Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox won't run and Windows Updates won't install.


  • This topic is locked This topic is locked
26 replies to this topic

#1 leobacko

leobacko

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 16 November 2009 - 06:44 PM

It's been over a week now. My Windows Updates don't want to install, and I just can't make a connection with firefox.

I had posted this in the Malware thread section and was told to repost here with my HijackThis report.

Here is the link of my original post, and the things that have been done so far. Nothing was found, but i'm sure there is something there.
http://www.bleepingcomputer.com/forums/top...ml#entry1500983

Let's hope this report can shed some light.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:26 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0070126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0070126
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://iportal.safeway.com/dana-cached/set...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://photos-864.ll.facebook.com/photos-l...509632_7080.jpg

--
End of file - 7834 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 24 November 2009 - 04:50 PM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • GMER log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 26 November 2009 - 08:27 AM

Since I last posted this thread, I was able to solve the firefox issue. I just did a fresh reinstall of Firefox and it seemed to fix my problem. Maybe it was just a registry issue?

As for the Windows Updates, they still are not installing. They are about 1-2 months behind at this point. When I run Windows Update either from my PC or directly from the Microsoft site, the update runs right through to the end and looks like it is installing, but when it's complete it shows the list and says that all the updates have "NOT" been installed. I really can't figure out why.

So as per your request, here are the dds and gmer logs. I also attached the DDS_Attach file.

Thanks in advance for the help.


DDS (Ver_09-11-24.02) - NTFSx86
Run by Backo at 22:18:58.95 on Wed 11/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1398 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Backo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0070126
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\backo\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://iportal.safeway.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\backo\applic~1\mozilla\firefox\profiles\ubjda5bi.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_550_12491;Juniper Networks TDI Filter Driver (NEOFLTR_550_12491);c:\windows\system32\drivers\NEOFLTR_550_12491.sys [2007-12-26 64144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2005-8-16 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]

=============== Created Last 30 ================

2009-11-25 01:11:56 0 d-----w- c:\program files\MozBackup
2009-11-15 01:18:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-15 01:17:47 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-15 01:17:47 0 d-----w- c:\docume~1\backo\applic~1\SUPERAntiSpyware.com
2009-11-15 01:17:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-14 00:29:40 0 d-sh--w- c:\documents and settings\backo\IECompatCache
2009-11-13 22:06:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 22:06:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 22:06:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 16:36:27 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-11-13 16:20:36 0 d--h--w- c:\windows\system32\GroupPolicy
2009-11-13 05:01:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-11-13 00:29:59 0 d-----w- c:\program files\Trend Micro
2009-11-07 23:46:46 0 d-----w- c:\windows\system32\CatRoot2
2009-11-07 22:59:36 0 d-----w- c:\docume~1\backo\applic~1\Malwarebytes
2009-11-07 22:59:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-07 22:25:18 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-11-26 04:17:48 342008608 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-25 01:14:04 4575260 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-13 19:21:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-22 02:05:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-22 02:05:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2007-02-06 01:07:06 251 ----a-w- c:\program files\wt3d.ini
2007-07-04 00:29:29 88 --sh--r- c:\windows\system32\C7009A9F97.sys
2007-07-04 00:29:40 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:22:49.28 ===============







GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-26 07:16:26
Windows 5.1.2600 Service Pack 3
Running: bcur7ft2.exe; Driver: C:\DOCUME~1\Backo\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9EBD7FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0x9EBD4C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0x9EBEF170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9EBD8580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x9EBEC900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x9EBECB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9EBF0B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9EBD8670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x9EBD5210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x9EBEF9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x9EBEF7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9EBEC280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0x9EBD18C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0x9EBEFF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9EBEFF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x9EBF0D90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0x9EBD5070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x9EBEE180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0x9EBEDF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0x9EBF06F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9EBF0150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9EBD7BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x9EBF0540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x9EBD8190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x9EBD5440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0x9EBD16A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x9EBEF4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9EBED200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x9EBED080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0x9EBD1AF0]

INT 0x20 srescan.sys B9D33C90

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [80, 85, BD, 9E, 00, C9, BE, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [C0, 18, BD, 9E, 10, FF, BE, ...] {RCR BYTE [EAX], 0xbd; SAHF ; ADC BH, BH; MOV ESI, 0xbeff909e; SAHF }
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1520] ntdll.dll!KiFastSystemCall + 2 7C90E512 2 Bytes [CD, 20] {INT 0x20}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [9EBDAE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [9EBDAE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [9EBDAE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [9EBDAE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [9EBDCB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [9EBDAE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [9EBDD260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [9EBDC930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_12491.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_12491.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_12491.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_12491.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat 9621FD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 26 November 2009 - 09:01 AM

Hello leobacko,

P2P WARNING
-------------------
Going over your logs I noticed that you have Azureus Vuze installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Azureus Vuze, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    Posted Image

    Posted Image
  • Click on go
  • Exit/Close Dial-A-Fix
Let me know if windows update now works.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 26 November 2009 - 08:51 PM

So I ran Dial-a-fix. I got an error right at the begining saying it couldn't determine the version of IE. I'm currently running IE 8. And then a bunch of pop-up issues regarding unregisterable or corrupt dll's kept coming up, which I would just press the OK button to each.

Here is the log. Hope you can solve something with this. I'm really hoping I won't need a new OS Install. I really appreciate all the help thus far!

7:38:57 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-OEM
CPU: Intel® Core™2 CPU 6400 @ 2.13GHz (~2133MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 3/30/2007
Memory (approx): 2045MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\Backo\Desktop\Dial-a-fix-v0.60.0.24
---

11/26/2009 7:38:57 PM -- Dial-a-fix : [v0.60.0.24] -- started
7:38:57 PM | Policy scan started
7:38:57 PM | Policy scan ended - no restrictive policies were found
--- MSI ---
7:39:05 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
7:39:10 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
7:39:10 PM | Registered: C:\WINDOWS\system32\msxml.dll
7:39:11 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
7:39:11 PM | Registered: C:\WINDOWS\system32\msxml2.dll
7:39:16 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
7:39:17 PM | Registered: C:\WINDOWS\system32\msxml3.dll
7:39:17 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
7:39:17 PM | Registered: C:\WINDOWS\system32\msxml4.dll
7:39:17 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\qmgr.dll
7:39:18 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
7:39:18 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\muweb.dll
7:39:18 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\winhttp.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\wuapi.dll
7:39:18 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
7:39:18 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
7:39:18 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
7:39:19 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
7:39:19 PM | Registered: C:\WINDOWS\system32\wucltui.dll
7:39:19 PM | Unregistered: C:\WINDOWS\system32\wups.dll
7:39:19 PM | Registered: C:\WINDOWS\system32\wups.dll
7:39:19 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
7:39:19 PM | Registered: C:\WINDOWS\system32\wups2.dll
7:39:19 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
7:39:19 PM | Registered: C:\WINDOWS\system32\wuweb.dll
7:39:19 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
7:39:32 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
7:39:36 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
7:39:36 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
7:39:36 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
7:39:36 PM | Registered: C:\WINDOWS\system32\cryptui.dll
7:39:36 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
7:39:36 PM | Registered: C:\WINDOWS\system32\cryptext.dll
7:39:36 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
7:39:36 PM | Registered: C:\WINDOWS\system32\dssenh.dll
7:39:36 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
7:39:36 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
7:39:37 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
7:40:16 PM | Registered: C:\WINDOWS\system32\initpki.dll
7:40:16 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
7:40:16 PM | Registered: C:\WINDOWS\system32\licdll.dll
7:40:17 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
7:40:17 PM | Registered: C:\WINDOWS\system32\mssign32.dll
7:40:17 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
7:40:17 PM | Registered: C:\WINDOWS\system32\mssip32.dll
7:40:17 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
7:40:17 PM | Registered: C:\WINDOWS\system32\scardssp.dll
7:40:17 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
7:40:17 PM | Registered: C:\WINDOWS\system32\sccbase.dll
7:40:17 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
7:40:18 PM | Registered: C:\WINDOWS\system32\scecli.dll
7:40:18 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
7:40:18 PM | Registered: C:\WINDOWS\system32\softpub.dll
7:40:20 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
7:40:20 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
7:40:20 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
7:40:21 PM | Registered: C:\WINDOWS\system32\regwizc.dll
7:40:21 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
7:40:21 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
7:40:21 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
7:40:21 PM | Registered: C:\WINDOWS\system32\winhttp.dll
7:40:21 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
7:40:21 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
7:40:21 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
7:40:22 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
7:40:22 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
7:40:22 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
7:40:22 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
7:40:22 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
7:40:22 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
7:40:22 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
7:40:25 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
7:40:25 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
7:40:25 PM | Registered: C:\WINDOWS\system32\tdc.ocx
7:40:25 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
7:40:25 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
7:40:25 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
7:40:25 PM | Registered: C:\WINDOWS\system32\appwiz.cpl
7:40:25 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
7:40:25 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
7:40:25 PM | Registered: C:\WINDOWS\system32\quartz.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\danim.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\dmscript.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
7:40:26 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
7:40:27 PM | Registered: C:\WINDOWS\system32\atl.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\corpol.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\jscript.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\dispex.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\scrrun.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\scrobj.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\vbscript.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
7:40:27 PM | Registered: C:\WINDOWS\system32\activeds.dll
7:40:27 PM | Registered: C:\WINDOWS\system32\audiodev.dll
7:40:28 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\browseui.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\browsewm.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\cabview.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\cdfview.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
7:40:28 PM | Registered: C:\WINDOWS\system32\comcat.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\cscui.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\credui.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\datime.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\devmgr.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dmloader.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dmocx.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dmview.ocx
7:40:29 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
7:40:29 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dsquery.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\els.dll
7:40:29 PM | Registered: C:\WINDOWS\system32\es.dll
7:40:30 PM | Registered: C:\WINDOWS\system32\fontext.dll
7:40:30 PM | Registered: C:\WINDOWS\system32\hlink.dll
7:40:30 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
7:40:30 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
7:40:30 PM | Registered: C:\WINDOWS\system32\iepeers.dll
7:40:30 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:41:55 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
7:41:58 PM | Registered: C:\WINDOWS\system32\ils.dll
7:41:58 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:42:13 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
7:42:13 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
7:42:13 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:42:24 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
7:42:50 PM | Registered: C:\WINDOWS\system32\laprxy.dll
7:42:50 PM | Registered: C:\WINDOWS\system32\lmrt.dll
7:42:50 PM | Registered: C:\WINDOWS\system32\mlang.dll
7:42:50 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
7:42:50 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
7:42:50 PM | Registered: C:\WINDOWS\system32\mscoree.dll
7:42:51 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:43:04 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
7:43:14 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
7:43:15 PM | Registered: C:\WINDOWS\system32\msieftp.dll
7:43:15 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
7:43:15 PM | Registered: C:\WINDOWS\system32\msr2c.dll
7:43:15 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:43:24 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
7:43:24 PM | Registered: C:\WINDOWS\system32\mydocs.dll
7:43:24 PM | Registered: C:\WINDOWS\system32\mstime.dll
7:43:24 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
7:43:24 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
7:43:24 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
7:43:25 PM | Registered: C:\WINDOWS\system32\netman.dll
7:43:25 PM | Registered: C:\WINDOWS\system32\netshell.dll
7:43:25 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
7:43:25 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
7:43:25 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
7:43:25 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
7:43:25 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:43:36 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
7:43:46 PM | Registered: C:\WINDOWS\system32\ole32.dll
7:43:46 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
7:43:46 PM | Registered: C:\WINDOWS\system32\oleacc.dll
7:43:46 PM | Registered: C:\WINDOWS\system32\olepro32.dll
7:43:46 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
7:43:46 PM | Registered: C:\WINDOWS\system32\photowiz.dll
7:43:46 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:43:57 PM | Registered: C:\WINDOWS\system32\remotepg.dll
7:43:57 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
7:43:57 PM | Registered: C:\WINDOWS\system32\rshx32.dll
7:43:57 PM | Registered: C:\WINDOWS\system32\sendmail.dll
7:43:57 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
7:43:58 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
7:43:58 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
7:43:58 PM | Registered: C:\WINDOWS\system32\shell32.dll
7:44:00 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
7:44:00 PM | Registered: C:\WINDOWS\system32\shmedia.dll
7:44:00 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
7:44:00 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
7:44:00 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
7:44:00 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
7:44:00 PM | Registered: C:\WINDOWS\system32\srclient.dll
7:44:00 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
7:44:00 PM | Registered: C:\WINDOWS\system32\stobject.dll
7:44:00 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll
7:44:01 PM | Registered: C:\WINDOWS\system32\themeui.dll
7:44:01 PM | Registered: C:\WINDOWS\system32\twext.dll
7:44:01 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
7:44:01 PM | Registered: C:\WINDOWS\system32\urlmon.dll
7:44:01 PM | Registered: C:\WINDOWS\system32\userenv.dll
7:44:01 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
7:44:11 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
7:44:30 PM | Registered: C:\WINDOWS\system32\webvw.dll
7:44:30 PM | Registered: C:\WINDOWS\system32\winhttp.dll
7:44:30 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
7:44:30 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
7:44:30 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
7:44:30 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
7:44:30 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
7:44:31 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
7:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
7:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
7:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
7:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
7:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 27 November 2009 - 04:31 AM

So I ran Dial-a-fix. I got an error right at the begining saying it couldn't determine the version of IE. I'm currently running IE 8. And then a bunch of pop-up issues regarding unregisterable or corrupt dll's kept coming up, which I would just press the OK button to each.


This is pretty normal. I should have notified you about the Internet Explorer error, because this is a pretty old tool, it doesn't recognize anything newer than IE6.

Are you able to complete windows updates now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 November 2009 - 07:31 AM

No, I still have a bunch of Windows Updates that don't want to install. Mostly XP patches, Security Patches, and IE8 patches.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 27 November 2009 - 08:45 AM

Hello leobacko,

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 November 2009 - 12:18 PM

Here you go!
Thanks for the help. I guess i won't try the updates untill you tell me too!

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 27 November 2009 - 01:42 PM

Hello leobacko,

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply, please include the following:
  • ESET online scan results

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 November 2009 - 11:41 PM

Ok, I installed the latest JRE, and uninstalled all the older versions.

Ran TFC.

Then Ran ESET, but it didn't find anything, so no report was made.

Is it safe for me to try the updates again?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 28 November 2009 - 06:20 AM

Please try to update and let me know what happens. Also, if they fail again, try to find on the windows update site an error message of some kind (it should be in Update history).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 30 November 2009 - 11:56 AM

Sorry this took a while.
Well, after all of this I tried the updates again and got the same outcome. Tried running them directly from the site too, and no luck.

From the update history, here is a screenshot of the list of the updates that refuse to install. Now the bigger problem is when I want to check what is causing the error, by clicking on the red X in the list, nothing happens. I doubt it's a problem on Microsoft's site, so there must be something preventing it from my machine.

Any other ideas.

Attached Files



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 30 November 2009 - 12:21 PM

Please open c:\windows\windowsupdate.log

This will most likely be a big file, so no need to post it all, just post a part of it containing the most actual data, so I can see what errors are there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 leobacko

leobacko
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 30 November 2009 - 07:38 PM

Here are the most recent items in the log. Looks like the error is "WARNING: Install failed, error = 0x80070005 / 0x80070005"

Hope you can find something.

2009-11-24 19:00:37:780 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:00:37:780 1220 a38 Agent * Title = Update for Windows XP (KB973687)
2009-11-24 19:00:37:780 1220 a38 Agent * UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100
2009-11-24 19:00:37:780 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:00:37:780 1220 a38 Agent * {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:00:37:780 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:00:37:780 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:00:37:780 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100] ***********
2009-11-24 19:00:37:780 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:00:37:780 1220 a38 DnldMgr Generating download request for update {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:00:38:077 1220 a38 Handler Windows Patch download for UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}: selected action is download full-file.
2009-11-24 19:00:38:077 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100] ***********
2009-11-24 19:00:38:155 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:00:38:155 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}, succeeded]
2009-11-24 19:00:38:155 1220 a38 Agent *********
2009-11-24 19:00:38:155 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:38:155 1220 a38 Agent *************
2009-11-24 19:00:38:155 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:00:38:155 1220 a38 DnldMgr *************
2009-11-24 19:00:38:155 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:38:155 1220 a38 DnldMgr *********
2009-11-24 19:00:38:155 1220 a38 DnldMgr * Call ID = {6DBDB5AF-33F4-459C-A70B-EF98A035C140}
2009-11-24 19:00:38:155 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:00:38:155 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:00:38:155 1220 a38 Agent * Title = Windows Malicious Software Removal Tool - November 2009 (KB890830)
2009-11-24 19:00:38:155 1220 a38 Agent * UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100
2009-11-24 19:00:38:155 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:00:38:155 1220 a38 Agent * {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100
2009-11-24 19:00:38:187 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:00:38:187 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:00:38:187 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100] ***********
2009-11-24 19:00:38:358 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:00:38:358 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}, succeeded]
2009-11-24 19:00:38:358 1220 a38 Agent *********
2009-11-24 19:00:38:358 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:38:358 1220 a38 Agent *************
2009-11-24 19:00:38:358 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:00:38:358 1220 a38 DnldMgr *************
2009-11-24 19:00:38:358 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:38:358 1220 a38 DnldMgr *********
2009-11-24 19:00:38:358 1220 a38 DnldMgr * Call ID = {8DE72C19-301A-4306-B2D1-D333E4E4B2A2}
2009-11-24 19:00:38:358 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:00:38:358 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:00:38:358 1220 a38 Agent * Title = Update for Windows XP (KB976098)
2009-11-24 19:00:38:358 1220 a38 Agent * UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101
2009-11-24 19:00:38:358 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:00:38:358 1220 a38 Agent * {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:00:38:358 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:00:38:358 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:00:38:374 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101] ***********
2009-11-24 19:00:38:374 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:00:38:374 1220 a38 DnldMgr Generating download request for update {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:00:38:499 1220 a38 Handler Windows Patch download for UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}: selected action is download full-file.
2009-11-24 19:00:38:499 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101] ***********
2009-11-24 19:00:38:546 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:00:38:546 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}, succeeded]
2009-11-24 19:00:38:546 1220 a38 Agent *********
2009-11-24 19:00:38:546 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:38:546 1220 27c AU #########
2009-11-24 19:00:38:546 1220 a38 Agent *************
2009-11-24 19:00:38:546 1220 27c AU ## END ## AU: Download updates
2009-11-24 19:00:38:546 1220 27c AU #############
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {1FDA44A1-84C2-4203-88EC-94804CA85E8D} 2009-11-24 19:00:33:530-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947)
2009-11-24 19:00:38:546 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {3381A587-9AAF-4A3C-8199-678958BE5308} 2009-11-24 19:00:33:999-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
2009-11-24 19:00:38:546 1220 27c AU AU setting pending client directive to 'Install Approval'
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {9AE8E673-C8CC-4AC1-9287-3A796457D92A} 2009-11-24 19:00:34:124-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {2CDA414D-76B7-4055-A5B6-DF6BBD861B60} 2009-11-24 19:00:36:358-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748)
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {FBCA7F47-64AA-4530-9BB4-2FCB0F450E46} 2009-11-24 19:00:36:733-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {A3B1C23A-EFD5-4E96-825E-3F858D36AFEA} 2009-11-24 19:00:37:312-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749)
2009-11-24 19:00:38:546 1220 a38 Report REPORT EVENT: {6DD1DEE8-65A9-47F9-B1FB-4346405CC2AE} 2009-11-24 19:00:38:155-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687)
2009-11-24 19:00:42:155 1220 52c AU Launched new AU client for directive 'Install Approval', session id = 0x0
2009-11-24 19:00:42:187 4008 f18 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:00:42:187 4008 f18 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-11-24 19:00:42:187 4008 f18 AUClnt Launched Client UI process
2009-11-24 19:00:42:249 4008 f18 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:00:42:249 4008 f18 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-11-24 19:00:42:249 4008 f18 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2009-11-24 19:00:42:249 4008 f18 CltUI AU client got new directive = 'Install Approval', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0x00000000
2009-11-24 19:00:42:249 4008 f18 CltUI AU client creating default WU/WSUS UI plugin
2009-11-24 19:00:43:358 1220 a38 Report REPORT EVENT: {716E06B9-26A8-4963-943B-876258155726} 2009-11-24 19:00:38:358-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687) - Windows Malicious Software Removal Tool - November 2009 (KB890830)
2009-11-24 19:00:43:358 1220 a38 Report REPORT EVENT: {3EF5F34E-4E47-47C4-A4E0-9696ACF3EE84} 2009-11-24 19:00:38:546-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687) - Windows Malicious Software Removal Tool - November 2009 (KB890830) - Update for Windows XP (KB976098)
2009-11-24 19:00:58:296 1220 644 AU AU received install approval from client for 9 updates
2009-11-24 19:00:58:296 1220 644 AU #############
2009-11-24 19:00:58:296 1220 644 AU ## START ## AU: Install updates
2009-11-24 19:00:58:296 1220 644 AU #########
2009-11-24 19:00:58:296 1220 644 AU # Initiating manual install
2009-11-24 19:00:58:296 1220 644 AU # Approved updates = 9
2009-11-24 19:00:58:296 1220 644 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {4852CE15-94A1-4908-A890-45145CE65CD7}]
2009-11-24 19:00:58:296 1220 488 Agent *************
2009-11-24 19:00:58:296 1220 488 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-24 19:00:58:296 1220 488 Agent *********
2009-11-24 19:00:58:296 1220 488 Agent * Updates to install = 9
2009-11-24 19:00:58:296 1220 488 Agent * Title = Security Update for Windows XP (KB969947)
2009-11-24 19:00:58:296 1220 488 Agent * UpdateId = {54173D00-6670-4E5C-A601-70AE316AA295}.101
2009-11-24 19:00:58:296 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:296 1220 488 Agent * {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101
2009-11-24 19:00:58:296 1220 488 Agent * Title = Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
2009-11-24 19:00:58:296 1220 488 Agent * UpdateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}.103
2009-11-24 19:00:58:296 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:296 1220 488 Agent * {FA442F0C-0774-4233-B500-89C5BB84B630}.103
2009-11-24 19:00:58:296 1220 488 Agent * Title = Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}.100
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {3E02BE6E-46DB-4105-83F5-4F0A44A04ADD}.100
2009-11-24 19:00:58:312 1220 488 Agent * Title = Security Update for Windows XP (KB951748)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}.109
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101
2009-11-24 19:00:58:312 1220 488 Agent * Title = Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}.100
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {3A769F99-AF69-4268-B78D-D6DFB38AE573}.100
2009-11-24 19:00:58:312 1220 488 Agent * Title = Update for Internet Explorer 8 for Windows XP (KB976749)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}.105
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {8D8362D1-57AB-4170-B090-2280C0BE5674}.105
2009-11-24 19:00:58:312 1220 488 Agent * Title = Update for Windows XP (KB973687)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:00:58:312 1220 488 Agent * Title = Windows Malicious Software Removal Tool - November 2009 (KB890830)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100
2009-11-24 19:00:58:312 1220 488 Agent * Title = Update for Windows XP (KB976098)
2009-11-24 19:00:58:312 1220 488 Agent * UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101
2009-11-24 19:00:58:312 1220 488 Agent * Bundles 1 updates:
2009-11-24 19:00:58:312 1220 488 Agent * {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:01:00:437 1220 488 Handler Attempting to create remote handler process as LEO\Backo in session 0
2009-11-24 19:01:00:640 1220 488 DnldMgr Preparing update for install, updateId = {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101.
2009-11-24 19:01:00:640 1064 7ac Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:01:00:640 1064 7ac Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-11-24 19:01:00:640 1064 7ac Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2009-11-24 19:01:00:640 1064 7ac Handler :::::::::::::
2009-11-24 19:01:00:640 1064 7ac Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:00:640 1064 7ac Handler :::::::::
2009-11-24 19:01:00:640 1064 7ac Handler : Updates to install = 1
2009-11-24 19:01:00:640 1064 7ac Handler : Installing update {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101
2009-11-24 19:01:00:640 1064 7a8 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7.
2009-11-24 19:01:00:655 1064 7a8 Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q -z -er /ParentInfo:5b5a55c21f4c5d45b5d1a1d8f3f9b3cd") failed (5)
2009-11-24 19:01:00:655 1064 7a8 Handler Install completed with 0x80070005.
2009-11-24 19:01:00:655 1064 7ac Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:00:655 1064 7ac Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:00:655 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {54173D00-6670-4E5C-A601-70AE316AA295}]
2009-11-24 19:01:00:655 1064 7ac Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:00:655 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:00:655 1064 7ac Handler :::::::::
2009-11-24 19:01:00:655 1064 7ac Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:00:655 1064 7ac Handler :::::::::::::
2009-11-24 19:01:00:687 1220 488 DnldMgr Preparing update for install, updateId = {FA442F0C-0774-4233-B500-89C5BB84B630}.103.
2009-11-24 19:01:00:687 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:00:687 1064 fb0 Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:00:687 1064 fb0 Handler :::::::::
2009-11-24 19:01:00:687 1064 fb0 Handler : Updates to install = 1
2009-11-24 19:01:00:687 1064 fb0 Handler : Installing update {FA442F0C-0774-4233-B500-89C5BB84B630}.103
2009-11-24 19:01:00:687 1064 508 Handler Installing with parameters=-q /Z, sandbox=C:\WINDOWS\SoftwareDistribution\Download\3f96ee4455d36a14b252a0ddc35e56eb.
2009-11-24 19:01:00:702 1064 508 Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q /Z /ParentInfo:5a6757cf1b232f4296c5e18aae34f42a") failed (5)
2009-11-24 19:01:00:702 1064 508 Handler Install completed with 0x80070005.
2009-11-24 19:01:00:702 1064 fb0 Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:00:702 1064 fb0 Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:00:702 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}]
2009-11-24 19:01:00:702 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:00:702 1064 fb0 Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:00:718 1064 fb0 Handler :::::::::
2009-11-24 19:01:00:718 1064 fb0 Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:00:718 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:00:718 1220 488 DnldMgr Preparing update for install, updateId = {3E02BE6E-46DB-4105-83F5-4F0A44A04ADD}.100.
2009-11-24 19:01:00:999 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:00:999 1064 fb0 Handler :: START :: Handler: Command Line Install
2009-11-24 19:01:00:999 1064 fb0 Handler :::::::::
2009-11-24 19:01:00:999 1064 fb0 Handler : Updates to install = 1
2009-11-24 19:01:01:155 1064 fb0 Handler : WARNING: Exit code = 0x80070005
2009-11-24 19:01:01:155 1064 fb0 Handler :::::::::
2009-11-24 19:01:01:155 1064 fb0 Handler :: END :: Handler: Command Line Install
2009-11-24 19:01:01:171 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:01:171 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}]
2009-11-24 19:01:01:171 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:01:171 1220 488 DnldMgr Preparing update for install, updateId = {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101.
2009-11-24 19:01:01:171 1064 7ac Handler :::::::::::::
2009-11-24 19:01:01:171 1064 7ac Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:01:171 1064 7ac Handler :::::::::
2009-11-24 19:01:01:171 1064 7ac Handler : Updates to install = 1
2009-11-24 19:01:01:171 1064 7ac Handler : Installing update {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101
2009-11-24 19:01:01:187 1064 840 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a.
2009-11-24 19:01:01:202 1064 840 Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q -z -er /ParentInfo:4687df7a0e017445b0ce644ccdddd38f") failed (5)
2009-11-24 19:01:01:202 1064 840 Handler Install completed with 0x80070005.
2009-11-24 19:01:01:202 1064 7ac Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:01:202 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}]
2009-11-24 19:01:01:202 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:01:202 1064 7ac Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:01:202 1064 7ac Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:01:202 1064 7ac Handler :::::::::
2009-11-24 19:01:01:202 1064 7ac Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:01:202 1064 7ac Handler :::::::::::::
2009-11-24 19:01:01:202 1220 488 DnldMgr Preparing update for install, updateId = {3A769F99-AF69-4268-B78D-D6DFB38AE573}.100.
2009-11-24 19:01:01:733 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:01:733 1064 fb0 Handler :: START :: Handler: Command Line Install
