Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE shuts down unexpectedly only on certain sites


  • Please log in to reply

#1
Kyomi

Kyomi

    Member

  • Member
  • PipPip
  • 43 posts
I've noticed this happening for awhile now... when I go to windowsupdate or microsoftupdate IE will open and have the address in the addressbar but just when it's about to display is kills itself. After browsing lots of posts here I have found a couple of malware to remove and have done that but it still is killing itself. I've tried to get the Panda free scan and right after it updates, it kills IE. I've also tried the free scan from eTrust and that one worked, but found nothing. I have been running FireFox for ages now and it works no problem on anything and anysite. I have used ATF Cleaner, KillBox, ComboFix, VundoFix and AVG Anti-spyware. I am all out of options on what I need to do. The HijackThis log follows:

Logfile of HijackThis v1.99.1
Scan saved at 1:19:16 AM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgfwsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyomi\Desktop\Other Stuff\Anti-Virus & Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: hpoddt01.exe.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153180826671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A54DF911-3ACD-495A-ADFE-DCD48CF7399A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{A54DF911-3ACD-495A-ADFE-DCD48CF7399A}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Edited by Kyomi, 25 October 2006 - 11:23 PM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Hi Kyomi,

There are a few things in your log I don't understand.
So before I can suggest a fix I would like to know which firewall you are using.

I see elements from both Sygate and AVG in your log and running two firewalls on one computer can cause severe problems and conflicts.

Then there is
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
This means someone disabled the Control Panel in IE.
Where this might be effective against fellow users of the same computer it is futile against malware.
So if you are the only user, I will remove it.

Other then that I see a Java version only partly working, so we will need to work on that, because it could be a cause for the problems with the online scans.
  • 0

#3
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I'm using Sygate right now... AVG Firewall came with the anti-spyware prog. and I like sygate better right now. So whats going on is the AVG Firewall is just letting everything through and the sygate is actually working. And whats this about the java partially working? I thought it was working fine... I could program and everything and it worked fine :whistling:

ty for the reply though and hopefully I can get this thing solved soon :blink:
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
First AVG is nested in your LSP stack:
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

That doesn't necessarily have to be a problem, but it could lead to connectivity problems.

Then the Java plugin for IE is missing:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)

Let'tackle that first by Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Regards,
  • 0

#5
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Alright, downloaded and updated java to version 9 I believe is what it said and cleaned everything out.
Here is a new HijackThis log :blink:

Logfile of HijackThis v1.99.1
Scan saved at 4:14:19 AM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgfwsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyomi\Desktop\Other Stuff\Anti-Virus & Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: hpoddt01.exe.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153180826671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A54DF911-3ACD-495A-ADFE-DCD48CF7399A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{A54DF911-3ACD-495A-ADFE-DCD48CF7399A}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


If theres anything else you need let me know :help:
And while I was rebooted I noticed something odd.. Is it normal for windows to sit at the log off screen for 3-4 mins and then reboot? I thought it was quicker before like it just briefly showed up and then went about it's business. :whistling:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Depends on what has been done during the session.
If updates or installs have been done the shutdown will take a little longer.

Your log (still) looks good.
The only thing that worries me is that you seem to have two firewalls (Sygate and AVG)
Can you let me know which one of those two you are actually using?

Regards,
  • 0

#7
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I'm actually using the Sygate firewall and the one that comes with the AVG anti-spyware is just set to allow all so I'm not using that one.

I also just noticed something odd... automatic updates don't work now. I can see the icon in the taskbar and it'll just stay there saying "Downloading Updates 0%" for a minute then just disappear.
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of avgfwafu.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Reboot and try the sites/update again.
  • 0

#9
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
All that you had me do was disable the firewall in AVG and nothing else, the sites and automatic update still aren't working. Although, almost any other kind of automatic update works fine, downloading new spyware databases and cleaning methods works fine also. I'm just not able to get to windowsupdate and have it do what it needs to do :/

The HijackThis log hasn't changed much from the last time.. if theres anything else you need me to do, tell me :whistling:
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
I am well aware of what I did and as I said before, I consider running two firewalls a possible cause for all kinds opf problems.


1. Click Start, and then click Run.
2. In the Open box, type %windir%\windowsupdate.log, and then click OK.

The Windowsupdfatelog will open.
If it's not too big post the content. If that doesn't fit attach it to your next post.
  • 0

Advertisements


#11
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Yeah, that file is *huge* and started back on 7/18. I did notice one odd line that kept re-appearing,
"2006-11-03 10:59:11 900 4e0 DnldMgr * Update is not allowed to download due to regulation."

And I didn't mean to say you don't know what you are doing, I appreciate your help on all of this. Sorry I keep bringing new things up... but I noticed that I'm not able to open up windows help and support or System Information.

I had to zip the file because it was telling me it was too large for some post/storage count o.o
Thanks again :whistling:

Attached Files


  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
There are several places in the registry where Windows Update can be disabled.

I assumed this computer is not on a corporate network. Is that correct?

First place to check
Click Start > Run > and copy this command into the window:
regedit.exe /e C:\update1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
then click OK to execute that command.

That will create the file C:\update1.txt
Find that file and post the content.
  • 0

#13
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Now that I'm actually looking at things now, I've noticed that when I open up IE the titlebar is different... it does not have that "Microsoft Internet Explorer" tagged onto the end of it. It just says "Google - ".

And no, this PC isn't on a corporate network :whistling: Following is the contents of update1.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]
"AccountDomainSid"=hex:01,04,00,00,00,00,00,05,15,00,00,00,83,3d,2b,46,b4,b7,\
cd,22,43,17,0a,00,32
"SusClientId"="d6d7c4c5-e222-4ce7-b6e2-f5a592d80ee1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004
"ConfigVer"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000c
"ResetAU"=dword:00000001
"NextDetectionTime"="2006-11-04 15:19:30"
"BalloonTime"="2006-11-02 09:12:46"
"BalloonType"=dword:00000004
"DownloadExpirationTime"="2006-11-04 09:13:01"
"ScheduledInstallDate"="2006-11-04 17:00:00"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting]
"BatchFlushAge"=dword:00006625
"SamplingValue2"=dword:0000021a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]
"DefaultService"="7971f918-a847-4430-9279-4a52d1efe18d"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d]
"AuthorizationCab"="muauth.cab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup]
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
That is set to check for updates ones a day, so there should be no problem there.
Let's have a look at some other options.

Copy the part in bold below into notepad and save it as restrictions.bat
Set Filetype to "All "


Reg Query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Policies" /s >> logit.txt

Reg Query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /s >> logit.txt

Reg Query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Policies" /s >> logit.txt

Reg Query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /s >> logit.txt

Start logit.txt


Doubleclick that file and the batch will gather some information and open a textfile.
Can you post the content of that file please?

Regards,
  • 0

#15
Kyomi

Kyomi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I'd like to thank you for all the help you've given me thus far, thanks :whistling:

Below are the contents of the file generated by restrictions.bat:

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_BINARY 9D000000
<NO NAME> REG_SZ
NoDrives REG_DWORD 0x0
NoViewOnDrive REG_DWORD 0x0
NoStrCmpLogical REG_BINARY 00000000
NoDriveAutoRun REG_BINARY FFFFFF03
NoStartBanner REG_DWORD 0x1
DisablePersonalDirChange REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} REG_DWORD 0x1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} REG_DWORD 0x40000021
{0DF44EAA-FF21-4412-828E-260A8728E7F1} REG_DWORD 0x20

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system
dontdisplaylastusername REG_SZ 1
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP