[CompCav]

The admin profile should have full rights.

I appreciate your efforts.


Step 1.

Let's remove the admin access for now.

Open the elevated prompt, type in

net user administrator /active:no

Then close the elevated command prompt box.


Step 2.

Difficult registry merges that appear to not have sufficient privileges.
If you need it here is the BITs.reg file again:
 BITS.reg   6.14KB   194 downloads


1.Download PsTools,extract from this psexec.exe file and put it in C:\Windows\System32
2.Download fix for BITS service to your desktop.
3..Run cmd.exe with administrative privileges (right click on cmd.exe and choose "run as admin") and type:

psexec -s -i -d C:\WINDOWS\regedit


//This command runs regedit from System account.//

4.Go to File>>Import choose location where you stored BITs.reg file,choose it and apply.

5.Restart Computer


Once restarted try to update and let me know the outcome.

[Advertisements]

i am currently attempting to download the updates. However, it has been about 30 minutes and the progress information still shows as 0 KB and 0%. Fingers crossed, but it isn't looking good. One thing I have to report is that when i went to run the regedit program, when I clicked import, I got a popup about the system32 folder not being available on (if i recall correctly) any of the storage devices available, or something similar. Unfortunately, I didn't write it down, so I cant provide the complete transcript of what the popup said. But if this download fails, do you want me to retry the regedit thing so I can provide you with that message?

[cleftuppercut]

i am currently attempting to download the updates. However, it has been about 30 minutes and the progress information still shows as 0 KB and 0%. Fingers crossed, but it isn't looking good. One thing I have to report is that when i went to run the regedit program, when I clicked import, I got a popup about the system32 folder not being available on (if i recall correctly) any of the storage devices available, or something similar. Unfortunately, I didn't write it down, so I cant provide the complete transcript of what the popup said. But if this download fails, do you want me to retry the regedit thing so I can provide you with that message?

[cleftuppercut]

All updates just failed. Error code 80246008. Wait. I think I extracted the whole PStools folder into system32, and not just the psexec.exe file. Would that be the possible problem?

[CompCav]

Make sure the file psexec.exe is in the c:\windows\system32 directory and not a sub directory beneath it.

[cleftuppercut]

if i re-extract the file into system32, will that work, or will the previous extract of the files interfere?

[CompCav]

The only thing that is important is if the file is in the C:\WINDOS\System32\ directory.

[CompCav]

Click Start >> Computer >> c: local drive >> Windows >> system32 and make sure that psexec.exe is there.

[CompCav]

Once you have verified the file I need you to run another OTL scan:

Please re-open OTL

• Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
• You will see a console like the one below:

• At the top of the console click the greyed out None button.<---Very Important
• Make sure the Output box at the top is set to Standard Output.
• Please copy paste the following lines in the Custom Scans/Fixes box:
  
  HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open a notepad window, OTL.txt.

Please post the contents.

[cleftuppercut]

Back at home. The DNS was not a problem when I set the computer up at home for some reason. Also, I verified that the PsExec.exe file is present in sys32. Here is the OTL log:

OTL logfile created on: 8/16/2012 6:05:12 PM - Run 7
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Bryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 9.23 Gb Available Physical Memory | 77.06% Memory free
23.95 Gb Paging File | 20.82 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 36.14 Gb Free Space | 12.93% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 355.13 Gb Free Space | 90.09% Space Free | Partition Type: NTFS

Computer Name: BRYAN-PC | User Name: Bryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"WOW64" = 1
"ObjectName" = LocalSystem
"DelayedAutostart" = 1
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/20 08:18:08 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2002
"Last Counter" = 2018
"First Help" = 2003
"Last Help" = 2019
"Object List" = 2002
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

< End of report >

[CompCav]

We have a solution from an elevated command prompt :

Go Start > >All Programs >> Accessories
Right click command prompt and select run as administrator
In the black box type the following :

sc delete bits

Reboot and then merge the registry file you downloaded previously

[cleftuppercut]

Done . Merged the BITS file, and received a prompt saying something along the lines of 'these files and values have been successfully added to the registry.' Now what?

[CompCav]

Reboot and run updates.

[cleftuppercut]

17~18 updates downloaded and installed! Just let me know what the next step is.

Edited by cleftuppercut, 18 August 2012 - 12:58 AM.

[CompCav]

Step 1.

• Update Malwarebytes' Anti-Malware
• If an update is found, it will download and install the latest version.
• Once the the update is finished, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

Please post:


mbam log
security check log

Please give me an update on how your computer is doing!

[cleftuppercut]

MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bryan :: BRYAN-PC [administrator]

8/18/2012 6:10:53 PM
mbam-log-2012-08-18 (18-10-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241928
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)