2009-11-24 19:01:01:733 1064 fb0 Handler :::::::::
2009-11-24 19:01:01:733 1064 fb0 Handler : Updates to install = 1
2009-11-24 19:01:02:312 1064 fb0 Handler : WARNING: Exit code = 0x80070005
2009-11-24 19:01:02:312 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}]
2009-11-24 19:01:02:312 1064 fb0 Handler :::::::::
2009-11-24 19:01:02:312 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:02:312 1064 fb0 Handler :: END :: Handler: Command Line Install
2009-11-24 19:01:02:312 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:02:312 1220 a38 Report REPORT EVENT: {F60DE2B2-414C-48EC-A9BC-7380242637A8} 2009-11-24 19:01:00:655-0600 1 182 101 {54173D00-6670-4E5C-A601-70AE316AA295} 101 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows XP (KB969947).
2009-11-24 19:01:02:312 1220 488 DnldMgr WARNING: Preparing update for install, updateId = {8D8362D1-57AB-4170-B090-2280C0BE5674}.105 (using payload from revision 103).
2009-11-24 19:01:02:312 1220 a38 Report REPORT EVENT: {7FE58EF7-BCC7-4D0A-A65D-6E4E74032C03} 2009-11-24 19:01:00:718-0600 1 182 101 {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD} 103 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295).
2009-11-24 19:01:02:312 1220 a38 Report REPORT EVENT: {505EB646-E703-4E9A-B11D-C2EC602358AB} 2009-11-24 19:01:01:171-0600 1 182 101 {4EB6F812-F2AE-43EF-9FE0-11ED711339BB} 100 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).
2009-11-24 19:01:02:312 1220 a38 Report REPORT EVENT: {D12A11FB-F5BE-4BE5-804A-FE0387B2C4DA} 2009-11-24 19:01:01:202-0600 1 182 101 {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E} 109 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows XP (KB951748).
2009-11-24 19:01:02:312 1220 a38 Report REPORT EVENT: {41637B6D-12C8-4378-A60E-71C232424A46} 2009-11-24 19:01:02:312-0600 1 182 101 {A72E5A3C-38CC-4976-8E17-92D9D043BEDF} 100 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
2009-11-24 19:01:02:312 1064 7ac Handler :::::::::::::
2009-11-24 19:01:02:327 1064 7ac Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:02:327 1064 7ac Handler :::::::::
2009-11-24 19:01:02:327 1064 7ac Handler : Updates to install = 1
2009-11-24 19:01:02:327 1064 7ac Handler : Installing update {8D8362D1-57AB-4170-B090-2280C0BE5674}.105
2009-11-24 19:01:02:327 1064 758 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\8f999a6add48b449a8ea8c09fb44cb0c.
2009-11-24 19:01:02:343 1064 758 Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q -z -er /ParentInfo:d6a29db54171a247a5db9bb0a2571d56") failed (5)
2009-11-24 19:01:02:343 1064 758 Handler Install completed with 0x80070005.
2009-11-24 19:01:02:343 1064 7ac Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:02:343 1064 7ac Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:02:343 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}]
2009-11-24 19:01:02:343 1064 7ac Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:02:343 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:02:343 1064 7ac Handler :::::::::
2009-11-24 19:01:02:343 1064 7ac Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:02:343 1064 7ac Handler :::::::::::::
2009-11-24 19:01:02:343 1220 488 DnldMgr Preparing update for install, updateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100.
2009-11-24 19:01:02:343 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:02:343 1064 fb0 Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:02:343 1064 fb0 Handler :::::::::
2009-11-24 19:01:02:343 1064 fb0 Handler : Updates to install = 1
2009-11-24 19:01:02:343 1064 fb0 Handler : Installing update {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:01:02:343 1064 144 Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f.
2009-11-24 19:01:02:358 1064 144 Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q -z -er /ParentInfo:70697bf5142fea4da541a31de3ca97f5") failed (5)
2009-11-24 19:01:02:358 1064 144 Handler Install completed with 0x80070005.
2009-11-24 19:01:02:358 1064 fb0 Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:02:374 1064 fb0 Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:02:374 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}]
2009-11-24 19:01:02:374 1064 fb0 Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:02:374 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:02:374 1064 fb0 Handler :::::::::
2009-11-24 19:01:02:374 1064 fb0 Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:02:374 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:02:421 1220 488 DnldMgr Preparing update for install, updateId = {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100.
2009-11-24 19:01:03:468 1064 7ac Handler :::::::::::::
2009-11-24 19:01:03:468 1064 7ac Handler :: START :: Handler: Command Line Install
2009-11-24 19:01:03:468 1064 7ac Handler :::::::::
2009-11-24 19:01:03:468 1064 7ac Handler : Updates to install = 1
2009-11-24 19:01:03:812 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}]
2009-11-24 19:01:03:812 1064 7ac Handler : WARNING: Exit code = 0x80070005
2009-11-24 19:01:03:812 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:03:812 1064 7ac Handler :::::::::
2009-11-24 19:01:03:812 1064 7ac Handler :: END :: Handler: Command Line Install
2009-11-24 19:01:03:812 1064 7ac Handler :::::::::::::
2009-11-24 19:01:03:858 1220 488 DnldMgr Preparing update for install, updateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101.
2009-11-24 19:01:03:858 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:03:858 1064 fb0 Handler :: START :: Handler: Windows Patch Install
2009-11-24 19:01:03:858 1064 fb0 Handler :::::::::
2009-11-24 19:01:03:858 1064 fb0 Handler : Updates to install = 1
2009-11-24 19:01:03:858 1064 fb0 Handler : Installing update {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:01:03:858 1064 fdc Handler Installing with parameters=-q -z -er, sandbox=C:\WINDOWS\SoftwareDistribution\Download\9e970568c595db5e0a749b72a9ab2cda.
2009-11-24 19:01:03:874 1064 fdc Handler Updateci: WinSEUpdateHandler::_LaunchInstaller: CreateProcess ("update\update.exe -q -z -er /ParentInfo:9219b2da18d33c4b84c0a921a21412a5") failed (5)
2009-11-24 19:01:03:874 1064 fdc Handler Install completed with 0x80070005.
2009-11-24 19:01:03:874 1064 fb0 Handler FATAL: UH: 0x80070005: InstallOrUninstallThread failed in CUHWindowsPatchHandler::HandleSingleUpdate
2009-11-24 19:01:03:874 1064 fb0 Handler : WARNING: Install completed: result type = 0x0, installer error = True, error = 0x80070005, disabled until reboot = No, reboot required = No
2009-11-24 19:01:03:874 1220 27c AU >>## RESUMED ## AU: Installing update [UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}]
2009-11-24 19:01:03:874 1064 fb0 Handler FATAL: UH: 0x8024200b: HandleSingleUpdate failed in CUHWindowsPatchHandler::HandleMultipleUpdates
2009-11-24 19:01:03:874 1220 27c AU # WARNING: Install failed, error = 0x80070005 / 0x80070005
2009-11-24 19:01:03:874 1064 fb0 Handler :::::::::
2009-11-24 19:01:03:874 1064 fb0 Handler :: END :: Handler: Windows Patch Install
2009-11-24 19:01:03:874 1064 fb0 Handler :::::::::::::
2009-11-24 19:01:03:890 1220 488 Agent *********
2009-11-24 19:01:03:890 1220 27c AU Install call completed.
2009-11-24 19:01:03:890 1220 488 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:03:890 1220 27c AU # WARNING: Install call completed, reboot required = No, error = 0x00000000
2009-11-24 19:01:03:890 1220 488 Agent *************
2009-11-24 19:01:03:890 1220 27c AU #########
2009-11-24 19:01:03:890 1220 27c AU ## END ## AU: Installing updates [CallId = {4852CE15-94A1-4908-A890-45145CE65CD7}]
2009-11-24 19:01:03:890 1220 27c AU #############
2009-11-24 19:01:03:890 1220 27c AU Install complete for all calls, reboot NOT needed
2009-11-24 19:01:03:890 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:07:343 1220 a38 Report REPORT EVENT: {2CF74E2E-CCAD-4EEC-A267-79646F5EE39A} 2009-11-24 19:01:02:343-0600 1 182 101 {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C} 105 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Internet Explorer 8 for Windows XP (KB976749).
2009-11-24 19:01:07:343 1220 a38 Report REPORT EVENT: {08A4B6FB-5FA8-40E6-98DB-439ED92D0368} 2009-11-24 19:01:02:374-0600 1 182 101 {E5074371-9CBE-4B61-8DE3-AB3C678605D2} 100 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows XP (KB973687).
