Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can not install windows updates, any other windows proccesses

Started by jnrz2 , Oct 13 2009 04:46 PM

  • Please log in to reply

#1
jnrz2
Posted 13 October 2009 - 04:46 PM

jnrz2

    Member

  • Member
  • PipPip
  • 31 posts
So, I cannot install windows updates I get an error and cannot find help on the error anywhere on the microsoft website or google. Here is a link to a previous topic as I was requested to Complete the malware and spyware cleaning on the website. Nothing has changed, 0 infected files. This XP install is VERY new and has minimal new installs on it. I did run Combofix like 3 months ago and i think that might have caused the registry errors (what i think this is)

here is the link to my original topic..
http://www.geekstogo...ro-t255021.html

i will repost the MBAM log even tho it returned 0 infections..
  • 0

Advertisements

#2
jnrz2
Posted 13 October 2009 - 04:46 PM

jnrz2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 10/13/2009 6:13:19 PM - Run 3
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Krilluh\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 289.85 Mb Available Physical Memory | 56.67% Memory free
1.97 Gb Paging File | 1.78 Gb Available in Paging File | 90.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 3.89 Gb Free Space | 40.77% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 59.97 Gb Free Space | 40.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONE-3B95A0FD7E
Current User Name: Krilluh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Krilluh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Krilluh\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (WUSB54GCSVC [Disabled | Stopped]) -- File not found

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/20 22:54:02 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - Startup: C:\Documents and Settings\Krilluh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 19:10:52 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/04 05:12:33 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/13 17:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/08 14:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Krilluh\Application Data\LimeWire
[2009/10/13 17:49:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Krilluh\Application Data\Malwarebytes
[2009/10/05 21:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\ATITool
[2009/10/13 17:47:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/13 17:49:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/13 18:11:42 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/13 17:49:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/13 17:49:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 14:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Krilluh\My Documents\LimeWire

========== Files - Modified Within 14 Days ==========

[2009/10/13 17:59:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/13 17:59:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/13 17:49:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 17:47:22 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Krilluh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/13 17:47:20 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Krilluh\Desktop\NTREGOPT.lnk
[2009/10/13 17:47:20 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Krilluh\Desktop\ERUNT.lnk
[2009/10/13 17:11:32 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1202660629-854245398-1003Core1ca00d4749fd70.job
[2009/10/13 17:11:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/10 15:15:48 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Krilluh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 20:25:10 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\Krilluh\Desktop\Shortcut to Ventrilo.lnk
[2009/10/07 16:40:26 | 00,002,204 | ---- | M] () -- C:\Documents and Settings\Krilluh\Desktop\Google Chrome.lnk
[2009/10/04 16:40:26 | 00,001,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Catalyst Control Center.lnk

========== Files - No Company Name ==========
[2009/10/13 17:49:51 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 17:47:21 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Krilluh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/13 17:47:19 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Krilluh\Desktop\NTREGOPT.lnk
[2009/10/13 17:47:19 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Krilluh\Desktop\ERUNT.lnk
[2009/10/08 20:25:09 | 00,000,606 | ---- | C] () -- C:\Documents and Settings\Krilluh\Desktop\Shortcut to Ventrilo.lnk
[2009/08/04 02:28:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\vbxtct32.dll
[2009/07/14 13:20:13 | 00,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2009/07/14 13:12:35 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2009/07/03 01:45:28 | 06,405,132 | -H-- | C] () -- C:\Documents and Settings\Krilluh\Local Settings\Application Data\IconCache.db
[2009/06/20 22:44:11 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\Krilluh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/20 22:19:03 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/06/20 22:12:24 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Krilluh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 22:09:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Krilluh\Application Data\desktop.ini
[2009/06/20 00:45:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/06/20 00:30:35 | 00,000,805 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/06/20 00:30:06 | 00,000,327 | ---- | C] () -- C:\WINDOWS\system.ini
[2009/06/20 00:29:29 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/06/20 00:27:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/05/22 16:20:26 | 00,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2006/05/22 16:20:26 | 00,000,266 | -HS- | C] () -- C:\Program Files\desktop.ini

========== LOP Check ==========

[2009/06/20 00:45:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/04 11:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 21:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/07/07 17:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/20 00:45:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Krilluh\Application Data
[2009/06/21 07:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Krilluh\Application Data\Aim
[2009/07/07 17:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Krilluh\Application Data\ATI
[2009/10/08 14:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Krilluh\Application Data\LimeWire
[2009/09/20 20:26:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Krilluh\Application Data\Ventrilo
[2007/09/04 09:21:42 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/13 17:59:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/13 17:11:32 | 00,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1202660629-854245398-1003Core1ca00d4749fd70.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2007/09/04 09:20:34 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2007/09/04 09:22:38 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >
  • 0

#3
jnrz2
Posted 13 October 2009 - 04:48 PM

jnrz2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 2

10/13/2009 6:44:46 PM
mbam-log-2009-10-13 (18-44-46).txt

Scan type: Quick Scan
Objects scanned: 86558
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP