Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start Automatic Updates, Error Code 2 pops up


  • Please log in to reply
21 replies to this topic

#1 squoosh82

squoosh82

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 12 August 2011 - 07:03 AM

Hello all,

I tried to download updates for my home pc [Win XP(SP3)], but since I've set it to manual, I had to restart the service. However, when I ran services.msc and right-clicked Start on the Automatic Updates line, I get an error message "Could not start the Automatic Update service on Local Computer. Error 2: The system could not find the file specified." I've gone online and found out this is usually caused by some malware attack (I haven't seen anything else stating otherwise). I've then tried to do the following recommended fixes:

1.Ran my local AV program (avast!) and found an exploit virus; fixed now.

2.Downloaded MS Security Essentials, updated and ran it, got some hits and fixed those as well.

3.Checked the ImagePath Value in the Registry key HKLM\SYSTEM\CurrentControlSet\Services\wuauserv and verified it is "%systemroot%\system32\svchost.exe -k netsvcs" and not a fake path like %fystemroot%\.. netsvcs.

4.Ran sfc.ex /scannow and no prompts came up.

5.Ran HijackThis and spotted this suspicious line --- O23 - Service: UPHClean - Unknown owner - ?:\P?ogr?m Files\UPHClean\uphclean.exe (file missing). I've tried several times to delete this but it still comes back, and still shows up after running HJT several times.

As of today, I still can't get updates or restart the service, and Number 4 in particular has me worried like a cornered cat. 'Til now, I've never seen an HJT line formatted like that, and one that HJT can't fix. I'll really appreciate any help you guys could extend me.

Edited by hamluis, 12 August 2011 - 11:34 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 12 August 2011 - 11:20 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 12 August 2011 - 11:35 PM

Hi Broni, thanks for your warm welcome and help. Here are the reports you requested:

SECURITY CHECK

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````


MINITOOLBOX

MiniToolBox by Farbar
Ran by Owner (administrator) on 13-08-2011 at 11:44:28
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
# Any other entries you had go here (new line no # no space);
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : anonymous

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : local



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection #2

Physical Address. . . . . . . . . : 00-0D-61-64-C9-34



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : local

Description . . . . . . . . . . . : D-Link Wireless G DWA-110 USB Adapter #3

Physical Address. . . . . . . . . : 00-22-B0-52-3C-E8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.123.121

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.123.254

DHCP Server . . . . . . . . . . . : 192.168.123.254

DNS Servers . . . . . . . . . . . : 115.42.127.2

115.42.126.2

Lease Obtained. . . . . . . . . . : Saturday 13 August 2011 11:26:46 AM

Lease Expires . . . . . . . . . . : Sunday 14 August 2011 11:26:46 AM

Server: UnKnown
Address: 115.42.127.2

Name: google.com
Addresses: 74.125.71.99, 74.125.71.147, 74.125.71.105, 74.125.71.103
74.125.71.106, 74.125.71.104



Pinging google.com [74.125.71.99] with 32 bytes of data:



Reply from 74.125.71.99: bytes=32 time=33ms TTL=51

Reply from 74.125.71.99: bytes=32 time=32ms TTL=51



Ping statistics for 74.125.71.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: UnKnown
Address: 115.42.127.2

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=261ms TTL=48

Reply from 209.191.122.70: bytes=32 time=260ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 260ms, Maximum = 261ms, Average = 260ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 61 64 c9 34 ...... Intel® PRO/100 VE Network Connection #2 - Packet Scheduler Miniport
0x10004 ...00 22 b0 52 3c e8 ...... D-Link Wireless G DWA-110 USB Adapter #3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.123.254 192.168.123.121 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.123.0 255.255.255.0 192.168.123.121 192.168.123.121 25
192.168.123.121 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.123.255 255.255.255.255 192.168.123.121 192.168.123.121 25
224.0.0.0 240.0.0.0 192.168.123.121 192.168.123.121 25
255.255.255.255 255.255.255.255 192.168.123.121 2 1
255.255.255.255 255.255.255.255 192.168.123.121 192.168.123.121 1
Default Gateway: 192.168.123.254
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/12/2011 02:39:59 PM) (Source: Application Error) (User: )
Description: Faulting application IEXPLORE.EXE, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Processing media-specific event for [IEXPLORE.EXE!ws!]

