Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very strange behavior recently


  • Please log in to reply
9 replies to this topic

#1 necrophyte

necrophyte

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 05:46 AM

2 days ago while i was running windows update and the only available update was the mse definition update (1.111.1162.0) the update failed with error 8007045D.
after that i tried to update it several more times and my notebook's performance dropped drastically until it got unresponsive and i had to shut it down using the power button. yesterday i tried the mse definition update standalone installer, which failed as well - when running it the file extraction bar appears shortly and then nothing happens anymore. after that again the performance drops noticeably.

i looked at the event viewer and only noticed some I/O errors which made me fear that my HDD may have become damaged. i did some thorough HDD scans using chkdsk on all partitions and the windows memory diagnostic tool but no errors were detected.

then mse suddenly found some malware during the realtime protection - \\partition\\driver\info\explorer.exe - Worm:Win32/Pushbot

right after that i ran the following, of which ONLY THE MSE FULL SYSTEM SCAN itself found just one other copy of that, namely the same file in the same folder (\driver\info\) just on another partition! all the others found NOTHING!

i ran these (full system scan each time; including scanning system volume information on each partition; and system restore disabled), some of them several times:

MSE
windows malicious software removal tool
MS safety scanner
norton power eraser
norton bootable recovery tool (using a usb stick)
trendmicro housecall (online scan)
kaspersky free virus scan (online scanner is currently under construction)
bitdefender online scan
panda security online scan
symantec online scan

there are no suspicious processes/services running on my system and right now, except i try to update the definitions for MSE, the system runs well. only when i run windows update and try to update the MSE definitions, or do the same within MSE or with the standalone installer the performance drops heavily and when i manage to open the taskbar and performance monitor i cannot identify anything visibly stressing the system (neither cpu, disk nor memory), and the cpu usage is between 5-20% only?!

i dont know how (if at all?!) i managed to get infected, as i didnt do anything risky recently, and until now MSE did a great job making any other antivir app redundant since ive started using windows 7 during its beta, which should be some 3 years ago now. my only suspicion may be something really stupid... i was playing prince of persia: forgotten sands 2 days ago before that happened, and since the game has quite a bad game saving system, one cannot load earlier checkpoints than the most recent one. since i wanted to get all the achivements and i missed one, i wanted to reload one checkpoint before the most recent one, which isnt possible due to that bad system. so i looked through the internet and found some savegame files and tried them out; they came packed into a zip file.. - maybe thats the source of this malware. [just for the record - i didnt continue playing using these downloaded saves, i reloaded my own one through the savegame sync with steam and uplay :D]

so what am i supposed to do now? any clues why all these scans didnt find anything? maybe im really clean now, but theres still some damage left from the malware.. the hosts file looks fine and sfc /scannow didnt find anything to fix. maybe something inside the registry.. i think the best idea would be to simply uninstall MSE, run a registry cleanup, and then reinstall it and try to update it again. i wouldnt wanna use combofix if its not 100% sure its necessary..

my system specs:
windows 7 ultimate 64bit

hp envy 17 3d notebook
intel i7-720qm
ati mobility radeon 5850
8gb pc3-10700 ram

thanks!

Edited by necrophyte, 01 September 2011 - 05:49 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:29 AM

Posted 01 September 2011 - 07:07 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 12:43 PM

thanks for the info, here are the logs (no GMEr log due to x64 OS):

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7630

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.09.2011 18:08:45
mbam-log-2011-09-01 (18-08-45).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 167777
Time elapsed: 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2011 at 07:31 PM

Application Version : 5.0.1118

Core Rules Database Version : 7632
Trace Rules Database Version: 5444

Scan type       : Complete Scan
Total Scan Time : 00:28:12

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 772
Memory threats detected   : 0
Registry items scanned    : 72983
Registry threats detected : 0
File items scanned        : 55246
File threats detected     : 0

..looks quite clean, so whats wrong?? :crazy:

Edited by necrophyte, 01 September 2011 - 12:44 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:29 AM

Posted 01 September 2011 - 12:46 PM

Can you run Gmer anways?

#5 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 12:52 PM

yes, i can run it. gonna let it scan now and then im gonna post the log. didnt try it initially because of the GMER does not work in 64bit Mode!!!!!! comment

#6 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 01:09 PM

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-01 20:07:10

Windows 6.1.7601 Service Pack 1 

Running: n4klx1yy.exe





---- Registry - GMER 1.0.15 ----



Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a8237febc                                         

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x18 0x91 0xE9 0xA7 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xED 0xD2 0x2E 0x8C ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA6 0x71 0x0A 0xAF ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a8237febc (not active ControlSet)                     

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x18 0x91 0xE9 0xA7 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xED 0xD2 0x2E 0x8C ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA6 0x71 0x0A 0xAF ...



---- EOF - GMER 1.0.15 ----



#7 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 01:18 PM

MSE definitely has issues or is damaged by some malware, as when i wanted to turn on realtime protection again after gmer has finished, it encountered an error 0x800705b4 (action timed out) and now the system runs very slow again

#8 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 September 2011 - 01:26 PM

here is the part of the log describing one of the MSE definition update attempts by windows update..

2011-09-01	02:33:28:215	 636	e4c	Misc	===========  Logging initialized (build: 7.5.7601.17514, tz: +0200)  ===========
2011-09-01	02:33:28:215	 636	e4c	Misc	  = Process: C:\Windows\system32\svchost.exe
2011-09-01	02:33:28:215	 636	e4c	Misc	  = Module: c:\windows\system32\wuaueng.dll
2011-09-01	02:33:28:215	 636	e4c	Service	*************
2011-09-01	02:33:28:215	 636	e4c	Service	** START **  Service: Service startup
2011-09-01	02:33:28:216	 636	e4c	Service	*********
2011-09-01	02:33:28:260	 636	e4c	Agent	  * WU client version 7.5.7601.17514
2011-09-01	02:33:28:261	 636	e4c	Agent	  * Base directory: C:\Windows\SoftwareDistribution
2011-09-01	02:33:28:261	 636	e4c	Agent	  * Access type: No proxy
2011-09-01	02:33:28:263	 636	e4c	Agent	  * Network state: Connected
2011-09-01	02:33:28:556	 636	ccc	Report	CWERReporter::Init succeeded
2011-09-01	02:33:28:556	 636	ccc	Agent	***********  Agent: Initializing Windows Update Agent  ***********
2011-09-01	02:33:28:556	 636	ccc	Agent	***********  Agent: Initializing global settings cache  ***********
2011-09-01	02:33:28:556	 636	ccc	Agent	  * WSUS server: <NULL>
2011-09-01	02:33:28:556	 636	ccc	Agent	  * WSUS status server: <NULL>
2011-09-01	02:33:28:556	 636	ccc	Agent	  * Target group: (Unassigned Computers)
2011-09-01	02:33:28:556	 636	ccc	Agent	  * Windows Update access disabled: No
2011-09-01	02:33:28:591	 636	ccc	DnldMgr	Download manager restoring 0 downloads
2011-09-01	02:33:28:592	 636	ccc	DnldMgr	Retrieved 3 persisted download jobs
2011-09-01	02:33:28:592	 636	ccc	DnldMgr	***********  DnldMgr: Restoring download [no. 0]  ***********
2011-09-01	02:33:28:592	 636	ccc	DnldMgr	  * BITS JobId = {1560F987-70C4-4D4D-B667-19F7DC56EF16}
2011-09-01	02:33:28:592	 636	ccc	DnldMgr	  * ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-09-01	02:33:28:653	 636	ccc	DnldMgr	  * UpdateId = {CFF225A2-F7A8-41A2-A234-227C569EEB62}.100
2011-09-01	02:33:28:785	 636	ccc	DnldMgr	  * Restored download job.
2011-09-01	02:33:28:786	 636	ccc	DnldMgr	***********  DnldMgr: Restoring download [no. 1]  ***********
2011-09-01	02:33:28:786	 636	ccc	DnldMgr	  * BITS JobId = {C1A936B2-FA69-4E91-AE33-291A31A1BB45}
2011-09-01	02:33:28:786	 636	ccc	DnldMgr	  * ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-09-01	02:33:28:812	 636	ccc	DnldMgr	  * UpdateId = {970E2CD7-4F98-48BD-BE2A-978CAB0AE3CC}.100
2011-09-01	02:33:28:875	 636	ccc	DnldMgr	  * Restored download job.
2011-09-01	02:33:28:875	 636	ccc	DnldMgr	***********  DnldMgr: Restoring download [no. 2]  ***********
2011-09-01	02:33:28:875	 636	ccc	DnldMgr	  * BITS JobId = {ECB920C1-D1FE-4A48-9FDF-2047C751F4A6}
2011-09-01	02:33:28:875	 636	ccc	DnldMgr	  * ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-09-01	02:33:28:877	 636	ccc	DnldMgr	  * UpdateId = {2E0E3DE5-53DB-4365-AC73-8E70EE4FFF3E}.100
2011-09-01	02:33:28:934	 636	ccc	DnldMgr	  * Restored download job.
2011-09-01	02:33:28:996	4156	1340	Misc	===========  Logging initialized (build: 7.5.7601.17514, tz: +0200)  ===========
2011-09-01	02:33:28:996	4156	1340	Misc	  = Process: C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
2011-09-01	02:33:28:996	4156	1340	Misc	  = Module: C:\Windows\system32\wuapi.dll
2011-09-01	02:33:28:996	4156	1340	COMAPI	-------------
2011-09-01	02:33:28:996	4156	1340	COMAPI	-- START --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:28:996	4156	1340	COMAPI	---------
2011-09-01	02:33:29:004	4156	1340	COMAPI	<<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:29:405	 636	e4c	Report	***********  Report: Initializing static reporting data  ***********
2011-09-01	02:33:29:405	 636	e4c	Report	  * OS Version = 6.1.7601.1.0.65792
2011-09-01	02:33:29:405	 636	e4c	Report	  * OS Product Type = 0x00000001
2011-09-01	02:33:29:426	 636	e4c	Report	  * Computer Brand = Hewlett-Packard
2011-09-01	02:33:29:426	 636	e4c	Report	  * Computer Model = HP ENVY 17 Notebook PC
2011-09-01	02:33:29:430	 636	e4c	Report	  * Bios Revision = F.1D
2011-09-01	02:33:29:430	 636	e4c	Report	  * Bios Name = Default System BIOS
2011-09-01	02:33:29:430	 636	e4c	Report	  * Bios Release Date = 2011-04-07T00:00:00
2011-09-01	02:33:29:430	 636	e4c	Report	  * Locale ID = 1033
2011-09-01	02:33:29:498	 636	8f0	Agent	*************
2011-09-01	02:33:29:498	 636	8f0	Agent	** START **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:29:498	 636	8f0	Agent	*********
2011-09-01	02:33:29:498	 636	8f0	Agent	  * Online = Yes; Ignore download priority = No
2011-09-01	02:33:29:498	 636	8f0	Agent	  * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6b9e8b26-8f50-44b9-94c6-7846084383ec' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2011-09-01	02:33:29:498	 636	8f0	Agent	  * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2011-09-01	02:33:29:498	 636	8f0	Agent	  * Search Scope = {Machine}
2011-09-01	02:33:29:535	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-09-01	02:33:29:581	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:262	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-09-01	02:33:32:269	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:306	 636	8f0	Agent	Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.windowsupdate.com/v9/microsoftupdate/redir/muauth.cab
2011-09-01	02:33:32:306	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2011-09-01	02:33:32:315	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:349	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2011-09-01	02:33:32:356	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:788	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:32:801	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:836	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:32:842	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:32:857	 636	8f0	PT	+++++++++++  PT: Starting category scan  +++++++++++
