Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Automatic update won't star

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Automatic update won't star

Unread postby RobSusie » January 31st, 2009, 2:31 pm

I'm running Windows XP home edition SP2. I had to do a PC system restore after the computer became completely unresponsive while trying to attach an Xbox to the computer monitor.
Now everything works OK except when I try to perform windows updates I get a message from Microsoft site that files needed are no longer registered. The site tries to register files but simply freezes and never completes any updates. I've been to several help forums and have tried their suggestions to manually re-register dll files which Ihave done. They all seem to register successfully, but I still can't get updates. The Automatic Updates services is permanently set to "stopping" and I can't alter it, not even manually I ran HijackThis and the log file is attached. Any help would be appreciated.

Rob
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:20 PM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\RobSusan\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0857309312
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6854 bytes
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm
Advertisement
Register to Remove

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » February 25th, 2009, 9:43 am

Hi RobSusie,

Step 1

Please download DDS from Bleeping Computer and save it to your desktop.

Double click on dds to run it.

When done, DDS.txt will open. Another file, Attach.txt will open after a short while. Please save these 2 files to your desktop as they will be deleted once you close them.

Please attach Attach.txt in your next reply by scrolling down to Upload attachment and clicking on Browse....

An image is below for your reference:

Image

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt (attached to this topic)
  3. Gmer.txt
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » February 25th, 2009, 11:48 pm

I've run dds ,attach and Gmer. The log files are attached. Thanks
You do not have the required permissions to view the files attached to this post.
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » February 26th, 2009, 8:23 am

Hi RobSusie,

Your logs look clean. You will need to remove this old version of Java as it's prone to exploits.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate Java 2 Runtime Environment, SE v1.4.2_03 and click on Change/Remove button to uninstall it.

Next, please perform a scan with Kaspersky.

  1. Please download Kaspersky Scaner and save it to your desktop. Please do not download the scanner if you do not intend to run a scan as it's being updated regularly.
  2. Double click on setup_7.0.0.290_XX.XX.XXXX_XX-XX.exe (where X are numbers) to install it.
  3. When installation is done, it will start running.
  4. Select Automatic Scan tab. Check (tick) all the boxes except the following:
    • 3.5 Floppy
    • CD/DVD drive
  5. Next, click on the Settings link.
  6. A new window will open.
  7. Under Security Level, click on the Customize... button.
  8. Another new window will open.
  9. In the General tab, under Compound files, check (tick) this box: Parse email formats.
  10. Next, select Heuristic analyzer tab.
  11. Under Rootkits search, check (tick) this box: Enable deep rootkit search. Drag the slider to Medium and click OK to apply the settings.
  12. Click OK again to get back to the main screen.
  13. Click on Scan to start the scan.
  14. When done, click on Reports... > Save to file....
  15. Save this report to your desktop. Please post the Detected section of the report in your next reply.
  16. Close Kaspersky scanner. You will be prompted to uninstall it when it's closed. Please do so.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » February 26th, 2009, 10:02 pm

I removed the old Java version as you suggested.
Although I can download the Kaspersky Scanner, I've been unable to install it after multiple attempts. The program begins extracting files, but then stops after about 10 seconds, and never completes the install.
I have Kaspersky Internet Security 2009 installed,and I ran a full system scan. It turned up the following virus......virusHEUR:Exploit.Script.Generic.
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » February 27th, 2009, 8:32 am

Hi RobSusie,

May I know the file name and the file path?

For example - C:\Windows\a.exe
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » February 27th, 2009, 11:55 am

The file name and path for the Kaspersky Scanner :
C:\Documents and Settings\RobSusan\Desktop\setup_7.0.0.290_26.02.2009_17-32.exe
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » February 27th, 2009, 12:10 pm

Sorry, I meant the file name and path of the virus reported by Kaspersky.

