Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/google redirect I think...


  • This topic is locked This topic is locked
85 replies to this topic

#1 rosestristan

rosestristan

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 04 April 2013 - 12:27 PM

Hello... when I search for things using mozilla firefox with google as my search engine, the results show on the window but I get nonsense sites and redirects when i click on the search results. I've run spybot, malwarebytes, tdssrootkit, and it's still doing it. Here's the hijackthis scan result...

 

 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:20 PM, on 4/4/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Users\Dawn-Laptop\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Dawn-Laptop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Launch Utility Application.lnk = Dawn-Laptop\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxcr_device - Unknown owner - C:\windows\system32\lxcrcoms.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12768 bytes
 

 

Thank you in advance for any answers!


Edited by hamluis, 04 April 2013 - 02:47 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 04 April 2013 - 03:55 PM


Hello rosestristan

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 April 2013 - 01:59 PM

I did as you suggested, I ran the security check, adw cleaner, and I tried to run roguekiller, but it never completed the scan, even after running for 12+ hours. Still getting the redirects in the browser. Here are the results.
 
 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 25  
 Java version out of Date!
  Adobe Flash Player 11.5.502.146 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (20.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
 
 
and the adw cleaner.
 
# AdwCleaner v2.200 - Logfile created 04/04/2013 at 17:26:45
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dawn-Laptop - DAWN-LAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Dawn-Laptop\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\uTorrentControl_v2
Folder Found : C:\Users\Dawn-Laptop\AppData\Local\Conduit
Folder Found : C:\Users\Dawn-Laptop\AppData\Local\Wajam
Folder Found : C:\Users\Dawn-Laptop\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dawn-Laptop\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Dawn-Laptop\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dawn-Laptop\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dawn-Laptop\AppData\LocalLow\uTorrentControl_v2
Folder Found : C:\Users\Dawn-Laptop\AppData\Roaming\Babylon
Folder Found : C:\Users\Dawn-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\uTorrentControl_v2
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8689C57-0B55-48E3-8D2C-289B43E0631E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB7441C4-486F-4C71-9B64-2DA06902B33F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-2821310377-1147610162-3908177234-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3712_7&babsrc=HP_ss&mntrId=8a57ebbf000000000000e840f2461eab
[HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3712_7&babsrc=HP_ss&mntrId=8a57ebbf000000000000e840f2461eab
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3712_7&babsrc=NT_ss&mntrId=8a57ebbf000000000000e840f2461eab

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Users\Dawn-Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\ppois2u1.default-1364893412388\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dawn-Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6657 octets] - [04/04/2013 17:26:45]

########## EOF - C:\AdwCleaner[R1].txt - [6717 octets] ##########
 

Edited by rosestristan, 05 April 2013 - 02:02 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 05 April 2013 - 03:13 PM


Hello rosestristan

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 April 2013 - 04:03 PM

combofix appears to have done the trick... I'll post the log for verisimilitude, but thank you very much for the adept help!

 

 

ComboFix 13-04-05.01 - Dawn-Laptop 04/05/2013  16:32:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3562.2407 [GMT -4:00]
Running from: c:\users\Dawn-Laptop\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-05 to 2013-04-05  )))))))))))))))))))))))))))))))
.
.
2013-04-05 20:43 . 2013-04-05 20:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-04 21:09 . 2013-04-04 21:09    972264    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C4A402F-1808-41B4-98B7-4DD51A05B91D}\gapaengine.dll
2013-04-04 21:09 . 2013-03-15 03:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1201F7F0-B96F-4217-911A-551AC4A7B468}\mpengine.dll
2013-04-04 21:08 . 2013-04-04 21:08    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-04-04 21:08 . 2013-04-04 21:08    --------    d-----w-    c:\program files\Microsoft Security Client
2013-04-04 19:46 . 2013-04-04 19:46    --------    d-----w-    c:\users\Dawn-Laptop\AppData\Roaming\Babylon
2013-04-04 19:46 . 2013-04-02 08:44    140    ----a-w-    C:\Quarantine.reg
2013-04-04 19:45 . 2012-09-14 17:08    315    ----a-w-    C:\user.js
2013-04-04 13:04 . 2013-04-04 13:04    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-04-03 06:37 . 2013-04-03 06:37    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-04-03 05:33 . 2013-04-03 05:33    --------    d-----w-    c:\users\Dawn-Laptop\AppData\Roaming\Malwarebytes
2013-04-03 05:32 . 2013-04-03 05:32    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-02 08:01 . 2013-04-02 08:47    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-04-02 08:01 . 2013-04-04 21:12    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-02 07:48 . 2013-04-02 07:49    --------    d-----w-    c:\program files\CCleaner
2013-03-28 20:49 . 2013-04-03 05:21    --------    d-----w-    c:\users\Dawn-Laptop\Programs
2013-03-28 20:40 . 1998-06-18 04:00    89360    ----a-w-    c:\windows\SysWow64\VB5DB.DLL
2013-03-28 20:39 . 2013-03-28 20:56    --------    d-----w-    C:\AI_RecycleBin
2013-03-28 19:58 . 2013-03-28 19:58    --------    d-----w-    c:\program files (x86)\EaseUS
2013-03-26 03:47 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-25 00:18 . 2013-03-28 18:21    --------    d-----w-    C:\TEMP
2013-03-14 07:00 . 2013-03-14 07:00    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-03-14 07:00 . 2013-03-14 07:00    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-03-09 03:36 . 2013-03-09 03:38    --------    d-----w-    c:\programdata\Yahoo!
2013-03-09 03:34 . 2013-04-03 05:22    --------    d-----w-    c:\program files (x86)\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-14 07:03 . 2012-10-18 00:20    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 03:37 . 2012-11-03 11:35    419488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 03:37 . 2011-11-02 12:01    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 02:22 . 2013-02-19 02:22    57344    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\NewShortcut11_97115261D719453B993A7ECEF93C483C.exe
2013-02-19 02:22 . 2013-02-19 02:22    57344    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\NewShortcut1_33418FF5CFFC4162B49A01B3130DF581.exe
2013-02-19 02:22 . 2013-02-19 02:22    53248    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\ARPPRODUCTICON.exe
2013-02-12 05:45 . 2013-03-13 10:57    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:57    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:57    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:57    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:57    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:57    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59 . 2013-01-20 19:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-09 08:31 . 2013-01-09 08:31    0    ----a-w-    c:\windows\SysWow64\sho7BC2.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 03:37]
.
2013-04-05 c:\windows\Tasks\PXOG.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Dawn-Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\ppois2u1.default-1364893412388\
FF - ExtSQL: 2013-02-17 11:03; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-26777540.sys
Toolbar-Locked - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-05  16:58:15
ComboFix-quarantined-files.txt  2013-04-05 20:58
.
Pre-Run: 270,687,653,888 bytes free
Post-Run: 270,543,880,192 bytes free
.
- - End Of File - - C5CB9A7EEA02B695970A4A51EE80BBBF
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 05 April 2013 - 05:29 PM


Hello rosestristan

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache::

Folder::
c:\users\Dawn-Laptop\AppData\Roaming\Babylon
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 April 2013 - 06:56 PM

