Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to windows update


  • This topic is locked This topic is locked
2 replies to this topic

#1 terrapan11dom

terrapan11dom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Walton on Thames, Surrey, U.K.
  • Local time:11:10 AM

Posted 14 August 2010 - 05:51 PM

I will try and explain the problem I have.

my computer was affected by a virus/ Trojan which I believe was the conficker virus.

which took total and complete control of my computer.
It took me a week to clean it up, and as my windows explorer (IE7) and windows update would not work I decided to replace with IE8. It made matters worse I then deleted IE8 as much as I could and loaded Microsoft security essentials with found and deleted a few more trojans/viruses. I then used windows repair (my disk is service pack2) and found that my AVG would not work without re-inputting the registration number. which I could not find as it was only recorded in the computer). I could re-loaded IE7 but still could not get windows update to work. I downloaded AVG into another computer tried to reload into my computer after deleting the old version, without any success, as the the version of AVG required Service pack3. My windows disc was service pack 2 and I could not download service pack 3 from windows update.

however.I ran all the diagnostic program I could and cleared up the computer further.also managed to manually reset the security policy which had been edited by the virus.

I downloaded service pack 3 (the IT technicians version which is stand alone) and reloaded AVG. The computer worked fine after loading AVG evrything. And I updated all the Antivirus software and spyware., and the checks did not show any virus.
I Ran Microsoft essentials, Paretologic Anti-spyware,regcure,ashampoo win optimiser6,super anti spyware, cc cleaner, virus effect cleaner, malaware bytes,sophos root kit Norman TDSS cleaner, Karpinsky tdss killer, and everything was all clear.

However When I run hitman pro 3.5 it makes the following statement
" Possible Variant of the TDL3 (Alias Alureon) rootkit detected, the device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files. but niether this or any other program finds any virus or trojan.

I still cannot connect to windows update.
The posting from Combofix which found a root kit and deleted the following 3 files:
c:windowssystem32Cache
c:windowssystem32dll
c:windowssystem32Thumbs.db

is attached hereto



Hitman pro 3.5 still finds the root virus but cannot do anything to clear it.

Any help or advice on the matter would be greatly appreciated.

Thanks and
kind rgds

terranpan11dom

p.s. Windows update log shows

2010-08-09 11:29:50:953 1448 1684 PT WARNING: PTError: 0x80072ee6
2010-08-09 11:29:50:953 1448 1684 PT WARNING: Initialization failed for Protocol Talker Context: 0x80072ee6
2010-08-09 11:29:50:968 1448 1684 Report WARNING: Reporter failed to upload events with hr = 80072ee6.
2010-08-09 11:29:50:968 1448 1684 PT WARNING: PTError: 0x80072ee6
2010-08-09 11:29:50:968 1448 1684 PT WARNING: Initialization failed for Protocol Talker Context: 0x80072ee6
2010-08-09 11:29:50:968 1448 1684 Report WARNING: Reporter failed to upload events with hr = 80072ee6.
2010-08-09 11:29:50:968 1448 1684 Agent *************
2010-08-09 11:29:50:968 1448 1684 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2010-08-09 11:29:50:968 1448 1684 Agent *********
2010-08-09 11:29:50:968 1448 1684 Agent * Online = Yes; Ignore download priority = No
2010-08-09 11:29:50:968 1448 1684 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2010-08-09 11:29:50:968 1448 1684 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2010-08-09 11:29:50:968 1448 1684 Agent * Search Scope = {Machine}
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: WinHttpCrackUrl failed. error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: Initialize failed with 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: WinHttpCrackUrl failed. error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: Initialize failed with 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: WinHttpCrackUrl failed. error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: Initialize failed with 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: WinHttpCrackUrl failed. error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: WinHttp: Initialize failed with 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Misc WARNING: DownloadFileInternal failed for enabled/selfupdate/wuident.cab: error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Setup FATAL: IsUpdateRequired failed with error 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Setup WARNING: SelfUpdate: Default Service: IsUpdateRequired failed: 0x80072ee6
2010-08-09 11:29:50:984 1448 1684 Setup WARNING: SelfUpdate: Default Service: IsUpdateRequired failed, error = 0x80072EE6
2010-08-09 11:29:50:984 1448 1684 Agent * WARNING: Skipping scan, self-update check returned 0x80072EE6
2010-08-09 11:29:51:000 1448 1684 Agent * WARNING: Exit code = 0x80072EE6
2010-08-09 11:29:51:000 1448 1684 Agent *********
2010-08-09 11:29:51:000 1448 1684 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]