It turned up the following virus......virusHEUR:Exploit.Script.Generic.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » February 27th, 2009, 4:32 pm

It looks like the virus was quarantined and now it's been disinfected. I can't find it. I reran the Kaspersky full scan and it returned the following list of events:

2/26/2009 12:44:14 PM c:\program files\adobe\acrobat 6.0\reader\acrord32.exe
2/26/2009 12:44:14 PM c:\program files\microsoft office\office11\excel.exe
2/26/2009 12:44:15 PM c:\program files\microsoft office\office11\powerpnt.exe
2/26/2009 12:44:19 PM c:\program files\microsoft office\office11\winword.exe
2/26/2009 12:44:27 PM c:\program files\quicktime\quicktimeplayer.exe
2/26/2009 12:44:27 PM c:\program files\real\realplayer\realplay.exe
2/26/2009 12:50:44 PM c:\Documents and Settings\RobSusan\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\virusscanner[1].htm
2/26/2009 12:51:41 PM c:\i386\Flash.ocx
2/26/2009 12:55:01 PM c:\program files\adobe\acrobat 6.0\reader\acrord32.exe
2/26/2009 12:55:01 PM c:\program files\adobe\acrobat 6.0\reader\AcroRd32.bak
2/26/2009 12:56:23 PM c:\program files\Common Files\AOL\Flasha.ocx
2/26/2009 12:58:10 PM c:\program files\Dell\Media Experience\InterActual\bin\pcfpatch
2/26/2009 12:58:38 PM c:\program files\InterActual\InterActual Player\bin\pcfpatch
2/26/2009 1:00:26 PM c:\program files\quicktime\quicktimeplayer.exe
2/26/2009 1:00:27 PM c:\program files\real\realplayer\realplay.exe
2/26/2009 1:05:10 PM c:\Documents and Settings\RobSusan\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\virusscanner[1].htm
2/26/2009 12:50:44 PM c:\Documents and Settings\RobSusan\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\virusscanner[1].htm Postponed
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » February 28th, 2009, 2:23 pm

Hi RobSusie,

The log doesn't tell much. Can these files be scanned? Or did Kaspersky report that they are infected?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » February 28th, 2009, 11:01 pm

Kaspersky reported these as "vulnerabilites", not that they were infected.
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » March 1st, 2009, 12:01 am

Okie. :)

Let's try this.

Please download Dial-a-fix from one of the following links:

Link 1
Link 2

Save it to your desktop.

  1. Right click on Dial-a-fix-v0.60.0.24.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on Dial-a-fix.exe[/b] to run it.
  7. Under Prep, please tick this box - Empty temp folders.
  8. Under MSI, please tick this box - Fix Windows Installer:.
  9. Under WU/WUAU, tick this box - Fix Windows Update.
  10. Click on GO. The GO button will grey out.
  11. When done, the GO button will be back to black again. Click on Exit to close Dial-a-fix.
  12. Restart your computer and try updating Windows again. Let me know if it works.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » March 1st, 2009, 11:07 pm

I have to go out of town for a few days and will be away from my computer.
I'll try your suggestions as soon as i get back, if that's OK with you.
Rob
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm

Re: Windows Automatic update won't star

Unread postby ndmmxiaomayi » March 2nd, 2009, 8:10 am

Hi Rob,

That's not an issue. :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows Automatic update won't star

Unread postby RobSusie » March 8th, 2009, 1:05 pm

Hi,
I downloaded and ran Dial a Fix. It hung up briefly and gave methe following: "Error code-2147023824 while trying to register C:\WINDOWS\sysytem32\wuaueng.dll. The error text is: The specified service has been marked for deletion. Dial a Fix currently has no suggestions for this error code...." Followed by a suggestion to e-mail them the log page. I've attached the log file that was available after Dial a Fix finished. I restarted the computer and still could not update Windows
You do not have the required permissions to view the files attached to this post.
RobSusie
Regular Member
 
Posts: 15
Joined: January 31st, 2009, 2:18 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware