Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hi guys, Badly Infected System, Please help!?

Started by zzedexx , May 02 2011 12:08 PM

This topic is locked

#16
Homburg

Posted 07 May 2011 - 05:45 AM

Trusted Helper

Malware Removal
665 posts

Hello zed,

TDSS removed a nasty rootkit so you hopefully we won't need your disc. We'll do another MBR scan to make sure.

Please do the following in the order I've listed: :unsure:

========
Step 1
========

When you done the aswMBR scan it copied a file named MBR.dat to your desktop.

11:56:08.542 Disk 0 MBR has been saved successfully to "C:\Users\end user\Desktop\iN\MBR.dat"

Can you please zip it up and attach it to your next reply, it has to be zipped or the forum software won't allow it. How to add an attachment to a new topic or reply

If you're unsure how to do that please get back to me before going any further

========
Step 2
========

Double click the aswMBR.exe on your desktop to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

========
Step 3
========
Double Click Posted Image

to start MalwareBytes

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

========
Step 4
========

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

========
Step 5
========

Please remember to post:
Attach the dat file
aswMBR scan
MalwareBytes log
E-Set online scan log
Any problems you may be experiencing

Homburg

#17
zzedexx

Posted 08 May 2011 - 08:01 AM

Member

Topic Starter
Member
37 posts

STEP 1 : ATTACHED MBR01.zip

Attached Files

MBR01.zip 120bytes 101 downloads

#18
zzedexx

Posted 08 May 2011 - 08:04 AM

Member

Topic Starter
Member
37 posts

STEP 2: aswMBR.txt

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-08 23:49:57
-----------------------------
23:49:57.328 OS Version: Windows 6.1.7600
23:49:57.328 Number of processors: 4 586 0x2502
23:49:57.329 ComputerName: BEUCEPHALUS UserName: end user
23:50:04.045 Initialize success
23:50:08.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:50:08.961 Disk 0 Vendor: FUJITSU_ 0040 Size: 476940MB BusType: 3
23:50:08.971 Disk 0 MBR read successfully
23:50:08.975 Disk 0 MBR scan
23:50:08.979 Disk 0 unknown MBR code
23:50:08.985 Disk 0 scanning sectors +953161728
23:50:09.012 Disk 0 scanning C:\windows\system32\drivers
23:50:14.948 Service scanning
23:50:16.022 Disk 0 trace - called modules:
23:50:16.071 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys
23:50:16.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8864f030]
23:50:16.084 3 CLASSPNP.SYS[8bdd359e] -> nt!IofCallDriver -> \Device\THPDRV1[0x8864d0a8]
23:50:16.091 5 thpdrv.sys[8bfef99f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86ac3028]
23:50:16.098 Scan finished successfully
23:50:59.323 Disk 0 MBR has been saved successfully to "C:\Users\end user\Desktop\iN\MBR.dat"
23:50:59.329 The log file has been saved successfully to "C:\Users\end user\Desktop\iN\aswMBR[2].txt"

#19
zzedexx

Posted 08 May 2011 - 08:09 AM

Member

Topic Starter
Member
37 posts

STEP 3 : MBAM Quick Scan (x2)

Noticed MBAM didn't get updated before 1st scan so updated and redid.
'No infections found' but am pasting both logs here for you.

#1

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6516

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011,05,08 23:55:01
mbam-log-2011-05-08 (23-55-01).txt

Scan type: Quick scan
Objects scanned: 163369
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

#2

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6531

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011,05,08 23:58:11
mbam-log-2011-05-08 (23-58-11).txt

Scan type: Quick scan
Objects scanned: 163585
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#20
zzedexx

Posted 08 May 2011 - 09:54 AM

Member

Topic Starter
Member
37 posts

STEP 4 - ESET SCAN Results (copied to clip board + exported to txt file)

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\33a8f380-312507c0 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4e16e85c-35c2a8aa multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\465c2a43-113de1a5 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\13f28da6-11b4fca6 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\13f28da6-24fb1b33 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4248fc69-3c3cb5fd multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1b5cbb2b-20f126ed multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\32a11c76-21a43ebf multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\14691dfc-595497ae multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1ce5817c-166e3e98 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5e8d0ff-24d7ca07 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5e8d0ff-2913af18 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\29620D1CFFA5D238C4F6337A7ABFDE17\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\29620D1CFFA5D238C4F6337A7ABFDE17\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

#21
zzedexx

Posted 08 May 2011 - 10:00 AM

Member

Topic Starter
Member
37 posts

STEP 5 - Scan Results attached/posted as directed.

(NB: Did NOT check the option to Delete ESET setup or any Quarantined files.)

Will restart and see if i can identify any issues.

Thanks again

Zed

#22
zzedexx

Posted 08 May 2011 - 11:46 AM

Member

Topic Starter
Member
37 posts

Hey Homburg

Things are definitely heaps improved,

Haven't had a bluescreen since the previous set of fixes.

Also, between then and the latest scans have been able to intall the majority of outstanding Windows Updates that i couldn't get to succeed before. :unsure:

A few Windows Updates are still stubbornly failing, as well as a recurring error when i try to check for any new ones.

I kept a record and did some screenshots of the error messages incase they give u any clue of what might be happenning:

http://img218.images...dcode800700.jpg

also, details of the "Important" Windows Update that repeatedly fails are as follows:

Update for Windows 7 (KB979538) 1.0MB

- update 'downloads' and 'installs' but on re-boot (to 'finalise' the update), i get the following error message :

failure configuring windows updates..
reverting ..

These shots show the updates that remain and also which ones are coming up automatically selected :

http://img62.imagesh...2importantu.jpg

http://img269.images...2importantu.jpg

http://img849.images...2importantu.jpg

Also, had previously set up ERUNT to create automatic registry backups on startup, but they (unsurprisingly) were being blocked...
these are still failing to create and continue to generate the following types of error messages on startup when the backup attempts fail:

http://img10.imagesh...tartuperrms.jpg

+ previously
http://img94.imagesh...artuperrmsg.jpg => http://img807.images...rtupwarning.jpg
In good news tho, the google re-directs and randomly opening unsolicited webpages thing seem to have stopped occuring!

Hope some of this is useful and thanks again for all your assistance..

Cheers

:yes:

Zed

#23
Homburg

Posted 08 May 2011 - 12:16 PM

Trusted Helper

Malware Removal
665 posts

Hi zed,

I think we're almost there, just going to fix the MBR and a final OTL scan.

Please do the following:

========
Step 1
========

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button

Posted Image

Save the log as before and post in your next reply

========
Step 2
========

Open OTL again Posted Image

and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 3
========

Repair windows updates.

Goto here, click the fixit button about a third of the way down. Try the default mode first and if that fails try the aggressive mode.

Homburg

#24
zzedexx

Posted 08 May 2011 - 12:21 PM

Member

Topic Starter
Member
37 posts

hey!

Thx!

Fingers r Xst!

=>

STEP 1 - aswMBR LOG :

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 04:12:14
-----------------------------
04:12:14.509 OS Version: Windows 6.1.7600
04:12:14.509 Number of processors: 4 586 0x2502
04:12:14.511 ComputerName: BEUCEPHALUS UserName: end user
04:12:16.611 Initialize success
04:12:30.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:12:30.172 Disk 0 Vendor: FUJITSU_ 0040 Size: 476940MB BusType: 3
04:12:30.183 Disk 0 MBR read successfully
04:12:30.186 Disk 0 MBR scan
04:12:30.188 Disk 0 unknown MBR code
04:12:30.194 Disk 0 scanning sectors +953161728
04:12:30.224 Disk 0 scanning C:\windows\system32\drivers
04:12:35.782 Service scanning
04:12:36.716 Disk 0 trace - called modules:
04:12:36.760 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys
04:12:36.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88653030]
04:12:36.776 3 CLASSPNP.SYS[83c0459e] -> nt!IofCallDriver -> \Device\THPDRV1[0x88652030]
04:12:36.783 5 thpdrv.sys[8bfd399f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86ad0028]
04:12:36.792 Scan finished successfully
04:12:50.586 Disk 0 Windows 601 MBR fixed successfully
04:13:08.118 Disk 0 MBR has been saved successfully to "C:\Users\end user\Desktop\iN\MBR.dat"
04:13:08.123 The log file has been saved successfully to "C:\Users\end user\Desktop\iN\aswMBR[3].txt"

#25
zzedexx

Posted 08 May 2011 - 12:24 PM

Member

Topic Starter
Member
37 posts

STEP 2 : OTL QUICK SCAN LOG :

OTL logfile created on: 2011,05,09 04:15:38 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\end user\Desktop\iN
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy,MM,dd

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 64.22 Gb Free Space | 14.18% Space Free | Partition Type: NTFS

Computer Name: BEUCEPHALUS | User Name: end user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011,05,06 11:39:41 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\end user\Desktop\iN\aswMBR.exe
PRC - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
PRC - [2011,04,15 02:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011,01,07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011,01,07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011,01,06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010,12,05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010,12,05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010,10,22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009,11,22 01:52:16 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009,11,06 03:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009,10,31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009,10,31 11:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009,10,31 06:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009,10,30 08:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009,10,29 14:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009,10,29 13:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009,10,29 05:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009,10,27 04:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009,10,24 15:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009,10,07 03:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009,10,03 07:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009,09,29 08:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009,07,30 10:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009,07,29 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009,07,29 08:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009,07,23 07:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009,07,22 05:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009,07,14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009,07,14 11:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
PRC - [2009,07,14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009,01,14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Modules (SafeList) ==========

MOD - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
MOD - [2010,08,21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011,05,07 14:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009,10,22 04:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009,08,28 04:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009,07,14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2010,12,08 04:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010,11,12 13:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010,11,09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010,09,13 15:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010,09,07 03:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010,09,07 03:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010,08,19 20:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010,08,19 20:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010,08,19 20:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009,11,14 09:07:04 | 009,927,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009,10,27 06:39:04 | 000,125,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009,10,03 07:33:24 | 000,862,208 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009,09,25 11:54:26 | 000,169,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009,09,24 04:25:18 | 000,120,432 | -H-- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009,09,18 06:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009,09,15 08:29:36 | 000,049,400 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009,09,10 15:31:48 | 000,102,912 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009,09,04 15:12:40 | 000,180,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009,08,22 07:24:04 | 000,066,592 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009,08,06 06:55:08 | 000,061,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009,07,31 15:02:34 | 000,036,208 | -H-- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009,07,31 11:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009,07,29 14:01:26 | 000,069,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009,07,25 09:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009,07,25 05:31:58 | 000,021,608 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009,07,15 09:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009,07,14 16:13:10 | 000,015,216 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009,07,14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009,07,14 09:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009,07,14 08:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009,06,30 10:16:22 | 000,013,120 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009,06,30 04:25:24 | 000,030,272 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009,06,30 04:17:00 | 000,059,904 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009,06,23 11:04:58 | 000,024,064 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009,06,20 13:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009,06,20 03:57:20 | 000,079,872 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009,06,20 03:56:48 | 000,042,472 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009,06,18 05:59:46 | 000,046,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009,06,12 07:05:04 | 000,626,688 | -H-- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009,05,20 15:59:00 | 000,011,776 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008,04,25 12:16:00 | 000,005,632 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011,04,13 02:25:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011,05,04 14:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010,12,02 12:14:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Extensions
[2011,05,03 21:41:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions
[2011,02,23 10:31:06 | 000,000,000 | -H-D | M] (Download Manager Tweak) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011,05,04 14:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011,04,13 02:25:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011,04,15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010,01,01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010,01,01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010,01,01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010,01,01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010,01,01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware[2]\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009,06,11 07:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011,05,09 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011,05,07 14:05:14 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2011,05,06 11:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:23:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011,05,03 04:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERDNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011,05,01 10:40:12 | 000,000,000 | -H-D | C] -- C:\Users\end user\AppData\Roaming\Malwarebytes
[2011,05,01 10:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011,05,01 10:39:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011,05,01 10:39:48 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011,05,01 10:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011,05,01 00:52:24 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011,05,01 00:52:24 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\sbbd.exe
[2011,05,01 00:52:07 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2011,05,01 00:37:47 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,29 12:11:24 | 000,000,000 | -H-D | C] -- C:\Users\end user\Desktop\HAND#
[2011,04,28 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\KPR
[2011,04,28 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\WiLDCATS
[2011,04,19 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011,04,18 23:56:57 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011,05,09 03:40:00 | 000,000,920 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004UA.job
[2011,05,09 02:15:13 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011,05,09 02:15:13 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011,05,09 02:07:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011,05,08 18:31:14 | 114,464,567 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011,05,08 13:09:16 | 000,446,904 | -H-- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011,05,06 14:40:00 | 000,000,868 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004Core.job
[2011,05,06 11:43:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:46 | 000,002,021 | -H-- | M] () -- C:\Users\end user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | M] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | M] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | M] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 22:56:39 | 000,711,442 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011,05,01 22:56:39 | 000,139,504 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011,05,01 00:38:44 | 000,000,000 | -H-- | M] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,05,01 00:36:24 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | M] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | M] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | M] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:55:38 | 000,212,355 | ---- | M] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,19 16:31:13 | 000,017,408 | -H-- | M] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,15 17:43:47 | 000,154,909 | -H-- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011,04,13 03:04:41 | 000,016,274 | ---- | M] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011,05,06 11:43:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:20 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | C] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | C] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | C] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 00:38:44 | 000,000,000 | -H-- | C] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | C] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | C] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | C] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:50:55 | 000,212,355 | ---- | C] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,18 11:26:24 | 000,017,408 | -H-- | C] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,13 03:04:41 | 000,016,274 | ---- | C] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[2010,03,11 16:37:27 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010,03,11 16:22:35 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010,03,11 16:15:54 | 000,000,852 | -H-- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010,03,11 16:15:54 | 000,000,096 | -H-- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010,03,11 16:11:50 | 000,045,056 | -H-- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009,11,13 21:08:56 | 000,040,588 | -H-- | C] () -- C:\windows\System32\nvcoproc.bin
[2009,08,03 18:21:54 | 000,197,912 | -H-- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009,07,14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009,07,14 14:33:53 | 000,446,904 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009,07,14 12:05:48 | 000,711,442 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009,07,14 12:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009,07,14 12:05:48 | 000,139,504 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009,07,14 12:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009,07,14 12:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009,07,14 12:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009,07,14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009,07,14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009,07,14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009,06,11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009,04,28 22:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010,12,02 11:18:59 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\AVG10
[2011,05,01 00:46:04 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\foobar2000
[2010,07,01 08:45:38 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Toshiba
[2010,06,06 04:14:07 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Ulead Systems
[2011,04,29 16:32:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\uTorrent
[2010,08,17 17:23:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Vodafone
[2010,04,18 04:23:43 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\WildTangent
[2011,02,05 19:17:43 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\AVG10
[2011,04,29 18:09:38 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\foobar2000
[2010,07,01 09:28:15 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\Toshiba
[2011,05,08 22:49:43 | 000,032,544 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#26
zzedexx