2009-11-24 19:01:07:343 1220 a38 Report REPORT EVENT: {445BF34E-B3DA-4DDE-8FEF-F0F5FC0A0404} 2009-11-24 19:01:03:812-0600 1 182 101 {A45B9BA4-5ADD-4702-95CB-BE38B0681172} 100 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Windows Malicious Software Removal Tool - November 2009 (KB890830).
2009-11-24 19:01:07:343 1220 a38 Report REPORT EVENT: {5B59D3A3-02C3-48B7-8B46-795A7E69DA34} 2009-11-24 19:01:03:874-0600 1 182 101 {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6} 101 80070005 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows XP (KB976098).
2009-11-24 19:01:13:280 1220 b4 AU Triggering Offline detection (non-interactive)
2009-11-24 19:01:13:280 1220 52c AU #############
2009-11-24 19:01:13:280 1220 52c AU ## START ## AU: Search for updates
2009-11-24 19:01:13:280 1220 52c AU #########
2009-11-24 19:01:13:280 1220 52c AU <<## SUBMITTED ## AU: Search for updates [CallId = {9DEFFC26-8D3C-4D49-B2C0-D87750EF9AF4}]
2009-11-24 19:01:13:280 1220 a38 Agent *************
2009-11-24 19:01:13:280 1220 a38 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:13:280 1220 a38 Agent *********
2009-11-24 19:01:13:280 1220 a38 Agent * Online = No; Ignore download priority = No
2009-11-24 19:01:13:280 1220 a38 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-11-24 19:01:13:280 1220 a38 Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2009-11-24 19:01:13:280 1220 a38 Agent * Search Scope = {Machine}
2009-11-24 19:01:13:312 4008 f18 CltUI AU client got new directive = 'Shutdown', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0x00000000
2009-11-24 19:01:13:358 1220 52c AU AU received handle event
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}.109 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}.103 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}.100 to search result
2009-11-24 19:01:13:624 1220 a38 Agent Update {3B6082C9-F415-4E83-98A8-96F28461C91C}.101 is pruned out due to potential supersedence
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {54173D00-6670-4E5C-A601-70AE316AA295}.101 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}.105 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}.100 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Added update {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101 to search result
2009-11-24 19:01:13:624 1220 a38 Agent * Found 9 updates and 13 categories in search; evaluated appl. rules of 291 out of 693 deployed entities
2009-11-24 19:01:13:765 1220 a38 Agent *********
2009-11-24 19:01:13:765 1220 a38 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:13:765 1220 a38 Agent *************
2009-11-24 19:01:13:765 1220 27c AU >>## RESUMED ## AU: Search for updates [CallId = {9DEFFC26-8D3C-4D49-B2C0-D87750EF9AF4}]
2009-11-24 19:01:13:765 1220 27c AU # 9 updates detected
2009-11-24 19:01:13:765 1220 27c AU #########
2009-11-24 19:01:13:765 1220 27c AU ## END ## AU: Search for updates [CallId = {9DEFFC26-8D3C-4D49-B2C0-D87750EF9AF4}]
2009-11-24 19:01:13:765 1220 27c AU #############
2009-11-24 19:01:13:765 1220 27c AU Featured notifications is disabled.
2009-11-24 19:01:13:765 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {54173D00-6670-4E5C-A601-70AE316AA295}.101, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}.103, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}.109, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}.105, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approving update for download, updateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=0
2009-11-24 19:01:13:765 1220 27c AU Auto-approved 9 update(s) for download (NOT for Ux)
2009-11-24 19:01:13:765 1220 27c AU #############
2009-11-24 19:01:13:765 1220 27c AU ## START ## AU: Download updates
2009-11-24 19:01:13:765 1220 27c AU #########
2009-11-24 19:01:13:765 1220 27c AU # Approved updates = 9
2009-11-24 19:01:13:796 1220 27c AU AU initiated download, updateId = {54173D00-6670-4E5C-A601-70AE316AA295}.101, callId = {F8FC6FD5-2F8E-48E2-885D-55EB50C6CB85}
2009-11-24 19:01:13:796 1220 a38 DnldMgr *************
2009-11-24 19:01:13:796 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:13:796 1220 a38 DnldMgr *********
2009-11-24 19:01:13:796 1220 a38 DnldMgr * Call ID = {F8FC6FD5-2F8E-48E2-885D-55EB50C6CB85}
2009-11-24 19:01:13:796 1220 27c AU AU initiated download, updateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}.103, callId = {D3D5B1EF-40EC-49CD-AA56-B6133A3D0B16}
2009-11-24 19:01:13:796 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:13:796 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:13:796 1220 a38 Agent * Title = Security Update for Windows XP (KB969947)
2009-11-24 19:01:13:796 1220 a38 Agent * UpdateId = {54173D00-6670-4E5C-A601-70AE316AA295}.101
2009-11-24 19:01:13:796 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:13:796 1220 a38 Agent * {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101
2009-11-24 19:01:13:796 1220 27c AU AU initiated download, updateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}.100, callId = {3BEC10FC-B15C-4D7A-B318-38F6D80264F0}
2009-11-24 19:01:13:796 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:13:796 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:13:796 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101] ***********
2009-11-24 19:01:13:796 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:13:796 1220 a38 DnldMgr Generating download request for update {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101
2009-11-24 19:01:13:812 1220 27c AU AU initiated download, updateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}.109, callId = {35A19D6A-298D-4B53-9226-6E09ECC3C452}
2009-11-24 19:01:13:812 1220 27c AU AU initiated download, updateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}.100, callId = {1755B1D4-DF06-4EF2-AF61-6AFB60CF98A0}
2009-11-24 19:01:13:858 1220 27c AU AU initiated download, updateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}.105, callId = {25BC260B-869E-4654-8BEC-E6FAEA51A274}
2009-11-24 19:01:13:858 1220 27c AU AU initiated download, updateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100, callId = {143A3EB9-1653-4681-9ADB-1393BCAE572E}
2009-11-24 19:01:13:874 1220 27c AU AU initiated download, updateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100, callId = {20097233-71F7-4C2D-A947-C44E42EF0987}
2009-11-24 19:01:13:874 1220 27c AU AU initiated download, updateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101, callId = {004A4735-98F3-4B24-BB78-7F84251BF008}
2009-11-24 19:01:13:874 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:13:874 1220 27c AU AU setting pending client directive to 'Download Progress'
2009-11-24 19:01:13:874 1220 27c AU # Pending download calls = 9
2009-11-24 19:01:13:874 1220 27c AU <<## SUBMITTED ## AU: Download updates
2009-11-24 19:01:14:155 1220 a38 Handler Windows Patch download for UpdateId = {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}: selected action is download express (delta).
2009-11-24 19:01:15:702 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {A3D90E6F-71D4-4DE3-9BBF-F0C81B9B5949}.101] ***********
2009-11-24 19:01:15:765 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:15:765 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {54173D00-6670-4E5C-A601-70AE316AA295}, succeeded]
2009-11-24 19:01:15:765 1220 a38 Agent *********
2009-11-24 19:01:15:765 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:15:765 1220 a38 Agent *************
2009-11-24 19:01:15:765 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:15:765 1220 a38 DnldMgr *************
2009-11-24 19:01:15:765 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:15:765 1220 a38 DnldMgr *********
2009-11-24 19:01:15:765 1220 a38 DnldMgr * Call ID = {D3D5B1EF-40EC-49CD-AA56-B6133A3D0B16}
2009-11-24 19:01:15:765 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:15:765 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:15:765 1220 a38 Agent * Title = Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
2009-11-24 19:01:15:765 1220 a38 Agent * UpdateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}.103
