies itself as Windows files. I have tried and tried to explain this problem and reformatted these two computers two different times, but it hasn't helped. I do believe it is nfecting each computer (we have a total of 3) over our network. If this virus is what we have, it states it is "SEVERE" in category. I have searched and searched to try to find exactly what describes our situation the best, but I have difficulty with that since I am not real techy.

I have included my Avira Scan log...it returned with over 100 warnings. It is a large text file, but I would like someone to see if they can see anything in the files. There are alot of files in this log that states they were "denied access" or "they could not be opened".

I just don't know what to do. I am so desperate. I sure hope someone can help.

I have the log and don't know how to attach it to this reply. If anyone can help me out with this, let me know. I did it on the first posting, but don't see how on this "reply". I am probably overlooking it. It is way too long to post in this as part of the forum, so that is why I want to post it as an attachment.

Anyway...please help!


#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:34 PM

Posted 15 March 2009 - 12:31 PM

http://www.free-av.com/en/products/12/avir...cue_system.html

Why not use this linux boot cd to scan for virii?

Many files cannot be opened for scanning, that's normal

Edited by DaChew, 15 March 2009 - 12:31 PM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users