Posted 08 May 2011 - 12:50 PM

Member

Topic Starter
Member
37 posts

Hi again

just tried the MS FixIt in both normal and agressive modes..

Alas, check for updates is still generating the same Error message code :/ aka http://img218.images...dcode800700.jpg

What do u think could be wrong / can be done ?

Thx!

Zed

#27
Homburg

Posted 09 May 2011 - 02:08 AM

Trusted Helper

Malware Removal
665 posts

Hi zed,

That error code usually means that you don't have the necessary permissions to run the updates. I've also found a newer version of FIXIT.

Please do the following:

Make sure the account you're logged on with has full Administrator rights.

Goto here and follow the FIXIT instructions.

If it still does not work try to run the updates with your Firewall and AntiVirus temporarily disabled.

Let me know how you get on

Homburg

#28
zzedexx

Posted 09 May 2011 - 04:00 AM

Member

Topic Starter
Member
37 posts

Hi homburg,

thanks again for persisting with this!

alas, Fixit found something to repair but windows still wouldn't update.

this account is meant to be my admin acct but when i went to doublecheck the account status and make sure the permissions were still available i discovered the control panel Admin Tools folder (Control Panel\All Control Panel Items\Administrative Tools) is strangely 'empty' :unsure:

in an effort to make sure it ran i used Right click / Run as admin

i also tried diabling AVG / Win Firewalls but still got the update error.

Fixit had results i could save to file

html version is attached, text version is pasted here:

Windows UpdatePublisher details

Issues found
Repair Windows Update componentsRepair Windows Update components
Repairing Windows Update components frequently resolves common Windows
Update errorsFixed
Windows Update components must be repairedSucceeded

Issues checked
Repair default Windows Update locationsRepair default Windows Update
locations
Change Windows Update locations to Windows default settingsChecked

Issues foundDetection details

5Repair Windows Update componentsFixed

Repairing Windows Update components frequently resolves common Windows
Update errors
Windows Update components must be repairedSucceeded

One or more Windows Update components are configured incorrectly

Issues checkedDetection details

5Repair default Windows Update locationsChecked

Change Windows Update locations to Windows default settings
Default Windows Update data locations have changedNot Run

The location where Windows Update stores data has changed and must
be repaired

Detection details

Collection information
Computer Name: BEUCEPHALUS
Windows Version:6.1
Architecture:x86
Time:Monday, May 09, 2011 7:29:37 PM

Publisher details

Windows Update
Resolve problems that prevent you from updating Windows.
Package Version:4.0.2.20110211
Publisher:Microsoft Corporation

Thanks again for trying to work this out

Zed

Attached Files

ResultReport_html#88591674html.zip 3.87KB 94 downloads

Edited by zzedexx, 09 May 2011 - 04:04 AM.

#29
Homburg

Posted 09 May 2011 - 11:44 AM

Trusted Helper

Malware Removal
665 posts

Hello zed,

Please go here and run option 2. This should reset Windows Update to default settings. If this still does not work, please create another account with Admin rights and try the updates using that account.

Homburg