ComboFix 13-04-05.01 - Dawn-Laptop 04/05/2013  19:19:37.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3562.2242 [GMT -4:00]
Running from: c:\users\Dawn-Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Dawn-Laptop\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dawn-Laptop\AppData\Roaming\Babylon
c:\users\Dawn-Laptop\AppData\Roaming\Babylon\log_file.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-05 to 2013-04-05  )))))))))))))))))))))))))))))))
.
.
2013-04-05 23:29 . 2013-04-05 23:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-04 21:09 . 2013-04-04 21:09    972264    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C4A402F-1808-41B4-98B7-4DD51A05B91D}\gapaengine.dll
2013-04-04 21:09 . 2013-03-15 03:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1201F7F0-B96F-4217-911A-551AC4A7B468}\mpengine.dll
2013-04-04 21:08 . 2013-04-04 21:08    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-04-04 21:08 . 2013-04-04 21:08    --------    d-----w-    c:\program files\Microsoft Security Client
2013-04-04 19:46 . 2013-04-02 08:44    140    ----a-w-    C:\Quarantine.reg
2013-04-04 19:45 . 2012-09-14 17:08    315    ----a-w-    C:\user.js
2013-04-04 13:04 . 2013-04-04 13:04    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-04-03 06:37 . 2013-04-03 06:37    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-04-03 05:33 . 2013-04-03 05:33    --------    d-----w-    c:\users\Dawn-Laptop\AppData\Roaming\Malwarebytes
2013-04-03 05:32 . 2013-04-03 05:32    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-02 08:01 . 2013-04-02 08:47    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-04-02 08:01 . 2013-04-04 21:12    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-02 07:48 . 2013-04-02 07:49    --------    d-----w-    c:\program files\CCleaner
2013-03-28 20:49 . 2013-04-03 05:21    --------    d-----w-    c:\users\Dawn-Laptop\Programs
2013-03-28 20:40 . 1998-06-18 04:00    89360    ----a-w-    c:\windows\SysWow64\VB5DB.DLL
2013-03-28 20:39 . 2013-03-28 20:56    --------    d-----w-    C:\AI_RecycleBin
2013-03-28 19:58 . 2013-03-28 19:58    --------    d-----w-    c:\program files (x86)\EaseUS
2013-03-26 03:47 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-25 00:18 . 2013-03-28 18:21    --------    d-----w-    C:\TEMP
2013-03-14 07:00 . 2013-03-14 07:00    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-03-14 07:00 . 2013-03-14 07:00    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-03-09 03:36 . 2013-03-09 03:38    --------    d-----w-    c:\programdata\Yahoo!
2013-03-09 03:34 . 2013-04-03 05:22    --------    d-----w-    c:\program files (x86)\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-14 07:03 . 2012-10-18 00:20    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 03:37 . 2012-11-03 11:35    419488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 03:37 . 2011-11-02 12:01    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 02:22 . 2013-02-19 02:22    57344    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\NewShortcut11_97115261D719453B993A7ECEF93C483C.exe
2013-02-19 02:22 . 2013-02-19 02:22    57344    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\NewShortcut1_33418FF5CFFC4162B49A01B3130DF581.exe
2013-02-19 02:22 . 2013-02-19 02:22    53248    ----a-r-    c:\users\Dawn-Laptop\AppData\Roaming\Microsoft\Installer\{8EBE529D-907F-47C5-9DBF-FF88EC3C215D}\ARPPRODUCTICON.exe
2013-02-12 05:45 . 2013-03-13 10:57    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:57    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:57    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:57    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:57    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:57    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59 . 2013-01-20 19:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-09 08:31 . 2013-01-09 08:31    0    ----a-w-    c:\windows\SysWow64\sho7BC2.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 03:37]
.
2013-04-05 c:\windows\Tasks\PXOG.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Dawn-Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\ppois2u1.default-1364893412388\
FF - ExtSQL: 2013-02-17 11:03; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-05  19:43:25
ComboFix-quarantined-files.txt  2013-04-05 23:43
ComboFix2.txt  2013-04-05 20:58
.
Pre-Run: 270,542,528,512 bytes free
Post-Run: 270,479,192,064 bytes free
.
- - End Of File - - 6F4BABB6802A5908D1F3D68C84E0D023
 

 

 

It seems to be running fine, it's not redirection the results from google searches anymore.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 05 April 2013 - 08:48 PM


Hello rosestristan

I would like to see a report that combofix makes.

extra combofix report
C:\Qoobox\Add-Remove Programs.txt
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
    • click ok
  • copy and paste the report into this topic for me to review

    Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 10 April 2013 - 01:08 PM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 10 April 2013 - 10:54 PM

It actually has reinfected, I'm getting the same redirect that I had at the beginning, I just haven't had time to sit down and address the issue, my work has been quite hectic thew past few days.

 

If we can start over from the beginning, it would be great.

 

Thank you.


Edited by rosestristan, 10 April 2013 - 10:54 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 11 April 2013 - 08:27 AM


Hello rosestristan

we will run this now, it will help remove some files from the computer.


Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe
DeleteFile:
c:\windows\Tasks\PXOG.job
  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 13 April 2013 - 01:48 PM

I did as you instructed but I can't find the file. There is a null file but the date is may of last year, and I am unable to open it.  I have the next 2 days off work so I'm hoping I can get this straightened out over the weekend... thanks for helping.


Edited by rosestristan, 13 April 2013 - 01:49 PM.


#13 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 13 April 2013 - 03:24 PM

 I found the log and I am trying to post it, but apparently it's too long?



#14 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 13 April 2013 - 06:06 PM

first part of log :

2013-04-06    18:14:21:778    1012    6f0    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
2013-04-06    18:14:21:840    1012    6f0    Misc      = Process: C:\windows\system32\svchost.exe
2013-04-06    18:14:21:887    1012    6f0    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-04-06    18:14:21:778    1012    6f0    Service    *************
2013-04-06    18:14:22:012    1012    6f0    Service    ** START **  Service: Service startup
2013-04-06    18:14:22:074    1012    6f0    Service    *********
2013-04-06    18:14:22:480    1012    6f0    Agent      * WU client version 7.6.7600.256
2013-04-06    18:14:22:542    1012    6f0    Agent      * Base directory: C:\windows\SoftwareDistribution
2013-04-06    18:14:22:542    1012    6f0    Agent      * Access type: No proxy
2013-04-06    18:14:22:542    1012    6f0    Agent      * Network state: Connected
2013-04-06    18:15:08:859    1012    6f0    Report    CWERReporter::Init succeeded
2013-04-06    18:15:08:859    1012    6f0    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-04-06    18:15:08:874    1012    6f0    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-04-06    18:15:08:874    1012    6f0    Agent      * WSUS server: <NULL>
2013-04-06    18:15:08:874    1012    6f0    Agent      * WSUS status server: <NULL>
2013-04-06    18:15:08:874    1012    6f0    Agent      * Target group: (Unassigned Computers)
2013-04-06    18:15:08:874    1012    6f0    Agent      * Windows Update access disabled: No
2013-04-06    18:15:08:890    1012    6f0    Agent      * Found 1 persisted download calls to restore
2013-04-06    18:15:08:968    1012    6f0    DnldMgr    Download manager restoring 1 downloads
2013-04-06    18:15:09:030    1012    6f0    Agent    WARNING: fail to get update deployments with error 0x80248007
2013-04-06    18:15:09:280    1012    6f0    Agent      * Successfully loaded 1 persisted download calls.
2013-04-06    18:15:09:327    1012    6f0    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-04-06    18:15:09:342    1012    6f0    AU      # Approval type: Scheduled (User preference)
2013-04-06    18:15:09:342    1012    6f0    AU      # Scheduled install day/time: Every day at 3:00
2013-04-06    18:15:09:342    1012    6f0    AU      # Auto-install minor updates: Yes (User preference)
2013-04-06    18:15:09:467    1012    6f0    AU      # Reconnecting download for 1 updates
2013-04-06    18:15:09:483    1012    6f0    AU      # Reconnected 1 pending download calls
2013-04-06    18:15:09:483    1012    6f0    AU    Setting AU scheduled install time to 2013-04-07 07:00:00
2013-04-06    18:15:10:044    1012    6f0    Report    ***********  Report: Initializing static reporting data  ***********
2013-04-06    18:15:10:044    1012    6f0    Report      * OS Version = 6.1.7601.1.0.66304
2013-04-06    18:15:10:044    1012    6f0    Report      * OS Product Type = 0x00000003
2013-04-06    18:15:10:075    1012    6f0    Report      * Computer Brand = TOSHIBA
2013-04-06    18:15:10:075    1012    6f0    Report      * Computer Model = Satellite L775D
2013-04-06    18:15:10:091    1012    6f0    Report      * Bios Revision = 1.50
2013-04-06    18:15:10:091    1012    6f0    Report      * Bios Name = BIOS Date: 10/17/11 17:52:17 Ver: 04.06.04
2013-04-06    18:15:10:091    1012    6f0    Report      * Bios Release Date = 2011-10-18T00:00:00
2013-04-06    18:15:10:091    1012    6f0    Report      * Locale ID = 1033
2013-04-06    18:15:10:153    1012    6f0    AU    Successfully wrote event for AU health state:0
2013-04-06    18:15:10:153    1012    6f0    AU    Initializing featured updates
2013-04-06    18:15:10:153    1012    6f0    AU    Found 0 cached featured updates
2013-04-06    18:15:10:153    1012    6f0    AU    Successfully wrote event for AU health state:0
2013-04-06    18:15:10:153    1012    6f0    AU    AU setting pending client directive to 'Download Progress'
2013-04-06    18:15:10:153    1012    6f0    AU    Successfully wrote event for AU health state:0
2013-04-06    18:15:10:153    1012    6f0    AU    AU finished delayed initialization
2013-04-06    18:15:10:153    1012    6f0    AU    #############
2013-04-06    18:15:10:153    1012    290    DnldMgr    ***********  DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}]  ***********
2013-04-06    18:15:10:153    1012    6f0    AU    ## START ##  AU: Search for updates
2013-04-06    18:15:10:153    1012    290    DnldMgr    Contacting regulation server for 6 updates.
2013-04-06    18:15:10:153    1012    6f0    AU    #########
2013-04-06    18:15:10:216    1012    6f0    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {F2217A0A-0B03-4F7E-A214-B64C47B14B07}]
2013-04-06    18:15:10:278    1012    290    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:15:10:356    1012    290    Misc     Microsoft signed: Yes
2013-04-06    18:15:10:372    1012    290    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:15:10:387    1012    290    Misc     Microsoft signed: Yes
2013-04-06    18:15:10:387    1012    290    DnldMgr    Regulation server path: https://update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: f8566757-7390-4692-af56-146d0415296d at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: 44f36957-c566-4930-83fa-7dbe206a0559 at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: fbff7257-1876-436b-8c63-f71789c56972 at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: 0400967d-802e-4336-af74-2fdb5831f98b at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: b90c9cf1-2039-4116-ad4c-af246b07509d at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      Per-Update: 907b2cf7-6d86-40a5-957a-84833747a32a at rate 3000
2013-04-06    18:15:13:773    1012    290    DnldMgr      * Regulation call complete. 0x00000000
2013-04-06    18:15:13:851    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {44F36957-C566-4930-83FA-7DBE206A0559}.202]  ***********
2013-04-06    18:15:13:851    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:851    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {907B2CF7-6D86-40A5-957A-84833747A32A}.202]  ***********
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {FBFF7257-1876-436B-8C63-F71789C56972}.202]  ***********
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {B90C9CF1-2039-4116-AD4C-AF246B07509D}.202]  ***********
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {0400967D-802E-4336-AF74-2FDB5831F98B}.202]  ***********
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {F8566757-7390-4692-AF56-146D0415296D}.202]  ***********
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    290    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:15:13:944    1012    9a4    AU    AU checked download status and it changed: Downloading is paused
2013-04-06    18:15:14:194    1012    290    Agent    *************
2013-04-06    18:15:14:194    1012    290    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:15:14:194    1012    290    Agent    *********
2013-04-06    18:15:14:194    1012    290    Agent      * Online = No; Ignore download priority = No
2013-04-06    18:15:14:194    1012    290    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-06    18:15:14:194    1012    290    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-06    18:15:14:194    1012    290    Agent      * Search Scope = {Machine}
2013-04-06    18:15:24:989    1012    290    Agent    WARNING: Failed to evaluate Installed rule, updateId = {818701AF-1182-45C2-BD1E-17068AD171D6}.101, hr = 80242013
2013-04-06    18:15:25:161    1012    6f0    AU    No pending client directive
2013-04-06    18:15:28:390    1012    290    Agent    Update {1BDDBE8D-16EF-4E1D-A8EB-826691A014F6}.101 is pruned out due to potential supersedence
2013-04-06    18:15:28:390    1012    290    Agent      * Added update {C291A8B1-7657-47ED-B7C5-D4F4A9CD1E28}.203 to search result
2013-04-06    18:15:28:390    1012    290    Agent      * Added update {5F84379F-7C14-472F-B560-62A0CDEC6F31}.203 to search result
2013-04-06    18:15:28:390    1012    290    Agent      * Found 2 updates and 73 categories in search; evaluated appl. rules of 1394 out of 2425 deployed entities
2013-04-06    18:15:28:437    1012    290    Agent    *********
2013-04-06    18:15:28:437    1012    290    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:15:28:437    1012    290    Agent    *************
2013-04-06    18:15:28:468    1012    9a4    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {F2217A0A-0B03-4F7E-A214-B64C47B14B07}]
2013-04-06    18:15:28:468    1012    290    Report    REPORT EVENT: {1F96DC95-4691-4C75-9862-7B95047B06A4}    2013-04-06 18:15:10:153-0400    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
2013-04-06    18:15:28:468    1012    9a4    AU      # 2 updates detected
2013-04-06    18:15:28:468    1012    9a4    AU    #########
2013-04-06    18:15:28:468    1012    9a4    AU    ##  END  ##  AU: Search for updates [CallId = {F2217A0A-0B03-4F7E-A214-B64C47B14B07}]
2013-04-06    18:15:28:468    1012    9a4    AU    #############
2013-04-06    18:15:28:468    1012    9a4    AU    No featured updates notifications to show
2013-04-06    18:15:28:468    1012    9a4    AU    Setting AU scheduled install time to 2013-04-07 07:00:00
2013-04-06    18:15:28:468    1012    9a4    AU    Successfully wrote event for AU health state:0
2013-04-06    18:15:28:468    1012    9a4    AU    Successfully wrote event for AU health state:0
2013-04-06    18:15:28:515    1012    290    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:15:33:475    1012    290    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:17:36:941    1012    6f0    Shutdwn    user declined update at shutdown
2013-04-06    18:17:36:941    1012    6f0    AU    Successfully wrote event for AU health state:0
2013-04-06    18:17:36:941    1012    6f0    AU    AU initiates service shutdown
2013-04-06    18:17:36:941    1012    6f0    AU    ###########  AU: Uninitializing Automatic Updates  ###########
2013-04-06    18:17:36:941    1012    6f0    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:17:37:082    1012    6f0    Service    *********
2013-04-06    18:17:37:082    1012    6f0    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
2013-04-06    18:17:37:082    1012    6f0    Service    *************
2013-04-06    18:20:38:637     128    105c    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
2013-04-06    18:20:39:151     128    105c    Misc      = Process: C:\windows\system32\svchost.exe
2013-04-06    18:20:39:307     128    105c    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-04-06    18:20:38:637     128    105c    Service    *************
2013-04-06    18:20:40:150     128    105c    Service    ** START **  Service: Service startup
2013-04-06    18:20:40:431     128    105c    Service    *********
2013-04-06    18:20:42:287     128    105c    Agent      * WU client version 7.6.7600.256
2013-04-06    18:20:42:287     128    105c    Agent      * Base directory: C:\windows\SoftwareDistribution
2013-04-06    18:20:42:303     128    105c    Agent      * Access type: No proxy
2013-04-06    18:20:42:303     128    105c    Agent      * Network state: Connected
2013-04-06    18:21:28:260     128    105c    Report    CWERReporter::Init succeeded
2013-04-06    18:21:28:260     128    105c    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-04-06    18:21:28:260     128    105c    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-04-06    18:21:28:260     128    105c    Agent      * WSUS server: <NULL>
2013-04-06    18:21:28:260     128    105c    Agent      * WSUS status server: <NULL>
2013-04-06    18:21:28:260     128    105c    Agent      * Target group: (Unassigned Computers)
2013-04-06    18:21:28:260     128    105c    Agent      * Windows Update access disabled: No
2013-04-06    18:21:28:291     128    105c    Agent      * Found 1 persisted download calls to restore
2013-04-06    18:21:28:603     128    105c    DnldMgr    Download manager restoring 1 downloads
2013-04-06    18:21:28:931     128    105c    Agent    WARNING: fail to get update deployments with error 0x80248007
2013-04-06    18:21:29:290     128    105c    Agent      * Successfully loaded 1 persisted download calls.
2013-04-06    18:21:29:368     128    105c    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-04-06    18:21:29:383     128    105c    AU      # Approval type: Scheduled (User preference)
2013-04-06    18:21:29:383     128    105c    AU      # Scheduled install day/time: Every day at 3:00
2013-04-06    18:21:29:383     128    105c    AU      # Auto-install minor updates: Yes (User preference)
2013-04-06    18:21:29:555     128    105c    AU      # Reconnecting download for 1 updates
2013-04-06    18:21:29:555     128    105c    AU      # Reconnected 1 pending download calls
2013-04-06    18:21:29:555     128    105c    AU    Setting AU scheduled install time to 2013-04-07 07:00:00
2013-04-06    18:21:30:054     128    105c    Report    ***********  Report: Initializing static reporting data  ***********
2013-04-06    18:21:30:054     128    105c    Report      * OS Version = 6.1.7601.1.0.66304
2013-04-06    18:21:30:054     128    105c    Report      * OS Product Type = 0x00000003
2013-04-06    18:21:30:085     128    105c    Report      * Computer Brand = TOSHIBA
2013-04-06    18:21:30:085     128    105c    Report      * Computer Model = Satellite L775D
2013-04-06    18:21:30:085     128    105c    Report      * Bios Revision = 1.50
2013-04-06    18:21:30:085     128    105c    Report      * Bios Name = BIOS Date: 10/17/11 17:52:17 Ver: 04.06.04
2013-04-06    18:21:30:101     128    105c    Report      * Bios Release Date = 2011-10-18T00:00:00
2013-04-06    18:21:30:101     128    105c    Report      * Locale ID = 1033
2013-04-06    18:21:30:163     128    105c    AU    Successfully wrote event for AU health state:0
2013-04-06    18:21:30:163     128    105c    AU    Initializing featured updates
2013-04-06    18:21:30:163     128    105c    AU    Found 0 cached featured updates
2013-04-06    18:21:30:163     128    105c    AU    Successfully wrote event for AU health state:0
2013-04-06    18:21:30:163     128    105c    AU    AU setting pending client directive to 'Download Progress'
2013-04-06    18:21:30:163     128    105c    AU    Successfully wrote event for AU health state:0
2013-04-06    18:21:30:163     128    105c    AU    AU finished delayed initialization
2013-04-06    18:21:30:163     128    105c    AU    #############
2013-04-06    18:21:30:163     128    105c    AU    ## START ##  AU: Search for updates
2013-04-06    18:21:30:163     128    105c    AU    #########
2013-04-06    18:21:30:163     128    13b0    DnldMgr    ***********  DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}]  ***********
2013-04-06    18:21:30:163     128    13b0    DnldMgr    Contacting regulation server for 6 updates.
2013-04-06    18:21:30:210     128    105c    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {4FFEF54A-2C37-46E2-A9F2-2D06FA504F3D}]
2013-04-06    18:21:30:304     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:30:366     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:30:382     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:30:382     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:30:382     128    13b0    DnldMgr    Regulation server path: https://update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.
2013-04-06    18:21:33:065     128    13b0    Misc    WARNING: Send failed with hr = 80072ee7.
2013-04-06    18:21:33:065     128    13b0    Misc    WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-04-06    18:21:33:065     128    13b0    DnldMgr    FATAL: Failed to contact the server with 0x8024402c.
2013-04-06    18:21:33:065     128    13b0    PT      + Last proxy send request failed with hr = 0x80072EE7, HTTP status code = 0
2013-04-06    18:21:33:065     128    13b0    PT      + Caller provided credentials = No
2013-04-06    18:21:33:065     128    13b0    PT      + Impersonate flags = 0
2013-04-06    18:21:33:065     128    13b0    PT      + Possible authorization schemes used =
2013-04-06    18:21:33:065     128    13b0    PT    WARNING: GetUpdateDownloadInformation failure, error = 0x8024402C, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-04-06    18:21:35:077     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:35:077     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:35:077     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:35:077     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:35:077     128    13b0    DnldMgr    Regulation server path: https://update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.
2013-04-06    18:21:37:698     128    13b0    Misc    WARNING: Send failed with hr = 80072ee7.
2013-04-06    18:21:37:698     128    13b0    Misc    WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-04-06    18:21:37:698     128    13b0    DnldMgr    FATAL: Failed to contact the server with 0x8024402c.
2013-04-06    18:21:37:698     128    13b0    PT      + Last proxy send request failed with hr = 0x80072EE7, HTTP status code = 0
2013-04-06    18:21:37:698     128    13b0    PT      + Caller provided credentials = No
2013-04-06    18:21:37:698     128    13b0    PT      + Impersonate flags = 0
2013-04-06    18:21:37:698     128    13b0    PT      + Possible authorization schemes used =
2013-04-06    18:21:37:698     128    13b0    PT    WARNING: GetUpdateDownloadInformation failure, error = 0x8024402C, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-04-06    18:21:39:711     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:39:711     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:39:711     128    13b0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:21:39:711     128    13b0    Misc     Microsoft signed: Yes
2013-04-06    18:21:39:711     128    13b0    DnldMgr    Regulation server path: https://update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.
2013-04-06    18:21:42:331     128    13b0    Misc    WARNING: Send failed with hr = 80072ee7.
2013-04-06    18:21:42:331     128    13b0    Misc    WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-04-06    18:21:42:331     128    13b0    DnldMgr    FATAL: Failed to contact the server with 0x8024402c.
2013-04-06    18:21:42:331     128    13b0    PT      + Last proxy send request failed with hr = 0x80072EE7, HTTP status code = 0
2013-04-06    18:21:42:331     128    13b0    PT      + Caller provided credentials = No
2013-04-06    18:21:42:331     128    13b0    PT      + Impersonate flags = 0
2013-04-06    18:21:42:331     128    13b0    PT      + Possible authorization schemes used =
2013-04-06    18:21:42:331     128    13b0    PT    WARNING: GetUpdateDownloadInformation failure, error = 0x8024402C, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-04-06    18:21:42:331     128    13b0    DnldMgr    WARNING: Server call failed, using default regulation.
2013-04-06    18:21:42:331     128    13b0    DnldMgr      * Regulation call complete. 0x8024402c
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {44F36957-C566-4930-83FA-7DBE206A0559}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {907B2CF7-6D86-40A5-957A-84833747A32A}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {FBFF7257-1876-436B-8C63-F71789C56972}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {B90C9CF1-2039-4116-AD4C-AF246B07509D}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {0400967D-802E-4336-AF74-2FDB5831F98B}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {F8566757-7390-4692-AF56-146D0415296D}.202]  ***********
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    13b0    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "Defaults" regulated and can NOT download. Sequence 4346 vs AcceptRate 0.
2013-04-06    18:21:42:347     128    7c8    AU    AU checked download status and it changed: Downloading is paused
2013-04-06    18:21:43:611     128    13b0    Report    REPORT EVENT: {78B41DDF-F07A-46CA-86D4-F72FCD604590}    2013-04-06 18:21:30:163-0400    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
2013-04-06    18:21:43:673     128    13b0    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:21:43:673     128    13b0    Agent    *************
2013-04-06    18:21:43:673     128    13b0    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:21:43:673     128    13b0    Agent    *********
2013-04-06    18:21:43:673     128    13b0    Agent      * Online = No; Ignore download priority = No
2013-04-06    18:21:43:673     128    13b0    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-06    18:21:43:673     128    13b0    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-06    18:21:43:673     128    13b0    Agent      * Search Scope = {Machine}
2013-04-06    18:21:45:171     128    105c    AU    No pending client directive
2013-04-06    18:22:51:736     128    13b0    Agent    WARNING: Failed to evaluate Installed rule, updateId = {818701AF-1182-45C2-BD1E-17068AD171D6}.101, hr = 80242013
2013-04-06    18:22:55:667     128    13b0    Agent    Update {1BDDBE8D-16EF-4E1D-A8EB-826691A014F6}.101 is pruned out due to potential supersedence
2013-04-06    18:22:55:667     128    13b0    Agent      * Added update {C291A8B1-7657-47ED-B7C5-D4F4A9CD1E28}.203 to search result
2013-04-06    18:22:55:667     128    13b0    Agent      * Added update {5F84379F-7C14-472F-B560-62A0CDEC6F31}.203 to search result
2013-04-06    18:22:55:667     128    13b0    Agent      * Found 2 updates and 73 categories in search; evaluated appl. rules of 1394 out of 2425 deployed entities
2013-04-06    18:22:55:714     128    13b0    Agent    *********
2013-04-06    18:22:55:714     128    13b0    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:22:55:714     128    13b0    Agent    *************
2013-04-06    18:22:55:745     128    7c8    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {4FFEF54A-2C37-46E2-A9F2-2D06FA504F3D}]
2013-04-06    18:22:55:745     128    7c8    AU      # 2 updates detected
2013-04-06    18:22:55:745     128    7c8    AU    #########
2013-04-06    18:22:55:745     128    7c8    AU    ##  END  ##  AU: Search for updates [CallId = {4FFEF54A-2C37-46E2-A9F2-2D06FA504F3D}]
2013-04-06    18:22:55:745     128    7c8    AU    #############
2013-04-06    18:22:55:745     128    7c8    AU    No featured updates notifications to show
2013-04-06    18:22:55:745     128    7c8    AU    Setting AU scheduled install time to 2013-04-07 07:00:00
2013-04-06    18:22:55:745     128    7c8    AU    Successfully wrote event for AU health state:0
2013-04-06    18:22:55:745     128    7c8    AU    Successfully wrote event for AU health state:0
2013-04-06    18:23:00:753     128    13b0    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:49:39:961     128    105c    Shutdwn    user declined update at shutdown
2013-04-06    18:49:39:961     128    105c    AU    Successfully wrote event for AU health state:0
2013-04-06    18:49:39:961     128    105c    AU    AU initiates service shutdown
2013-04-06    18:49:39:961     128    105c    AU    ###########  AU: Uninitializing Automatic Updates  ###########
2013-04-06    18:49:39:993     128    105c    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:49:40:086     128    105c    Service    *********
2013-04-06    18:49:40:086     128    105c    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
2013-04-06    18:49:40:086     128    105c    Service    *************
2013-04-06    18:52:33:028    1012    f94    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
2013-04-06    18:52:33:044    1012    f94    Misc      = Process: C:\windows\system32\svchost.exe
2013-04-06    18:52:33:044    1012    f94    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-04-06    18:52:33:028    1012    f94    Service    *************
2013-04-06    18:52:33:044    1012    f94    Service    ** START **  Service: Service startup
2013-04-06    18:52:33:059    1012    f94    Service    *********
2013-04-06    18:52:33:387    1012    f94    Agent      * WU client version 7.6.7600.256
2013-04-06    18:52:33:387    1012    f94    Agent      * Base directory: C:\windows\SoftwareDistribution
2013-04-06    18:52:33:403    1012    f94    Agent      * Access type: No proxy
2013-04-06    18:52:33:403    1012    f94    Agent      * Network state: Connected
2013-04-06    18:53:19:377    1012    f94    Report    CWERReporter::Init succeeded
2013-04-06    18:53:19:377    1012    f94    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-04-06    18:53:19:392    1012    f94    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-04-06    18:53:19:392    1012    f94    Agent      * WSUS server: <NULL>
2013-04-06    18:53:19:392    1012    f94    Agent      * WSUS status server: <NULL>
2013-04-06    18:53:19:392    1012    f94    Agent      * Target group: (Unassigned Computers)
2013-04-06    18:53:19:392    1012    f94    Agent      * Windows Update access disabled: No
2013-04-06    18:53:19:408    1012    f94    Agent      * Found 1 persisted download calls to restore
2013-04-06    18:53:19:486    1012    f94    DnldMgr    Download manager restoring 1 downloads
2013-04-06    18:53:19:548    1012    f94    Agent    WARNING: fail to get update deployments with error 0x80248007
2013-04-06    18:53:19:907    1012    f94    Agent      * Successfully loaded 1 persisted download calls.
2013-04-06    18:53:19:985    1012    f94    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-04-06    18:53:19:985    1012    f94    AU      # Approval type: Scheduled (User preference)
2013-04-06    18:53:19:985    1012    f94    AU      # Scheduled install day/time: Every day at 3:00
2013-04-06    18:53:19:985    1012    f94    AU      # Auto-install minor updates: Yes (User preference)
2013-04-06    18:53:20:141    1012    f94    AU      # Reconnecting download for 1 updates
2013-04-06    18:53:20:157    1012    f94    AU      # Reconnected 1 pending download calls
2013-04-06    18:53:20:157    1012    f94    AU    Setting AU scheduled install time to 2013-04-07 07:00:00



next part:

 

rt    ***********  Report: Initializing static reporting data  ***********
2013-04-06    18:53:20:765    1012    f94    Report      * OS Version = 6.1.7601.1.0.66304
2013-04-06    18:53:20:765    1012    f94    Report      * OS Product Type = 0x00000003
2013-04-06    18:53:20:781    1012    f94    Report      * Computer Brand = TOSHIBA
2013-04-06    18:53:20:781    1012    f94    Report      * Computer Model = Satellite L775D
2013-04-06    18:53:20:781    1012    f94    Report      * Bios Revision = 1.50
2013-04-06    18:53:20:781    1012    f94    Report      * Bios Name = BIOS Date: 10/17/11 17:52:17 Ver: 04.06.04
2013-04-06    18:53:20:781    1012    f94    Report      * Bios Release Date = 2011-10-18T00:00:00
2013-04-06    18:53:20:781    1012    f94    Report      * Locale ID = 1033
2013-04-06    18:53:20:843    1012    f94    AU    Successfully wrote event for AU health state:0
2013-04-06    18:53:20:843    1012    f94    AU    Initializing featured updates
2013-04-06    18:53:20:843    1012    f94    AU    Found 0 cached featured updates
2013-04-06    18:53:20:843    1012    f94    AU    Successfully wrote event for AU health state:0
2013-04-06    18:53:20:843    1012    f94    AU    AU setting pending client directive to 'Download Progress'
2013-04-06    18:53:20:843    1012    f94    AU    Successfully wrote event for AU health state:0
2013-04-06    18:53:20:859    1012    f94    AU    AU finished delayed initialization
2013-04-06    18:53:20:859    1012    f94    AU    #############
2013-04-06    18:53:20:859    1012    f94    AU    ## START ##  AU: Search for updates
2013-04-06    18:53:20:859    1012    e9c    DnldMgr    ***********  DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}]  ***********
2013-04-06    18:53:20:859    1012    f94    AU    #########
2013-04-06    18:53:20:859    1012    e9c    DnldMgr    Contacting regulation server for 6 updates.
2013-04-06    18:53:20:874    1012    f94    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {D14A82FB-8B89-4280-A8A8-5D9CA47B428F}]
2013-04-06    18:53:20:937    1012    e9c    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:53:21:015    1012    e9c    Misc     Microsoft signed: Yes
2013-04-06    18:53:21:015    1012    e9c    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-06    18:53:21:030    1012    e9c    Misc     Microsoft signed: Yes
2013-04-06    18:53:21:030    1012    e9c    DnldMgr    Regulation server path: https://update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: f8566757-7390-4692-af56-146d0415296d at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: 44f36957-c566-4930-83fa-7dbe206a0559 at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: fbff7257-1876-436b-8c63-f71789c56972 at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: 0400967d-802e-4336-af74-2fdb5831f98b at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: b90c9cf1-2039-4116-ad4c-af246b07509d at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      Per-Update: 907b2cf7-6d86-40a5-957a-84833747a32a at rate 3000
2013-04-06    18:53:24:104    1012    e9c    DnldMgr      * Regulation call complete. 0x00000000
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {44F36957-C566-4930-83FA-7DBE206A0559}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {907B2CF7-6D86-40A5-957A-84833747A32A}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {FBFF7257-1876-436B-8C63-F71789C56972}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {B90C9CF1-2039-4116-AD4C-AF246B07509D}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {0400967D-802E-4336-AF74-2FDB5831F98B}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {F8566757-7390-4692-AF56-146D0415296D}.202]  ***********
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr      * Update is not allowed to download due to regulation.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 44F36957-C566-4930-83FA-7DBE206A0559 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 907B2CF7-6D86-40A5-957A-84833747A32A is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update FBFF7257-1876-436B-8C63-F71789C56972 is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update B90C9CF1-2039-4116-AD4C-AF246B07509D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 0400967D-802E-4336-AF74-2FDB5831F98B is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    e9c    DnldMgr    Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update F8566757-7390-4692-AF56-146D0415296D is "PerUpdate" regulated and can NOT download. Sequence 9594 vs AcceptRate 3000.
2013-04-06    18:53:24:135    1012    308    AU    AU checked download status and it changed: Downloading is paused
2013-04-06    18:53:24:291    1012    e9c    Agent    *************
2013-04-06    18:53:24:291    1012    e9c    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:53:24:291    1012    e9c    Agent    *********
2013-04-06    18:53:24:291    1012    e9c    Agent      * Online = No; Ignore download priority = No
2013-04-06    18:53:24:291    1012    e9c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-06    18:53:24:291    1012    e9c    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-06    18:53:24:291    1012    e9c    Agent      * Search Scope = {Machine}
2013-04-06    18:53:35:852    1012    f94    AU    No pending client directive
2013-04-06    18:53:36:929    1012    e9c    Agent    WARNING: Failed to evaluate Installed rule, updateId = {818701AF-1182-45C2-BD1E-17068AD171D6}.101, hr = 80242013
2013-04-06    18:53:40:517    1012    e9c    Agent    Update {1BDDBE8D-16EF-4E1D-A8EB-826691A014F6}.101 is pruned out due to potential supersedence
2013-04-06    18:53:40:517    1012    e9c    Agent      * Added update {C291A8B1-7657-47ED-B7C5-D4F4A9CD1E28}.203 to search result
2013-04-06    18:53:40:517    1012    e9c    Agent      * Added update {5F84379F-7C14-472F-B560-62A0CDEC6F31}.203 to search result
2013-04-06    18:53:40:517    1012    e9c    Agent      * Found 2 updates and 73 categories in search; evaluated appl. rules of 1394 out of 2425 deployed entities
2013-04-06    18:53:40:564    1012    e9c    Agent    *********
2013-04-06    18:53:40:564    1012    e9c    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-06    18:53:40:564    1012    e9c    Agent    *************
2013-04-06    18:53:40:610    1012    308    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {D14A82FB-8B89-4280-A8A8-5D9CA47B428F}]
2013-04-06    18:53:40:610    1012    308    AU      # 2 updates detected
2013-04-06    18:53:40:610    1012    308    AU    #########
2013-04-06    18:53:40:610    1012    308    AU    ##  END  ##  AU: Search for updates [CallId = {D14A82FB-8B89-4280-A8A8-5D9CA47B428F}]
2013-04-06    18:53:40:610    1012    308    AU    #############
2013-04-06    18:53:40:610    1012    308    AU    No featured updates notifications to show
2013-04-06    18:53:40:610    1012    308    AU    Setting AU scheduled install time to 2013-04-07 07:00:00
2013-04-06    18:53:40:610    1012    308    AU    Successfully wrote event for AU health state:0
2013-04-06    18:53:40:610    1012    308    AU    Successfully wrote event for AU health state:0
2013-04-06    18:53:40:626    1012    e9c    Report    REPORT EVENT: {54D24C29-CEE2-4F54-AE10-8CF7E5DDE98D}    2013-04-06 18:53:20:843-0400    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
2013-04-06    18:53:40:657    1012    e9c    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    18:53:45:618    1012    e9c    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    19:35:26:343    1012    f94    Shutdwn    user declined update at shutdown
2013-04-06    19:35:26:343    1012    f94    AU    Successfully wrote event for AU health state:0
2013-04-06    19:35:26:343    1012    f94    AU    AU initiates service shutdown
2013-04-06    19:35:26:343    1012    f94    AU    ###########  AU: Uninitializing Automatic Updates  ###########
2013-04-06    19:35:26:359    1012    f94    Report    CWERReporter finishing event handling. (00000000)
2013-04-06    19:35:26:437    1012    f94    Service    *********
2013-04-06    19:35:26:437    1012    f94    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
2013-04-06    19:35:26:437    1012    f94    Service    *************
2013-04-07    23:42:47:004     124    b0c    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
2013-04-07    23:42:55:351     124    b0c    Misc      = Process: C:\windows\system32\svchost.exe
2013-04-07    23:42:55:865     124    b0c    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-04-07    23:42:47:004     124    b0c    Service    *************
2013-04-07    23:42:58:065     124    b0c    Service    ** START **  Service: Service startup
2013-04-07    23:43:19:203     124    b0c    Service    *********
2013-04-07    23:45:35:204     124    b0c    Agent      * WU client version 7.6.7600.256
2013-04-07    23:45:39:759     124    b0c    Agent      * Base directory: C:\windows\SoftwareDistribution
2013-04-07    23:45:44:065     124    b0c    Agent      * Access type: No proxy
2013-04-07    23:47:05:606     124    b0c    Agent      * Network state: Connected
2013-04-08    00:22:56:107    1924    b70    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
2013-04-08    00:22:58:744    1924    b70    Misc      = Process: C:\windows\system32\svchost.exe
2013-04-08    00:22:58:744    1924    b70    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-04-08    00:22:56:107    1924    b70    Service    *************
2013-04-08    00:22:58:744    1924    b70    Service    ** START **  Service: Service startup
2013-04-08    00:22:58:744    1924    b70    Service    *********
2013-04-08    00:22:58:744    1924    b70    Agent      * WU client version 7.6.7600.256
2013-04-08    00:22:58:744    1924    b70    Agent      * Base directory: C:\windows\SoftwareDistribution
2013-04-08    00:22:58:744    1924    b70    Agent      * Access type: No proxy
2013-04-08    00:22:58:744    1924    b70    Agent      * Network state: Connected
2013-04-08    00:30:27:806    1924    b70    Report    CWERReporter::Init succeeded
2013-04-08    00:30:27:806    1924    b70    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-04-08    00:30:27:837    1924    b70    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-04-08    00:30:27:837    1924    b70    Agent      * WSUS server: <NULL>
2013-04-08    00:30:27:837    1924    b70    Agent      * WSUS status server: <NULL>
2013-04-08    00:30:27:837    1924    b70    Agent      * Target group: (Unassigned Computers)
2013-04-08    00:30:27:837    1924    b70    Agent      * Windows Update access disabled: No
2013-04-08    00:30:31:956    1924    b70    Agent      * Found 1 persisted download calls to restore
2013-04-08    00:32:24:370    1924    b70    DnldMgr    Download manager restoring 1 downloads
2013-04-08    00:33:14:040    1924    b70    Agent    WARNING: fail to get update deployments with error 0x80248007
2013-04-08    00:36:00:118    1924    b70    DtaStor    WARNING: DS: Database will be reset next time it starts up due to 0xc80003fe
2013-04-08    00:36:00:118    1924    b70    Agent    WARNING: fail to get localized metadata for installed categories with error 0xc80003fe
2013-04-08    00:38:02:859    1924    b70    Agent      * Successfully loaded 1 persisted download calls.
2013-04-08    00:38:47:896    1924    b70    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-04-08    00:38:56:102    1924    b70    AU    AU setting next detection timeout to 2013-04-08 04:38:47
2013-04-08    00:38:56:102    1924    b70    AU    AU setting next sqm report timeout to 2013-04-08 04:38:56
2013-04-08    00:38:56:102    1924    b70    AU      # Approval type: Scheduled (User preference)
2013-04-08    00:38:56:102    1924    b70    AU      # Scheduled install day/time: Every day at 3:00
2013-04-08    00:38:56:102    1924    b70    AU      # Auto-install minor updates: Yes (User preference)
2013-04-08    00:41:35:831    1924    b70    AU      # Reconnecting download for 1 updates
2013-04-08    00:42:04:722    1924    b70    AU      # Reconnected 1 pending download calls
2013-04-08    00:42:04:722    1924    b70    AU    Initializing featured updates
2013-04-08    00:42:04:722    1924    b70    AU    Found 0 cached featured updates
2013-04-08    01:38:53:250    1924    b70    Report    ***********  Report: Initializing static reporting data  ***********
2013-04-08    01:38:53:250    1924    b70    Report      * OS Version = 6.1.7601.1.0.66304
2013-04-08    01:38:53:250    1924    b70    Report      * OS Product Type = 0x00000003
2013-04-08    01:38:53:281    1924    b70    Report      * Computer Brand = TOSHIBA
2013-04-08    01:38:53:281    1924    b70    Report      * Computer Model = Satellite L775D
2013-04-08    01:38:53:281    1924    b70    Report      * Bios Revision = 1.50
2013-04-08    01:38:53:281    1924    b70    Report      * Bios Name = BIOS Date: 10/17/11 17:52:17 Ver: 04.06.04
2013-04-08    01:38:53:281    1924    b70    Report      * Bios Release Date = 2011-10-18T00:00:00
2013-04-08    01:38:53:281    1924    b70    Report      * Locale ID = 1033
2013-04-08    01:39:22:297    1924    b70    AU    Successfully wrote event for AU health state:0
2013-04-08    01:39:22:297    1924    b70    AU    AU setting pending client directive to 'Download Progress'
2013-04-08    01:39:38:896    1924    b70    DtaStor    WARNING: Forcing re-creation of data store
2013-04-08    01:40:33:480    1924    b70    DtaStor    Default service for AU is {00000000-0000-0000-0000-000000000000}
2013-04-08    01:40:33:542    1924    b70    DtaStor    Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-04-08    01:40:37:520    1924    b70    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab:
2013-04-08    01:40:45:835    1924    b70    Misc     Microsoft signed: Yes
2013-04-08    01:40:58:440    1924    b70    DtaStor    Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-04-08    01:40:58:440    1924    b70    DtaStor    Update service properties: service registered with AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
2013-04-08    01:40:58:440    1924    b70    AU    Successfully wrote event for AU health state:0
2013-04-08    01:40:58:440    1924    b70    AU    AU finished delayed initialization
2013-04-08    01:40:58:440    1924    ea0    DnldMgr    ***********  DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}]  ***********
2013-04-08    01:40:58:440    1924    b70    AU    AU setting next sqm report timeout to 2013-04-09 05:40:58
2013-04-08    01:40:58:440    1924    ea0    DnldMgr    Contacting regulation server for 6 updates.
2013-04-08    01:40:58:440    1924    b70    AU    Forced install timer expired for scheduled install
2013-04-08    01:40:58:440    1924    b70    AU    UpdateDownloadProperties: 1 download(s) are still in progress.
2013-04-08    01:40:58:440    1924    b70    AU    WARNING: Failed to change download properties of call, error = 0x80070057
2013-04-08    01:40:58:440    1924    b70    AU    Setting AU scheduled install time to 2013-04-08 07:00:00
2013-04-08    01:40:58:440    1924    b70    AU    Successfully wrote event for AU health state:0
2013-04-08    01:40:58:456    1924    b70    AU    Launched new AU client for directive 'Download Progress', session id = 0x1
2013-04-08    01:40:58:456    1924    b70    AU    #############
2013-04-08    01:40:58:456    1924    b70    AU    ## START ##  AU: Search for updates
2013-04-08    01:40:58:456    1924    b70    AU    #########
2013-04-08    01:41:06:802    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-08    01:41:27:659    1924    b70    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {3B1E0694-1F6B-40FB-9070-54BCF9535EAF}]
2013-04-08    01:41:27:674    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:42:25:691    1924    ea0    PT    WARNING: Cached cookie has expired or new PID is available
2013-04-08    01:42:54:894    1924    b70    AU    AU received handle event
2013-04-08    01:42:54:894    1924    b70    AU    AU setting pending client directive to 'Download Progress'
2013-04-08    01:43:09:901    1924    b70    AU    Launched new AU client for directive 'Download Progress', session id = 0x1
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: Failed to get PId: 0x8007041d
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: PopulateAuthCookies failed: 0x8007041d
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: RefreshCookie failed: 0x8007041d
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: RefreshPTState failed: 0x8007041d
2013-04-08    01:43:32:303    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:43:34:316    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-08    01:43:36:406    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:43:36:827    1924    ea0    PT    WARNING: Cached cookie has expired or new PID is available
2013-04-08    01:43:48:980    1924    b70    AU    AU received handle event
2013-04-08    01:43:48:980    1924    b70    AU    AU setting pending client directive to 'Download Progress'
2013-04-08    01:44:03:987    1924    b70    AU    Launched new AU client for directive 'Download Progress', session id = 0x1
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: Failed to get PId: 0x8007041d
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: PopulateAuthCookies failed: 0x8007041d
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: RefreshCookie failed: 0x8007041d
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: RefreshPTState failed: 0x8007041d
2013-04-08    01:44:10:601    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:44:12:614    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab:
2013-04-08    01:44:14:891    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:44:15:000    1924    ea0    PT    WARNING: Cached cookie has expired or new PID is available
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: Failed to get PId: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: PopulateAuthCookies failed: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: RefreshCookie failed: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: RefreshPTState failed: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    DnldMgr    WARNING: Server call failed, using default regulation.
2013-04-08    01:44:45:030    1924    ea0    DnldMgr      * Regulation call complete. 0x8007041d
2013-04-08    01:44:45:030    1924    ea0    DnldMgr    FATAL: DM:CAgentDownloadManager::LoadUpdateMetadataFromDatastore: GetUpdates failed with 0x80248007.
2013-04-08    01:44:45:030    1924    ea0    DnldMgr    WARNING: Got error (hr = 80248007) starting update 0 in call 1. Notifying call.
2013-04-08    01:44:45:545    1924    ea0    DnldMgr    Error 0x80248007 occurred while downloading update; notifying dependent calls.
2013-04-08    01:44:50:007    1924    ea0    DnldMgr    FATAL: DM:CAgentDownloadManager::LoadUpdateMetadataFromDatastore: GetUpdates failed with 0x80248007.
2013-04-08    01:44:50:007    1924    ea0    DnldMgr    FATAL: DM:CAgentDownloadManager::LoadUpdateMetadataFromDatastore: GetUpdates failed with 0x80248007.
2013-04-08    01:44:50:007    1924    ea0    DnldMgr    FATAL: DM:CAgentDownloadManager::LoadUpdateMetadataFromDatastore: GetUpdates failed with 0x80248007.
2013-04-08    01:44:50:007    1924    ea0    DnldMgr    FATAL: DM:CAgentDownloadManager::LoadUpdateMetadataFromDatastore: GetUpdates failed with 0x80248007.
2013-04-08    01:44:50:007    1924    9f8    AU    >>##  RESUMED  ## AU: Download update [UpdateId = {5F84379F-7C14-472F-B560-62A0CDEC6F31}]
2013-04-08    01:44:50:007    1924    9f8    AU      # WARNING: Download failed, error = 0x80248007
2013-04-08    01:44:50:022    1924    9f8    AU    #########
2013-04-08    01:44:50:022    1924    9f8    AU    ##  END  ##  AU: Download updates
2013-04-08    01:44:50:022    1924    9f8    AU    #############
2013-04-08    01:44:50:022    1924    9f8    AU    Setting AU scheduled install time to 2013-04-08 07:00:00
2013-04-08    01:44:50:022    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:44:50:038    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:45:03:267    1924    ea0    Report    REPORT EVENT: {8F10C64F-45BB-4564-8804-2F313CBC4D6D}    2013-04-08 01:39:22:297-0400    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
2013-04-08    01:45:03:314    1924    b70    AU    AU received handle event
2013-04-08    01:45:16:589    1924    ea0    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    01:45:16:589    1924    ea0    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    01:45:16:605    1924    ea0    Report    REPORT EVENT: {6A04DEC5-0FC1-46B1-B1F6-4BBA1239659B}    2013-04-08 01:44:50:007-0400    1    161    101    {5F84379F-7C14-472F-B560-62A0CDEC6F31}    202    80248007    AutomaticUpdates    Failure    Content Download    Error: Download failed.
2013-04-08    01:45:16:605    1924    ea0    Report    CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-04-08    01:45:16:605    1924    ea0    Report    WER Report sent: 7.6.7600.256 0x80248007 5F84379F-7C14-472F-B560-62A0CDEC6F31 Download 101 Unmanaged
2013-04-08    01:45:16:605    1924    ea0    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    01:45:16:605    1924    ea0    Agent    *************
2013-04-08    01:45:16:605    1924    ea0    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    01:45:16:605    1924    ea0    Agent    *********
2013-04-08    01:45:16:605    1924    ea0    Agent      * Online = No; Ignore download priority = No
2013-04-08    01:45:16:605    1924    ea0    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-08    01:45:16:605    1924    ea0    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-08    01:45:16:605    1924    ea0    Agent      * Search Scope = {Machine}
2013-04-08    01:45:38:741    1924    ea0    Agent      * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2013-04-08    01:45:38:741    1924    ea0    Agent    *********
2013-04-08    01:45:38:741    1924    ea0    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    01:45:38:741    1924    ea0    Agent    *************
2013-04-08    01:45:38:741    1924    9f8    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {3B1E0694-1F6B-40FB-9070-54BCF9535EAF}]
2013-04-08    01:45:38:741    1924    9f8    AU      # 0 updates detected



#15 rosestristan

rosestristan
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 13 April 2013 - 06:07 PM

next:

 

  #########
2013-04-08    01:45:38:741    1924    9f8    AU    ##  END  ##  AU: Search for updates [CallId = {3B1E0694-1F6B-40FB-9070-54BCF9535EAF}]
2013-04-08    01:45:38:741    1924    9f8    AU    #############
2013-04-08    01:45:38:741    1924    9f8    AU    No featured updates notifications to show
2013-04-08    01:45:38:741    1924    9f8    AU    Setting AU scheduled install time to 2013-04-08 07:00:00
2013-04-08    01:45:38:741    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:45:42:953    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:45:42:953    1924    b70    AU    #############
2013-04-08    01:45:42:953    1924    b70    AU    ## START ##  AU: Search for updates
2013-04-08    01:45:42:953    1924    b70    AU    #########
2013-04-08    01:45:42:953    1924    b70    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {77C0C867-9EC9-4444-AA94-CEB59FEE7CD3}]
2013-04-08    01:45:42:953    1924    ea0    Agent    *************
2013-04-08    01:45:42:953    1924    ea0    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    01:45:42:953    1924    ea0    Agent    *********
2013-04-08    01:45:42:953    1924    ea0    Agent      * Online = Yes; Ignore download priority = No
2013-04-08    01:45:42:953    1924    ea0    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-08    01:45:42:953    1924    ea0    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-08    01:45:42:953    1924    ea0    Agent      * Search Scope = {Machine}
2013-04-08    01:45:47:165    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:45:55:574    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:45:58:054    1924    ea0    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    01:45:59:645    1924    ea0    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    01:45:59:645    1924    ea0    Misc    WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    01:45:59:645    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:45:59:661    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:02:110    1924    ea0    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    01:46:03:857    1924    ea0    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    01:46:03:857    1924    ea0    Misc    WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    01:46:03:857    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:03:873    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:06:400    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:08:023    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:20:581    1924    ea0    Agent    Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2013-04-08    01:46:20:581    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-04-08    01:46:20:596    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:683    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-04-08    01:46:24:683    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:683    1924    ea0    Setup    Checking for agent SelfUpdate
2013-04-08    01:46:24:683    1924    ea0    Setup    Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-04-08    01:46:24:699    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:24:699    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:761    1924    ea0    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    01:46:24:761    1924    ea0    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    01:46:24:761    1924    ea0    Misc    WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    01:46:24:761    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:24:777    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:839    1924    ea0    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    01:46:24:839    1924    ea0    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    01:46:24:839    1924    ea0    Misc    WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    01:46:24:839    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:24:855    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:902    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    01:46:24:902    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:24:917    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-04-08    01:46:33:107    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:33:310    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-04-08    01:46:33:326    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:33:326    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-04-08    01:46:45:697    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:46:087    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-04-08    01:46:46:102    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:46:46:133    1924    ea0    Setup    Determining whether a new setup handler needs to be downloaded
2013-04-08    01:46:46:133    1924    ea0    Setup    SelfUpdate handler is not found.  It will be downloaded
2013-04-08    01:46:46:133    1924    ea0    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    01:47:40:609    1924    ea0    Setup    Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    01:47:40:609    1924    ea0    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    01:47:40:640    1924    ea0    Setup    Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    01:47:40:640    1924    ea0    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    01:47:40:671    1924    ea0    Setup    Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    01:47:40:671    1924    ea0    Setup    SelfUpdate check completed.  SelfUpdate is NOT required.
2013-04-08    01:47:40:780    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-04-08    01:47:49:080    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:47:49:173    1924    ea0    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-04-08    01:47:49:189    1924    ea0    Misc     Microsoft signed: Yes
2013-04-08    01:47:49:189    1924    ea0    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-04-08    01:47:49:189    1924    ea0    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-04-08    01:47:49:454    1924    ea0    PT    WARNING: Cached cookie has expired or new PID is available
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: PTError: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: Failed to get PId: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: PopulateAuthCookies failed: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: RefreshCookie failed: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: RefreshPTState failed: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: Sync of Updates: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    PT    WARNING: SyncServerUpdatesInternal failed: 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    Agent      * WARNING: Failed to synchronize, error = 0x8007041D
2013-04-08    01:48:23:259    1924    ea0    Agent      * WARNING: Exit code = 0x8007041D
2013-04-08    01:48:23:259    1924    ea0    Agent    *********
2013-04-08    01:48:23:259    1924    ea0    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    01:48:23:259    1924    ea0    Agent    *************
2013-04-08    01:48:23:259    1924    ea0    Agent    WARNING: WU client failed Searching for update with error 0x8007041d
2013-04-08    01:48:23:259    1924    ea0    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    01:48:23:259    1924    9f8    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {77C0C867-9EC9-4444-AA94-CEB59FEE7CD3}]
2013-04-08    01:48:23:259    1924    9f8    AU      # WARNING: Search callback failed, result = 0x8007041D
2013-04-08    01:48:23:259    1924    9f8    AU      # WARNING: Failed to find updates with error code 8007041D
2013-04-08    01:48:23:259    1924    9f8    AU    #########
2013-04-08    01:48:23:259    1924    9f8    AU    ##  END  ##  AU: Search for updates [CallId = {77C0C867-9EC9-4444-AA94-CEB59FEE7CD3}]
2013-04-08    01:48:23:259    1924    9f8    AU    #############
2013-04-08    01:48:23:259    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:48:23:259    1924    9f8    AU    AU setting next detection timeout to 2013-04-08 10:48:23
2013-04-08    01:48:23:259    1924    9f8    AU    Setting AU scheduled install time to 2013-04-08 07:00:00
2013-04-08    01:48:23:259    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:48:26:566    1924    9f8    AU    Successfully wrote event for AU health state:0
2013-04-08    01:48:28:267    1924    ea0    Report    REPORT EVENT: {03859E51-EE72-4A2D-8362-F93920BBB62F}    2013-04-08 01:48:23:259-0400    1    148    101    {00000000-0000-0000-0000-000000000000}    0    8007041d    AutomaticUpdates    Failure    Software Synchronization    Windows Update Client failed to detect with error 0x8007041d.
2013-04-08    01:48:28:267    1924    ea0    Report    CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-04-08    01:48:28:267    1924    ea0    Report    WER Report sent: 7.6.7600.256 0x8007041d 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2013-04-08    01:48:28:267    1924    ea0    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    03:00:10:006    1924    b70    AU    Forced install timer expired for scheduled install
2013-04-08    03:00:10:006    1924    b70    AU    UpdateDownloadProperties: 0 download(s) are still in progress.
2013-04-08    03:00:10:006    1924    b70    AU    Setting AU scheduled install time to 2013-04-09 07:00:00
2013-04-08    03:00:10:006    1924    b70    AU    Successfully wrote event for AU health state:0
2013-04-08    03:00:15:013    1924    e10    Report    CWERReporter finishing event handling. (00000000)
2013-04-08    03:44:45:036    1924    e50    DnldMgr    ***********  DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}]  ***********
2013-04-08    03:44:45:036    1924    e50    DnldMgr      * Regulation call complete. 0x00000000
2013-04-08    06:48:23:273    1924    b70    AU    #############
2013-04-08    06:48:23:273    1924    b70    AU    ## START ##  AU: Search for updates
2013-04-08    06:48:23:273    1924    b70    AU    #########
2013-04-08    06:50:23:346    1924    b70    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {960FD73E-9C15-436B-9D02-7876D1BD784F}]
2013-04-08    06:50:23:346    1924    858    Agent    *************
2013-04-08    06:50:23:346    1924    858    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    06:50:23:346    1924    858    Agent    *********
2013-04-08    06:50:23:346    1924    858    Agent      * Online = Yes; Ignore download priority = No
2013-04-08    06:50:23:346    1924    858    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-04-08    06:50:23:346    1924    858    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-04-08    06:50:23:346    1924    858    Agent      * Search Scope = {Machine}
2013-04-08    06:50:23:393    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:23:408    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:26:201    1924    858    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    06:50:26:201    1924    858    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    06:50:26:201    1924    858    Misc    WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    06:50:26:201    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:26:201    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:28:634    1924    858    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    06:50:28:634    1924    858    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    06:50:28:634    1924    858    Misc    WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    06:50:28:634    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:28:650    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:31:068    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:33:938    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:33:938    1924    858    Agent    Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2013-04-08    06:50:33:938    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-04-08    06:50:33:954    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:37:994    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-04-08    06:50:37:994    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:37:994    1924    858    Setup    Checking for agent SelfUpdate
2013-04-08    06:50:38:010    1924    858    Setup    Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-04-08    06:50:38:010    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:38:010    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:38:072    1924    858    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    06:50:38:072    1924    858    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    06:50:38:072    1924    858    Misc    WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    06:50:38:072    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:38:088    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:38:135    1924    858    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-04-08    06:50:38:135    1924    858    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-04-08    06:50:38:150    1924    858    Misc    WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-04-08    06:50:38:150    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:38:150    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:38:197    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-04-08    06:50:38:197    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:38:213    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-04-08    06:50:38:228    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:40:646    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-04-08    06:50:42:097    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:42:097    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-04-08    06:50:42:113    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:42:144    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-04-08    06:50:42:144    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:50:42:160    1924    858    Setup    Determining whether a new setup handler needs to be downloaded
2013-04-08    06:50:42:160    1924    858    Setup    SelfUpdate handler is not found.  It will be downloaded
2013-04-08    06:50:42:160    1924    858    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    06:52:05:417    1924    858    Setup    Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    06:52:05:417    1924    858    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    06:52:05:464    1924    858    Setup    Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    06:52:05:464    1924    858    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-04-08    06:52:05:495    1924    858    Setup    Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-04-08    06:52:05:495    1924    858    Setup    SelfUpdate check completed.  SelfUpdate is NOT required.
2013-04-08    06:52:05:604    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-04-08    06:52:05:604    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:52:05:698    1924    858    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-04-08    06:52:05:713    1924    858    Misc     Microsoft signed: Yes
2013-04-08    06:52:05:713    1924    858    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-04-08    06:52:05:713    1924    858    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-04-08    06:52:06:228    1924    858    PT    WARNING: Cached cookie has expired or new PID is available
2013-04-08    06:52:36:258    1924    858    PT    WARNING: PTError: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: Failed to get PId: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: PopulateAuthCookies failed: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: RefreshCookie failed: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: RefreshPTState failed: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: Sync of Updates: 0x8007041d
2013-04-08    06:52:36:258    1924    858    PT    WARNING: SyncServerUpdatesInternal failed: 0x8007041d
2013-04-08    06:52:36:258    1924    858    Agent      * WARNING: Failed to synchronize, error = 0x8007041D
2013-04-08    06:52:36:258    1924    858    Agent      * WARNING: Exit code = 0x8007041D
2013-04-08    06:52:36:258    1924    858    Agent    *********
2013-04-08    06:52:36:258    1924    858    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-04-08    06:52:36:258    1924    858    Agent    *************
2013-04-08    06:52:36:258    1924    858    Agent    WARNING: WU client failed Searching for update with error 0x8007041d
2013-04-08    06:52:36:258    1924    9f4    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {960FD73E-9C15-436B-9D02-7876D1BD784F}]
2013-04-08    06:52:36:258    1924    9f4    AU      # WARNING: Search callback failed, result = 0x8007041D
2013-04-08    06:52:36:258    1924    9f4    AU      # WARNING: Failed to find updates with error code 8007041D
2013-04-08    06:52:36:258    1924    9f4    AU    #########
2013-04-08    06:52:36:258    1924    9f4    AU    ##  END  ##  AU: Search for updates [CallId = {960FD73E-9C15-436B-9D02-7876D1BD784F}]
2013-04-08    06:52:36:258    1924    9f4    AU    #############
2013-04-08    06:52:36:258    1924    9f4    AU    Successfully wrote event for AU health state:0
2013-04-08    06:52:36:258    1924    9f4    AU    AU setting next detection timeout to 2013-04-08 15:52:36
2013-04-08    06:52:36:258    1924    9f4    AU    Setting AU scheduled install time to 2013-04-09 07:00:00
2013-04-08    06:52:36:258    1924    9f4    AU    Successfully wrote event for AU health state:0
2013-04-08    06:52:38:598    1924    9f4    AU    Successfully wrote event for AU health state:0
2013-04-08    06:52:41:266    1924    858    Report    REPORT EVENT: {B94318EE-4208-48ED-A31B-92FB3F905E68}    2013-04-08 06:52:36:258-0400    1    148    101    {00000000-0000-0000-0000-000000000000}    0    8007041d    AutomaticUpdates    Failure    Software Synchronization    Windows Update Client failed to detect with error 0x8007041d.
2013-04-08    06:52:47:007    1924    858    Report    CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-04-08    06:52:47:022    1924    858    Report    WER Report sent: 7.6.7600.256 0x8007041d 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2013-04-08    06:52:47:022    1924    858    Report    CWERReporter finishing event handling. (00000000)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users