2009-11-24 19:01:15:765 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:15:765 1220 a38 Agent * {FA442F0C-0774-4233-B500-89C5BB84B630}.103
2009-11-24 19:01:15:765 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:15:780 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:15:780 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {FA442F0C-0774-4233-B500-89C5BB84B630}.103] ***********
2009-11-24 19:01:15:780 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:15:780 1220 a38 DnldMgr Generating download request for update {FA442F0C-0774-4233-B500-89C5BB84B630}.103
2009-11-24 19:01:16:218 1220 a38 Handler Windows Patch download for UpdateId = {FA442F0C-0774-4233-B500-89C5BB84B630}: selected action is download full-file.
2009-11-24 19:01:16:233 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {FA442F0C-0774-4233-B500-89C5BB84B630}.103] ***********
2009-11-24 19:01:16:312 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:16:312 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {D6D1CB0C-8200-4F5B-8711-7CF95D5550DD}, succeeded]
2009-11-24 19:01:16:312 1220 a38 Agent *********
2009-11-24 19:01:16:312 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:16:312 1220 a38 Agent *************
2009-11-24 19:01:16:312 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:16:312 1220 a38 DnldMgr *************
2009-11-24 19:01:16:312 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:16:312 1220 a38 DnldMgr *********
2009-11-24 19:01:16:312 1220 a38 DnldMgr * Call ID = {3BEC10FC-B15C-4D7A-B318-38F6D80264F0}
2009-11-24 19:01:16:312 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:16:312 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:16:312 1220 a38 Agent * Title = Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
2009-11-24 19:01:16:312 1220 a38 Agent * UpdateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}.100
2009-11-24 19:01:16:312 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:16:312 1220 a38 Agent * {3E02BE6E-46DB-4105-83F5-4F0A44A04ADD}.100
2009-11-24 19:01:16:312 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:16:312 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:16:327 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {3E02BE6E-46DB-4105-83F5-4F0A44A04ADD}.100] ***********
2009-11-24 19:01:16:437 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:16:437 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {4EB6F812-F2AE-43EF-9FE0-11ED711339BB}, succeeded]
2009-11-24 19:01:16:437 1220 a38 Agent *********
2009-11-24 19:01:16:437 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:16:437 1220 a38 Agent *************
2009-11-24 19:01:16:437 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:16:437 1220 a38 DnldMgr *************
2009-11-24 19:01:16:437 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:16:437 1220 a38 DnldMgr *********
2009-11-24 19:01:16:437 1220 a38 DnldMgr * Call ID = {35A19D6A-298D-4B53-9226-6E09ECC3C452}
2009-11-24 19:01:16:437 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:16:437 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:16:437 1220 a38 Agent * Title = Security Update for Windows XP (KB951748)
2009-11-24 19:01:16:437 1220 a38 Agent * UpdateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}.109
2009-11-24 19:01:16:437 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:16:437 1220 a38 Agent * {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101
2009-11-24 19:01:16:437 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:16:437 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:16:452 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101] ***********
2009-11-24 19:01:16:452 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:16:452 1220 a38 DnldMgr Generating download request for update {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101
2009-11-24 19:01:16:608 1220 a38 Handler Windows Patch download for UpdateId = {7F435586-D50F-439A-BDCA-2F16A4924CBE}: selected action is download express (delta).
2009-11-24 19:01:18:218 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {7F435586-D50F-439A-BDCA-2F16A4924CBE}.101] ***********
2009-11-24 19:01:18:280 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:18:296 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {D5EADB3B-4FD7-4087-8B9D-4ACB2B41210E}, succeeded]
2009-11-24 19:01:18:296 1220 a38 Agent *********
2009-11-24 19:01:18:296 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:18:296 1220 a38 Agent *************
2009-11-24 19:01:18:296 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:18:296 1220 a38 DnldMgr *************
2009-11-24 19:01:18:296 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:18:296 1220 a38 DnldMgr *********
2009-11-24 19:01:18:296 1220 a38 DnldMgr * Call ID = {1755B1D4-DF06-4EF2-AF61-6AFB60CF98A0}
2009-11-24 19:01:18:296 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:18:296 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:18:296 1220 a38 Agent * Title = Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
2009-11-24 19:01:18:296 1220 a38 Agent * UpdateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}.100
2009-11-24 19:01:18:296 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:18:296 1220 a38 Agent * {3A769F99-AF69-4268-B78D-D6DFB38AE573}.100
2009-11-24 19:01:18:296 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:18:296 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:18:296 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {3A769F99-AF69-4268-B78D-D6DFB38AE573}.100] ***********
2009-11-24 19:01:18:577 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:18:577 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {A72E5A3C-38CC-4976-8E17-92D9D043BEDF}, succeeded]
2009-11-24 19:01:18:577 1220 a38 Agent *********
2009-11-24 19:01:18:577 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:18:577 1220 a38 Agent *************
2009-11-24 19:01:18:577 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:18:577 1220 a38 DnldMgr *************
2009-11-24 19:01:18:577 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:18:577 1220 a38 DnldMgr *********
2009-11-24 19:01:18:577 1220 a38 DnldMgr * Call ID = {25BC260B-869E-4654-8BEC-E6FAEA51A274}
2009-11-24 19:01:18:577 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:18:577 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:18:577 1220 a38 Agent * Title = Update for Internet Explorer 8 for Windows XP (KB976749)
2009-11-24 19:01:18:577 1220 a38 Agent * UpdateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}.105
2009-11-24 19:01:18:577 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:18:577 1220 a38 Agent * {8D8362D1-57AB-4170-B090-2280C0BE5674}.105
2009-11-24 19:01:18:577 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:18:577 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:18:577 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {8D8362D1-57AB-4170-B090-2280C0BE5674}.103] ***********
2009-11-24 19:01:18:577 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:18:577 1220 a38 DnldMgr Generating download request for update {8D8362D1-57AB-4170-B090-2280C0BE5674}.103
2009-11-24 19:01:19:015 1220 a38 Handler Windows Patch download for UpdateId = {8D8362D1-57AB-4170-B090-2280C0BE5674}: selected action is download full-file.
2009-11-24 19:01:19:015 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {8D8362D1-57AB-4170-B090-2280C0BE5674}.103] ***********
2009-11-24 19:01:19:062 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:19:093 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {828E4C4E-1E6A-4ED7-89AF-2512352A6B9C}, succeeded]
2009-11-24 19:01:19:093 1220 a38 Agent *********
2009-11-24 19:01:19:093 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:093 1220 a38 Agent *************
2009-11-24 19:01:19:093 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:19:093 1220 a38 DnldMgr *************
2009-11-24 19:01:19:093 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:093 1220 a38 DnldMgr *********
2009-11-24 19:01:19:093 1220 a38 DnldMgr * Call ID = {143A3EB9-1653-4681-9ADB-1393BCAE572E}
2009-11-24 19:01:19:093 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:19:093 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:19:093 1220 a38 Agent * Title = Update for Windows XP (KB973687)
2009-11-24 19:01:19:093 1220 a38 Agent * UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}.100
2009-11-24 19:01:19:093 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:19:093 1220 a38 Agent * {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:01:19:093 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:19:093 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:19:093 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100] ***********
2009-11-24 19:01:19:093 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:19:093 1220 a38 DnldMgr Generating download request for update {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100
2009-11-24 19:01:19:437 1220 a38 Handler Windows Patch download for UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}: selected action is download full-file.
2009-11-24 19:01:19:452 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {4ACE7A5F-FFC8-4FB8-A5B6-6F1CA838CF2A}.100] ***********
2009-11-24 19:01:19:515 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:19:515 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {E5074371-9CBE-4B61-8DE3-AB3C678605D2}, succeeded]
2009-11-24 19:01:19:515 1220 a38 Agent *********
2009-11-24 19:01:19:515 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:515 1220 a38 Agent *************
2009-11-24 19:01:19:515 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:19:515 1220 a38 DnldMgr *************
2009-11-24 19:01:19:515 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:515 1220 a38 DnldMgr *********
2009-11-24 19:01:19:515 1220 a38 DnldMgr * Call ID = {20097233-71F7-4C2D-A947-C44E42EF0987}
2009-11-24 19:01:19:515 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:19:515 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:19:530 1220 a38 Agent * Title = Windows Malicious Software Removal Tool - November 2009 (KB890830)
2009-11-24 19:01:19:530 1220 a38 Agent * UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}.100
2009-11-24 19:01:19:530 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:19:530 1220 a38 Agent * {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100
2009-11-24 19:01:19:530 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:19:530 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:19:530 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {467B1FC7-031A-41CC-A7B8-3862F4AF3C1C}.100] ***********
2009-11-24 19:01:19:718 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:19:718 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {A45B9BA4-5ADD-4702-95CB-BE38B0681172}, succeeded]
2009-11-24 19:01:19:718 1220 a38 Agent *********
2009-11-24 19:01:19:718 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:718 1220 a38 Agent *************
2009-11-24 19:01:19:718 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:19:718 1220 a38 DnldMgr *************
2009-11-24 19:01:19:718 1220 a38 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:718 1220 a38 DnldMgr *********
2009-11-24 19:01:19:718 1220 a38 DnldMgr * Call ID = {004A4735-98F3-4B24-BB78-7F84251BF008}
2009-11-24 19:01:19:718 1220 a38 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2009-11-24 19:01:19:718 1220 a38 DnldMgr * Updates to download = 1
2009-11-24 19:01:19:718 1220 a38 Agent * Title = Update for Windows XP (KB976098)
2009-11-24 19:01:19:718 1220 a38 Agent * UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}.101
2009-11-24 19:01:19:718 1220 a38 Agent * Bundles 1 updates:
2009-11-24 19:01:19:718 1220 a38 Agent * {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:01:19:718 1220 a38 DnldMgr *********** DnldMgr: Regulation Refresh [Svc: {9482F4B4-E343-43B6-B170-9A65BC822C77}] ***********
2009-11-24 19:01:19:718 1220 a38 DnldMgr * Regulation call complete. 0x00000000
2009-11-24 19:01:19:718 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101] ***********
2009-11-24 19:01:19:733 1220 a38 DnldMgr * Queueing update for download handler request generation.
2009-11-24 19:01:19:733 1220 a38 DnldMgr Generating download request for update {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101
2009-11-24 19:01:19:827 1220 a38 Handler Windows Patch download for UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}: selected action is download full-file.
2009-11-24 19:01:19:827 1220 a38 DnldMgr *********** DnldMgr: New download job [UpdateId = {1FBB8A4F-13BA-443E-81D1-84FB6B1F0928}.101] ***********
2009-11-24 19:01:19:858 1220 a38 DnldMgr * All files for update were already downloaded and are valid.
2009-11-24 19:01:19:874 1220 27c AU >>## RESUMED ## AU: Download update [UpdateId = {440A0DD1-BA04-4235-BE29-E9AC1FC0E0B6}, succeeded]
2009-11-24 19:01:19:874 1220 a38 Agent *********
2009-11-24 19:01:19:874 1220 a38 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-24 19:01:19:874 1220 27c AU #########
2009-11-24 19:01:19:874 1220 a38 Agent *************
2009-11-24 19:01:19:874 1220 27c AU ## END ## AU: Download updates
2009-11-24 19:01:19:874 1220 27c AU #############
2009-11-24 19:01:19:874 1220 27c AU Setting AU scheduled install time to 2009-11-25 09:00:00
2009-11-24 19:01:19:874 1220 27c AU AU setting pending client directive to 'Install Approval'
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {84249F33-48DA-4F5A-8596-F8FEE1C1D476} 2009-11-24 19:01:15:765-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {6ECEF873-2F49-45AD-AFEF-05A9AB6B9A73} 2009-11-24 19:01:16:312-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {0FA94F66-18B1-4E98-8AA2-30A83CDA7CB2} 2009-11-24 19:01:16:437-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {8147D0AA-2CC1-425E-A489-EEC816A49A1A} 2009-11-24 19:01:18:296-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {B76FC360-D4A4-4996-9EDC-C8283083684F} 2009-11-24 19:01:18:577-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {2E18FD59-7C51-4990-A937-FB0E5988F0A2} 2009-11-24 19:01:19:093-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {1792B2AE-7D86-4AD1-A00C-1605A55D6445} 2009-11-24 19:01:19:515-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {9EDCF706-F8E6-4EE3-8CB5-FF78E5329A7D} 2009-11-24 19:01:19:718-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687) - Windows Malicious Software Removal Tool - November 2009 (KB890830)
2009-11-24 19:01:19:874 1220 a38 Report REPORT EVENT: {543E46D8-87A6-414C-ABCC-82185B4D0059} 2009-11-24 19:01:19:874-0600 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 25, 2009 at 3:00 AM: - Security Update for Windows XP (KB969947) - Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295) - Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688) - Security Update for Windows XP (KB951748) - Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297) - Update for Internet Explorer 8 for Windows XP (KB976749) - Update for Windows XP (KB973687) - Windows Malicious Software Removal Tool - November 2009 (KB890830) - Update for Windows XP (KB976098)
2009-11-24 19:01:28:874 1220 52c AU Launched new AU client for directive 'Install Approval', session id = 0x0
2009-11-24 19:01:28:905 3324 b98 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:01:28:905 3324 b98 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-11-24 19:01:28:905 3324 b98 AUClnt Launched Client UI process
2009-11-24 19:01:28:937 3324 b98 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:01:28:937 3324 b98 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-11-24 19:01:28:937 3324 b98 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2009-11-24 19:01:28:937 3324 b98 CltUI AU client got new directive = 'Install Approval', serviceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, return = 0x00000000
2009-11-24 19:01:28:937 3324 b98 CltUI AU client creating default WU/WSUS UI plugin
2009-11-24 19:04:43:983 1220 644 AU AU found 9 updates for install at shutdown
2009-11-24 19:04:43:983 3556 e4c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2009-11-24 19:04:43:983 3556 e4c Misc = Process: C:\WINDOWS\Explorer.EXE
2009-11-24 19:04:43:983 3556 e4c Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2009-11-24 19:04:43:983 3556 e4c Shutdwn Install at shutdown: found updates to install
2009-11-24 19:04:57:452 1220 52c AU AU received handle event
2009-11-24 19:04:57:452 1220 52c AU AU setting pending client directive to 'Install Approval'




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users