2011-09-01	02:33:32:857	 636	8f0	PT	  + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2011-09-01	02:33:36:676	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:36:679	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:36:712	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:36:715	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:36:718	 636	8f0	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
2011-09-01	02:33:36:718	 636	8f0	PT	  + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2011-09-01	02:33:37:377	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:37:381	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:37:414	 636	8f0	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2011-09-01	02:33:37:420	 636	8f0	Misc	 Microsoft signed: Yes
2011-09-01	02:33:37:427	 636	8f0	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++
2011-09-01	02:33:37:427	 636	8f0	PT	  + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2011-09-01	02:33:37:793	 636	8f0	Agent	Update {EEE1A8C9-2155-43D4-869F-31431B305861}.100 is pruned out due to potential supersedence
2011-09-01	02:33:37:793	 636	8f0	Agent	Update {0F4794D0-05C9-451F-B134-DDA865F9CC91}.100 is pruned out due to potential supersedence
2011-09-01	02:33:37:793	 636	8f0	Agent	Update {CA3351D4-4778-4FE9-88E3-8C3C3823D9BE}.100 is pruned out due to potential supersedence
2011-09-01	02:33:37:793	 636	8f0	Agent	  * Added update {5E72BE20-24A1-4AB5-9705-4570757DC1D1}.100 to search result
2011-09-01	02:33:37:794	 636	8f0	Agent	  * Found 1 updates and 4 categories in search; evaluated appl. rules of 70 out of 79 deployed entities
2011-09-01	02:33:38:418	 636	8f0	Agent	*********
2011-09-01	02:33:38:418	 636	8f0	Agent	**  END  **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:38:418	 636	8f0	Agent	*************
2011-09-01	02:33:38:420	4156	5dc	COMAPI	>>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:38:425	4156	5dc	COMAPI	  - Updates found = 1
2011-09-01	02:33:38:425	4156	5dc	COMAPI	---------
2011-09-01	02:33:38:425	4156	5dc	COMAPI	--  END  --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:38:425	4156	5dc	COMAPI	-------------
2011-09-01	02:33:38:454	4156	c5c	COMAPI	-------------
2011-09-01	02:33:38:454	4156	c5c	COMAPI	-- START --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:38:454	4156	c5c	COMAPI	---------
2011-09-01	02:33:38:454	4156	c5c	COMAPI	  - Forced: No; Download priority: 3
2011-09-01	02:33:38:454	4156	c5c	COMAPI	  - Updates in request: 1
2011-09-01	02:33:38:454	4156	c5c	COMAPI	  - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2011-09-01	02:33:38:459	4156	c5c	COMAPI	<<-- SUBMITTED -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:53:041	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:33:53:112	 636	8f0	Report	REPORT EVENT: {A7359392-4850-46EA-A622-EC51BB7C5629}	2011-09-01 02:33:38:417+0200	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	Microsoft Security Essentials (	Success	Software Synchronization	Windows Update Client successfully detected 1 updates.
2011-09-01	02:33:53:113	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	*************
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	** START **  DnldMgr: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	*********
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	  * Call ID = {9DE32852-B565-4FE3-8D67-119588170D80}
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	  * Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-09-01	02:33:53:634	 636	8f0	DnldMgr	  * Updates to download = 1
2011-09-01	02:33:53:634	 636	8f0	Agent	  *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.111.1185.0)
2011-09-01	02:33:53:634	 636	8f0	Agent	  *   UpdateId = {5E72BE20-24A1-4AB5-9705-4570757DC1D1}.100
2011-09-01	02:33:53:634	 636	8f0	Agent	  *     Bundles 1 updates:
2011-09-01	02:33:53:634	 636	8f0	Agent	  *       {4ECF9C16-ECB1-4E3C-8202-4DB47BBE4198}.100
2011-09-01	02:33:53:640	 636	8f0	DnldMgr	***********  DnldMgr: New download job [UpdateId = {4ECF9C16-ECB1-4E3C-8202-4DB47BBE4198}.100]  ***********
2011-09-01	02:33:54:049	 636	8f0	DnldMgr	  * BITS job initialized, JobId = {17819417-4CE1-43BD-B7D8-CC79CAF01BC1}
2011-09-01	02:33:54:324	 636	8f0	DnldMgr	  * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2011/08/am_delta_4ed18ab481794422d98ed271fbbab9c6b262b0ce.exe to C:\Windows\SoftwareDistribution\Download\f3b3e5477e518574e32bb7faa5a19077\4ed18ab481794422d98ed271fbbab9c6b262b0ce (full file).
2011-09-01	02:33:54:587	 636	8f0	Agent	*********
2011-09-01	02:33:54:587	 636	8f0	Agent	**  END  **  Agent: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:33:54:587	 636	8f0	Agent	*************
2011-09-01	02:34:01:601	 636	15b8	DnldMgr	BITS job {17819417-4CE1-43BD-B7D8-CC79CAF01BC1} completed successfully
2011-09-01	02:34:01:732	 636	15b8	Misc	Validating signature for C:\Windows\SoftwareDistribution\Download\f3b3e5477e518574e32bb7faa5a19077\4ed18ab481794422d98ed271fbbab9c6b262b0ce:
2011-09-01	02:34:01:750	 636	15b8	Misc	 Microsoft signed: Yes
2011-09-01	02:34:01:752	 636	15b8	DnldMgr	  Download job bytes total = 2814352, bytes transferred = 2814352
2011-09-01	02:34:01:753	 636	15b8	DnldMgr	***********  DnldMgr: New download job [UpdateId = {4ECF9C16-ECB1-4E3C-8202-4DB47BBE4198}.100]  ***********
2011-09-01	02:34:01:782	 636	15b8	DnldMgr	  * All files for update were already downloaded and are valid.
2011-09-01	02:34:01:787	4156	5dc	COMAPI	>>--  RESUMED  -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:34:01:787	4156	5dc	COMAPI	  - Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2011-09-01	02:34:01:787	4156	5dc	COMAPI	---------
2011-09-01	02:34:01:787	4156	5dc	COMAPI	--  END  --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:34:01:787	4156	5dc	COMAPI	-------------
2011-09-01	02:34:01:799	4156	988	COMAPI	-------------
2011-09-01	02:34:01:799	4156	988	COMAPI	-- START --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:34:01:799	4156	988	COMAPI	---------
2011-09-01	02:34:01:799	4156	988	COMAPI	  - Allow source prompts: Yes; Forced: No; Force quiet: Yes
2011-09-01	02:34:01:800	4156	988	COMAPI	  - Updates in request: 1
2011-09-01	02:34:01:800	4156	988	COMAPI	  - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2011-09-01	02:34:01:802	4156	988	COMAPI	  - Updates to install = 1
2011-09-01	02:34:01:802	4156	988	COMAPI	<<-- SUBMITTED -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:34:01:802	 636	3e0	Agent	*************
2011-09-01	02:34:01:802	 636	3e0	Agent	** START **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:34:01:802	 636	3e0	Agent	*********
2011-09-01	02:34:01:802	 636	3e0	Agent	  * Updates to install = 1
2011-09-01	02:34:01:804	 636	3e0	Agent	  *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.111.1185.0)
2011-09-01	02:34:01:804	 636	3e0	Agent	  *   UpdateId = {5E72BE20-24A1-4AB5-9705-4570757DC1D1}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *     Bundles 12 updates:
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {35E849E9-7471-43D6-B64E-1D29B2E08732}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {FF4FDBF5-99F6-476E-916E-A19BC3B7F908}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {3A06D5BA-48CE-4229-A89B-44042AF2E029}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {266C82C3-5689-432A-ABC2-B90940C43F2D}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {EA39DD10-90EC-4EEC-B123-D40B938EDE16}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {2149C7E4-4331-4858-8015-7CA67FBBD777}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {6001211F-2BEE-4376-AB93-9D128D070BD8}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {BEBC9F44-8298-46B8-AFE3-1910AB2ACBCF}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {8549A789-AFCB-42E6-A7CF-CF0D64055E57}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {02F1FF09-5496-4966-9C6E-192497D2C012}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {7FB5B87C-6273-424F-AD09-B14F82E2F63A}.100
2011-09-01	02:34:01:804	 636	3e0	Agent	  *       {4ECF9C16-ECB1-4E3C-8202-4DB47BBE4198}.100
2011-09-01	02:34:01:996	 636	3e0	DnldMgr	Preparing update for install, updateId = {4ECF9C16-ECB1-4E3C-8202-4DB47BBE4198}.100.
2011-09-01	02:34:02:016	2876	754	Misc	===========  Logging initialized (build: 7.5.7601.17514, tz: +0200)  ===========
2011-09-01	02:34:02:016	2876	754	Misc	  = Process: C:\Windows\system32\wuauclt.exe
2011-09-01	02:34:02:016	2876	754	Misc	  = Module: C:\Windows\system32\wuaueng.dll
2011-09-01	02:34:02:016	2876	754	Handler	:::::::::::::
2011-09-01	02:34:02:016	2876	754	Handler	:: START ::  Handler: Command Line Install
2011-09-01	02:34:02:016	2876	754	Handler	:::::::::
2011-09-01	02:34:02:016	2876	754	Handler	  : Updates to install = 1
2011-09-01	02:34:06:786	 636	8f0	Report	REPORT EVENT: {1226AA16-52B4-412D-9633-886EDC30FBE1}	2011-09-01 02:34:01:787+0200	1	162	101	{5E72BE20-24A1-4AB5-9705-4570757DC1D1}	100	0	Microsoft Security Essentials (	Success	Content Download	Download succeeded.
2011-09-01	02:34:06:786	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:34:13:521	 636	e4c	AU	###########  AU: Initializing Automatic Updates  ###########
2011-09-01	02:34:16:686	 636	e4c	AU	  # Approval type: Scheduled (User preference)
2011-09-01	02:34:16:686	 636	e4c	AU	  # Scheduled install day/time: Every day at 3:00
2011-09-01	02:34:16:686	 636	e4c	AU	  # Auto-install minor updates: Yes (User preference)
2011-09-01	02:34:16:686	 636	e4c	AU	  # Will interact with non-admins (Non-admins are elevated (User preference))
2011-09-01	02:34:16:720	 636	e4c	AU	Setting AU scheduled install time to 2011-09-01 01:00:00
2011-09-01	02:34:20:024	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:34:20:065	 636	e4c	AU	Initializing featured updates
2011-09-01	02:34:20:065	 636	e4c	AU	Found 0 cached featured updates
2011-09-01	02:34:20:065	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:34:20:070	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:34:20:070	 636	e4c	AU	AU finished delayed initialization
2011-09-01	02:34:25:023	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:37:11:754	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:37:33:951	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:37:38:951	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:40:35:637	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:40:40:637	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:41:05:679	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:41:10:223	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:41:15:749	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:41:18:932	 636	8f0	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:46:46:566	 636	e4c	Shutdwn	user declined update at shutdown
2011-09-01	02:46:46:566	 636	e4c	AU	Found ongoing AU install at shutdown.
2011-09-01	02:46:46:566	 636	e4c	AU	Successfully wrote event for AU health state:0
2011-09-01	02:46:46:566	 636	e4c	AU	AU initiates service shutdown
2011-09-01	02:46:46:566	 636	e4c	AU	###########  AU: Uninitializing Automatic Updates  ###########
2011-09-01	02:47:31:556	4156	1340	COMAPI	FATAL: Unable to connect to the service (hr=8007045B)
2011-09-01	02:47:31:556	4156	1340	COMAPI	WARNING: Unable to establish connection to the service. (hr=8007045B)
2011-09-01	02:47:33:257	 636	e4c	Handler	FATAL: UH: 0x8007041d: StartSession failed in CCbs::IsCbsPending
2011-09-01	02:47:36:735	2876	754	Handler	  : WARNING: Command line install cancelled via Cancel method (action interrupted)
2011-09-01	02:48:04:831	2876	754	Handler	  : WARNING: Exit code = 0x80242008
2011-09-01	02:48:04:831	2876	754	Handler	:::::::::
2011-09-01	02:48:04:831	2876	754	Handler	::  END  ::  Handler: Command Line Install
2011-09-01	02:48:04:831	2876	754	Handler	:::::::::::::
2011-09-01	02:48:04:831	 636	3e0	Agent	  * WARNING: Exit code = 0x8024000B
2011-09-01	02:48:04:831	 636	3e0	Agent	*********
2011-09-01	02:48:04:831	 636	3e0	Agent	**  END  **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:48:04:831	 636	3e0	Agent	*************
2011-09-01	02:48:04:831	 636	3e0	Agent	WARNING: WU client failed installing updates with error 0x8024000b
2011-09-01	02:48:04:847	4156	170c	COMAPI	>>--  RESUMED  -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:48:04:847	4156	170c	COMAPI	  - Install call failed
2011-09-01	02:48:04:847	4156	170c	COMAPI	  - Reboot required = No
2011-09-01	02:48:04:847	4156	170c	COMAPI	  - WARNING: Exit code = 0x80240FFF; Call error code = 0x8024001E
2011-09-01	02:48:04:847	4156	170c	COMAPI	---------
2011-09-01	02:48:04:847	4156	170c	COMAPI	--  END  --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2011-09-01	02:48:04:847	4156	170c	COMAPI	-------------
2011-09-01	02:48:04:847	 636	e4c	Agent	Sending shutdown notification to client
2011-09-01	02:48:04:847	4156	170c	COMAPI	WARNING: Received service shutdown/self-update notification.
2011-09-01	02:48:04:847	 636	e4c	Agent	Sending shutdown notification to client
2011-09-01	02:48:04:847	4156	170c	COMAPI	WARNING: Received service shutdown/self-update notification.
2011-09-01	02:48:04:847	 636	e4c	Agent	Sending shutdown notification to client
2011-09-01	02:48:04:847	4156	170c	COMAPI	WARNING: Received service shutdown/self-update notification.
2011-09-01	02:48:04:847	 636	e4c	Agent	Sending shutdown notification to client
2011-09-01	02:48:04:847	4156	170c	COMAPI	WARNING: Received service shutdown/self-update notification.
2011-09-01	02:48:04:847	 636	e4c	Report	REPORT EVENT: {084FC9A9-E973-4CC9-A98F-EE4B85AC2106}	2011-09-01 02:47:36:735+0200	1	186	101	{5E72BE20-24A1-4AB5-9705-4570757DC1D1}	100	8024000b	Microsoft Security Essentials (	Success	Content Install	User cancelled the installation.
2011-09-01	02:48:04:847	 636	e4c	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2011-09-01	02:48:04:847	 636	e4c	Report	WER Report sent: 7.5.7601.17514 0x8024000b 5E72BE20-24A1-4AB5-9705-4570757DC1D1 Install 101 Unmanaged
2011-09-01	02:48:04:847	 636	e4c	Report	CWERReporter finishing event handling. (00000000)
2011-09-01	02:48:25:096	 636	e4c	Service	*********
2011-09-01	02:48:25:096	 636	e4c	Service	**  END  **  Service: Service exit [Exit code = 0x240001]
2011-09-01	02:48:25:096	 636	e4c	Service	*************


#9 necrophyte

necrophyte
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 September 2011 - 08:27 AM

well, i uninstalled mse and was then able to install it freshly, and update it, so now the problem seems to be solved. another full system scan with the most recent definitions again found nothing.

still, thanks for your assistance!

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:29 AM

Posted 02 September 2011 - 12:38 PM

You are welcome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users