| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 72723 | 2006-09-24 00:03:00 | Microsoft Update wont install | wooda2 (4837) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 486925 | 2006-09-24 00:03:00 | Hi All..........Since getting broadband on a while ago we cant install our updates. They will download but not install. After running Spybot we come up with: Virtumonde: Browser helper object (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} AstaKiller: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Start!=W=2 Smitfraud-C.Toolbar888: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} UCmore: User settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Effective-i Windows.Security.InternetExplorer: Settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-1220945662-1364589140-725345543-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_ LOCKDOWN\iexplore.exe!=W=1 Windows.Security.InternetExplorer: Settings (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_ LOCKDOWN\iexplore.exe!=W=1 --- Spybot - Search && Destroy version: 1.3 --- 2006-09-22 Includes\Cookies.sbi 2006-09-22 Includes\Dialer.sbi 2006-09-22 Includes\Hijackers.sbi 2006-09-22 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2006-09-22 Includes\Malware.sbi 2006-09-22 Includes\PUPS.sbi 2006-09-22 Includes\Revision.sbi 2006-09-22 Includes\Security.sbi 2006-09-22 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2006-09-22 Includes\Trojans.sbi Would appreciate some help. Spybot trys to remove this lot but doesn't |
wooda2 (4837) | ||
| 486926 | 2006-09-24 00:09:00 | Do it in safe mode. See if it removes them. And make sure you're using 1.4 with the updates from last week installed. | Speedy Gonzales (78) | ||
| 486927 | 2006-09-24 00:55:00 | Hi Speedy... i Did that a few times in Safe Mode..........it says these 3 are gone but on subsequent scans they're still there. Smitfraud-C.Toolbar888: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} AstaKiller: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Virtumonde: Browser helper object (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-09-24 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2006-02-06 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2006-02-20 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-09-22 Includes\Cookies.sbi (*) 2006-09-22 Includes\Dialer.sbi (*) 2006-09-22 Includes\Hijackers.sbi (*) 2006-09-22 Includes\Keyloggers.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2006-09-22 Includes\Malware.sbi (*) 2006-09-22 Includes\PUPS.sbi (*) 2006-09-22 Includes\Revision.sbi (*) 2006-09-22 Includes\Security.sbi (*) 2006-09-22 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-09-22 Includes\Trojans.sbi (*) |
wooda2 (4837) | ||
| 486928 | 2006-09-24 01:00:00 | Get this file (siri.urz.free.fr) From here (siri.urz.free.fr) Follow the instructions on this site. See if that removes Smitfraud. |
Speedy Gonzales (78) | ||
| 486929 | 2006-09-24 04:08:00 | It has got rid of the 2 quicklaunch toolbars that started on booting but still no luck with updates, I can download them but they wont install I turn off the firewall when trying this. |
wooda2 (4837) | ||
| 486930 | 2006-09-24 05:08:00 | Check your clock and date...if they are out of synch with the updates...you won't get them. Just a thought.... | SurferJoe46 (51) | ||
| 486931 | 2006-09-24 05:14:00 | Get hijackthis (www.bleepingcomputer.com) From here (www.merijn.org) Unzip this file, run it then click on scan and save a log. Post the log back here. |
Speedy Gonzales (78) | ||
| 486932 | 2006-09-24 11:16:00 | --- Spybot - Search && Destroy version: 1.3 --- Spybot trys to remove this lot but doesn't your useing an old outdated ver of spybot. download the latest ver and make your you run the updater in it. |
tweak'e (69) | ||
| 486933 | 2006-09-26 23:44:00 | Hi......I updated Spybot and removed a couple of things. A WinAntiVirus Pro window pops up now and then and no way can I install Microsoft Updates Here is my Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 10:38:13, on 27/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\WINNT\System32\khooker.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Documents and Settings\Mark Robinsons\Desktop\Maintenance\New Folder\HijackThis.exe C:\Program Files\Opera\Opera.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {3DA97A38-C70F-4229-9497-2D6CF8BB47E7} - C:\WINNT\system32\geebx.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\cbxuust.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://E:\SuperCD\IntraLaunch.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C61C59-22D1-42DD-AA20-573CF4910CC4}: NameServer = 203.96.152.4,203.96.152.12 O20 - Winlogon Notify: cbxuust - C:\WINNT\SYSTEM32\cbxuust.dll O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll O20 - Winlogon Notify: ssqrqnn - C:\WINNT\SYSTEM32\ssqrqnn.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: Microsoft Language Service (Windows Language Service) - Unknown owner - C:\WINNT\alg.exe (file missing) Thanks to all those helping me :) |
wooda2 (4837) | ||
| 486934 | 2006-09-27 02:19:00 | Hi . . . Please download Combofix: . bleepingcomputer . com/sUBs/combofix . exe" target="_blank">download . bleepingcomputer . com and save to the desktop . 1 . Double click on combo . exe & follow the prompts . 2 . When finished, it will produce a logfile located at C:\ComboFix . txt . 3 . Post the contents of that log in your next reply with a new hijackthis log . Notes: * Do not mouseclick combofix's window while it is running . That may cause your system to stall/hang . * Do not proceed with the rest of the fix if you fail to run combofix * Disable script blocking if you have NAV installed so it will not interfere with the fix . Trojan Hunter has been reported to detect combofix as Worm . Qiv . 100 . |
Pancake (6359) | ||
| 1 2 3 | |||||