Error: (08/12/2011 02:39:46 PM) (Source: Application Error) (User: )
Description: Faulting application IEXPLORE.EXE, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Processing media-specific event for [IEXPLORE.EXE!ws!]

Error: (08/12/2011 11:44:10 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.

Error: (08/12/2011 11:07:43 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.

Error: (08/12/2011 11:07:08 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.

Error: (08/12/2011 11:07:04 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.

Error: (08/12/2011 11:03:14 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.

Error: (08/11/2011 10:03:40 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0moaccapability3.0.8402.033unspecifiedunspecifiedNILNILNIL

Error: (08/10/2011 10:14:11 PM) (Source: Application Error) (User: )
Description: Faulting application IEXPLORE.EXE, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Processing media-specific event for [IEXPLORE.EXE!ws!]

Error: (08/10/2011 10:14:11 PM) (Source: Application Error) (User: )
Description: Faulting application IEXPLORE.EXE, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Processing media-specific event for [IEXPLORE.EXE!ws!]


System errors:
=============
Error: (08/13/2011 11:27:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/13/2011 11:27:13 AM) (Source: Service Control Manager) (User: )
Description: The WinFLdrv service failed to start due to the following error:
%%2

Error: (08/13/2011 11:27:13 AM) (Source: Service Control Manager) (User: )
Description: The UPHClean service failed to start due to the following error:
%%3

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (08/13/2011 11:26:42 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}


Microsoft Office Sessions:
=========================
Error: (08/12/2011 02:39:59 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE8.0.6001.18702ieframe.dll8.0.6001.187020009656c

Error: (08/12/2011 02:39:46 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE8.0.6001.18702ieframe.dll8.0.6001.187020009656c

Error: (08/12/2011 11:44:10 AM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/12/2011 11:07:43 AM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/12/2011 11:07:08 AM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/12/2011 11:07:04 AM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/12/2011 11:03:14 AM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2011 10:03:40 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.033unspecifiedunspecifiedNILNILNIL

Error: (08/10/2011 10:14:11 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE8.0.6001.18702ieframe.dll8.0.6001.187020009656c

Error: (08/10/2011 10:14:11 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE8.0.6001.18702ieframe.dll8.0.6001.187020009656c


=========================== Installed Programs ============================

7-Zip 9.20 (Version: 9.20.00.0)
ACDSee Photo Manager 12 (Version: 12.0.344)
Acronis PartitionExpert
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.0)
Adobe Acrobat 8.1.0 Professional (Version: 8.1.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Audition 2.0 (Version: 2.0)
Adobe Bridge 1.0 (Version: 1.0.1.1)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Common File Installer (Version: 1.00.002)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Fonts All (Version: 2.0)
Adobe Help Center 2.0 (Version: 2.0.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS5 (Version: 15.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop Lightroom 3.3 (Version: 3.3.1)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced SystemCare 4 (Version: 4.0.1)
Alien Skin Bokeh 2
ANIO Service
ANIWZCS2 Service
Any Video Converter 3.1.7
avast! Free Antivirus (Version: 6.0.1203.0)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.2.0.11)
Canon RAW Codec (Version: 1.6.0.53)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.7.0.3)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Utilities EOS Utility (Version: 2.1.0.1)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
CCleaner (Version: 3.08)
CDCheck
CoffeeCup HTML Editor
CoH SGAMappack (Version: 1.0)
Company of Heroes (Version: 1.0.0.78)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Corel Graphics - Windows Shell Extension (Version: 15.1.0.588)
Corel Graphics - Windows Shell Extension (Version: 15.1.588)
CPUID CPU-Z 1.53.1
Creative AudioHQ
Creative Diagnostics
Creative Restore Defaults
Creative Surround Mixer
D-Link Wireless G DWA-110
Debugging Tools for Windows (Version: 6.7.5.1)
Defraggler (Version: 2.06)
Dfine 2.0 (Version: 2.1.0.2)
Easy File Locker 1.2 (Version: 1.2)
Engraver 2.1.
ESET Online Scanner v3
Flash Movie Player 1.5 (Version: 1.5)
FontExpert 2010
Free CD Ripper 3.1
Freecorder (Version: 4.1)
Freecorder Toolbar (Version: 6.3.3.3)
Game Booster (Version: 2.2.0.0)
Genuine Fractals 6.0.6 Professional Edition (Version: 6.0.6)
GetDiz 3.0 (Version: 3.0)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64)
Glary Utilities 2.34.0.1190 (Version: 2.34.0.1190)
GPL Ghostscript 8.71
Greenshot
HashCheck Shell Extension (x86-32) (Version: 2.1.8.1)
HijackThis 2.0.2 (Version: 2.0.2)
HP Drive Key Boot Utility
HP PrecisionScan LTX
IconTweaker (Version: 1.1)
Insaniquarium Deluxe 1.0
Intel® Extreme Graphics 2 Driver
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JGoodies JDiskReport 1.3.2 (Version: 1.3.2 (2009-12-18 11:57:44))
K-Lite Mega Codec Pack 4.7.5 (Version: 4.7.5)
KeePass Password Safe 2.16
Knoll Light Factory Pro 2.5
LAME v3.98.2 for Audacity
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Memturbo ™ 4
Metric Converter
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Color Control Panel Applet for Windows XP (Version: 01.00.0177.00)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Windows Application Compatibility Database
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mobipocket Creator 4.2 (Version: 4.2.41)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox (3.6.16) (Version: 3.6.16 (en-US))
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Multiply AutoUploader (Version: 98)
Mummy Maze Deluxe 1.1
Neat Image v6.0 Pro+
Nero 8 (Version: 8.10.214)
neroxml (Version: 1.0.0)
nik Sharpener Pro 2.0 Complete
NirSoft ShellExView
Noise Ninja 2 (Standalone Version)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Object Fix Zip (Version: 1.7)
ObjectDock
Opanda IExif 2.3 (Version: 2.3)
Open Command Prompt Shell Extension (x86-32) (Version: 1.2.0.0)
Opera 11.50 (Version: 11.50.1074)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Ozzy Bubbles 1.00
Page Gallery (Version: 3.01)
Paint.NET v3.5.8 (Version: 3.58.0)
Palm Desktop (Version: 4.1.0410)
Panda USB Vaccine 1.0.1.4
PDF Settings CS5 (Version: 10.0)
Pdf995
Photodex Presenter
PhotoPresets with One-Click WOW! (Version: 1.0)
PhotoPresets with One-Click WOW! for Adobe Camera Raw (Version: 1.0)
PhotoPresets Wow Effects for Adobe Camera Raw (Version: 1.0)
PhotoPresets Wow Effects for Lightroom (Version: 1.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PowerISO (Version: 4.6)
QuickGamma 3.0.0.1 (Version: 3.0.0.1)
QuickMonitorProfile 2.1.0.1 (Version: 2.1.0.1)
QuickTime (Version: 7.69.80.9)
Realtek AC'97 Audio (Version: 5.28)
Remove Empty Directories version 2.2 (Version: 2.2)
Revo Uninstaller 1.92 (Version: 1.92)
ScummVM 0.12.0
Sharpener Pro 3.0 (Version: 3.0.0.4)
Silver Efex Pro (Version: 1.001)
Sound Blaster Live!
Souptoys (Version: 1.6.0.8)
Speccy (Version: 1.09)
Suite Shared Configuration CS4 (Version: 1.0)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.4.26.0)
The KMPlayer (remove only)
ThumbView_Lite 1.0
TMPGEnc 4.0 XPress (Version: 4.5.1.254)
Tone Hacker (Version: 1.2)
Topaz DeNoise 5 (Version: 5.0.1)
Topaz ReMask 2 (Version: 2.0.1)
Trapcode 3DStroke
Trapcode Form
Trapcode Particular v2
Trapcode Shine
Trapcode Starglow
Turtle Odyssey 1.00
Unlocker 1.8.7 (Version: 1.8.7)
User Profile Hive Cleanup Service (Version: 1.6.30)
User Profile Hive Cleanup Service (Version: 1.6.36)
VCRedistSetup (Version: 1.0.0)
Vertus Fluid Mask 3 2.100.1-RC1 (Version: 2.100.1-RC1)
Visual C++ 9.0 ATL (x86) WinSXS MSM (Version: 9.0)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
Viveza (Version: 1.002)
VSO Inspector 2.1.0.6 (Version: 2.1.0.6)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.61 )
Windows Management Framework Core
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)
WinHTTrack Website Copier 3.43-9D (Version: 3.43.12)
WinZip 15.0 (Version: 15.0.9302)

========================= Memory info: ===================================

Percentage of memory in use: 90%
Total physical RAM: 511.48 MB
Available physical RAM: 46.68 MB
Total Pagefile: 2776.39 MB
Available Pagefile: 2273.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.59 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:37.27 GB) (Free:10.14 GB) NTFS
2 Drive d: (IDE 01) (Fixed) (Total:19.53 GB) (Free:5.18 GB) NTFS
3 Drive e: (IDE 02) (Fixed) (Total:166.77 GB) (Free:17.99 GB) NTFS
4 Drive f: (SATA) (Fixed) (Total:149.05 GB) (Free:4.28 GB) NTFS

========================= Users: ========================================

User accounts for \\ANONYMOUS

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0
UpdatusUser


== End of log ==

MALWAREBYTES (QUICK SCAN)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7452

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2011 9:25:29
mbam-log-2011-08-13 (09-25-28).txt

Scan type: Quick scan
Objects scanned: 223651
Time elapsed: 18 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MALWAREBYTES (FULL SCAN)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7452

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2011 11:22:50
mbam-log-2011-08-13 (11-22-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 344402
Time elapsed: 1 hour(s), 38 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\application data\thinstall\turtle odyssey 2\400000246d5002i\arcade.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\program files\tone hacker\tone hacker v1.2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-13 12:17:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-00JHC0 rev.05.01C05
Running: bgywy90y.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxryypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3FEBBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3FEBA5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF406B398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Thanks again.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 12 August 2011 - 11:55 PM

Go Start>Run, type in:
cmd
Click OK.

At command prompt paste following commands, pressing Enter after each one:

regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuwebv.dll
regsvr32 wucltux.dll

Restart computer and try updates again.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 August 2011 - 01:03 AM

I was able to register the first four .dlls, but was unsuccessful with the rest (wuwebv.dll,wucltux.dll). I get a message popup, "LoadLibrary(name of file) failed - The specified module could not be found."

Not sure what to do next...

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 13 August 2011 - 10:15 AM

Did you try Automatic Updates?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 August 2011 - 12:51 PM

Yes, I have. Still no luck restarting it.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 13 August 2011 - 12:59 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    wucltux.dll
    wuwebv.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 August 2011 - 09:13 PM

Here it is:


SystemLook 30.07.11 by jpshortstuff
Log created at 10:07 on 14/08/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "wucltux.dll"
No files found.

Searching for "wuwebv.dll"
No files found.

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 13 August 2011 - 09:29 PM

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 August 2011 - 08:32 PM

Ran it but nothing came up. The cmd window popped-up for a few milliseconds, then disappeared. Time for a re-install?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 14 August 2011 - 08:42 PM

Try this: http://support.microsoft.com/kb/971058

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 August 2011 - 10:08 PM

Yup, downloaded and ran it, got this following message: "Service 'Automatic Updates (WUAUSERV) failed to start. Verify that you have sufficient privileges to start system services"

But I'm using the administrator account of this pc...

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:43 AM

Posted 14 August 2011 - 10:17 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 squoosh82

squoosh82
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 August 2011 - 10:57 PM

Here it is:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:56 on 15/08/2011 by Owner
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ElevateNonAdmins"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"= 0x0000000001 (1)
"RebootRelaunchTimeoutEnabled"= 0x0000000001 (1)
"RebootRelaunchTimeout"= 0x00000005a0 (1440)
"NoAutoUpdate"= 0x0000000000 (0)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
(Unable to open key - key not found)

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users