COMBOFIX LOG

ComboFix 10-08-14.02 - suren 14/08/2010 21:23:00.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1455 [GMT 1:00]
Running from: c:documents and settingssurenMy DocumentsDOWNLOADSComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32Cache
c:windowssystem32dll
c:windowssystem32Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 16:34 . 2010-08-14 20:22 -------- d-----w- c:windowssystem32CatRoot2
2010-08-14 14:56 . 2010-08-14 14:56 -------- d-----w- c:documents and settingsLocalService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2010-08-14 14:56 . 2010-08-14 14:56 -------- d-sh--w- c:documents and settingsLocalService.NT AUTHORITY
2010-08-14 13:33 . 2010-08-14 13:33 73728 ----a-w- c:documents and settingsAll UsersApplication DataTrusteerRapportstoreextsRapportMR16072ncqo.exe
2010-08-14 13:33 . 2010-08-14 13:33 417792 ----a-w- c:documents and settingsAll UsersApplication DataTrusteerRapportstoreextsRapportMR16072RapportMR.dll
2010-08-14 10:33 . 2010-08-14 10:33 -------- d-----w- c:program filesTrusteer
2010-08-13 21:06 . 2010-08-13 21:06 -------- d-----w- c:program filesCommon FilesJava
2010-08-13 20:49 . 2010-08-13 20:49 17801 ----a-w- c:windowssystem32driversAegisP.sys
2010-08-13 19:01 . 2010-08-13 19:01 -------- d-----w- c:program filesCommon FilesGibinsoft Shared
2010-08-13 19:01 . 2010-08-13 19:01 -------- d-----w- c:program filesGiPo@Utilities
2010-08-13 16:31 . 2010-08-13 16:32 -------- d-----w- C:party2
2010-08-13 15:29 . 2008-04-13 21:05 32384 -c--a-w- c:windowssystem32dllcacheusb101et.sys
2010-08-13 15:28 . 2001-08-17 12:51 23936 -c--a-w- c:windowssystem32dllcachesccmusbm.sys
2010-08-13 15:27 . 2008-04-13 23:01 2065792 -c--a-w- c:windowssystem32dllcachentkrnlpa.exe
2010-08-13 15:26 . 2001-08-17 21:36 8192 -c--a-w- c:windowssystem32dllcachekbdkor.dll
2010-08-13 15:25 . 2001-08-17 21:36 19456 -c--a-w- c:windowssystem32dllcachehr1w.dll
2010-08-13 15:24 . 2001-08-17 21:36 229462 -c--a-w- c:windowssystem32dllcachedigifwrk.dll
2010-08-13 15:23 . 2001-08-17 12:51 13824 -c--a-w- c:windowssystem32dllcachebulltlp3.sys
2010-08-13 15:22 . 2001-08-17 12:28 871388 -c--a-w- c:windowssystem32dllcachebcmdm.sys
2010-08-13 15:21 . 2001-08-17 13:56 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll
2010-08-13 15:21 . 2008-04-13 23:57 2188928 -c--a-w- c:windowssystem32dllcachentoskrnl.exe
2010-08-13 01:35 . 2010-08-13 01:35 2826192 ----a-w- c:documents and settingssurenApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateaxfpupdateax.exe
2010-08-13 00:04 . 2010-08-13 00:04 -------- d-----w- c:windowsIIS Temporary Compressed Files
2010-08-13 00:02 . 2001-08-23 12:00 605696 -c--a-w- c:windowssystem32dllcachegetuname.dll
2010-08-13 00:01 . 2010-08-13 00:11 -------- d-----w- C:Inetpub
2010-08-13 00:01 . 2010-08-13 00:04 -------- d-----w- c:windowssystem32msmq
2010-08-12 12:32 . 2010-08-12 12:32 61440 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.0424488892a-6e527a5f-ndecora-sse.dll
2010-08-12 12:32 . 2010-08-12 12:32 503808 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-7c2ca5c7-nmsvcp71.dll
2010-08-12 12:32 . 2010-08-12 12:32 499712 ----a-w- c:documents and settingssurenApplication Data

COMBOFIX LOG

ComboFix 10-08-14.02 - suren 14/08/2010 21:23:00.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1455 [GMT 1:00]
Running from: c:documents and settingssurenMy DocumentsDOWNLOADSComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32Cache
c:windowssystem32dll
c:windowssystem32Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 16:34 . 2010-08-14 20:22 -------- d-----w- c:windowssystem32CatRoot2
2010-08-14 14:56 . 2010-08-14 14:56 -------- d-----w- c:documents and settingsLocalService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2010-08-14 14:56 . 2010-08-14 14:56 -------- d-sh--w- c:documents and settingsLocalService.NT AUTHORITY
2010-08-14 13:33 . 2010-08-14 13:33 73728 ----a-w- c:documents and settingsAll UsersApplication DataTrusteerRapportstoreextsRapportMR16072ncqo.exe
2010-08-14 13:33 . 2010-08-14 13:33 417792 ----a-w- c:documents and settingsAll UsersApplication DataTrusteerRapportstoreextsRapportMR16072RapportMR.dll
2010-08-14 10:33 . 2010-08-14 10:33 -------- d-----w- c:program filesTrusteer
2010-08-13 21:06 . 2010-08-13 21:06 -------- d-----w- c:program filesCommon FilesJava
2010-08-13 20:49 . 2010-08-13 20:49 17801 ----a-w- c:windowssystem32driversAegisP.sys
2010-08-13 19:01 . 2010-08-13 19:01 -------- d-----w- c:program filesCommon FilesGibinsoft Shared
2010-08-13 19:01 . 2010-08-13 19:01 -------- d-----w- c:program filesGiPo@Utilities
2010-08-13 16:31 . 2010-08-13 16:32 -------- d-----w- C:party2
2010-08-13 15:29 . 2008-04-13 21:05 32384 -c--a-w- c:windowssystem32dllcacheusb101et.sys
2010-08-13 15:28 . 2001-08-17 12:51 23936 -c--a-w- c:windowssystem32dllcachesccmusbm.sys
2010-08-13 15:27 . 2008-04-13 23:01 2065792 -c--a-w- c:windowssystem32dllcachentkrnlpa.exe
2010-08-13 15:26 . 2001-08-17 21:36 8192 -c--a-w- c:windowssystem32dllcachekbdkor.dll
2010-08-13 15:25 . 2001-08-17 21:36 19456 -c--a-w- c:windowssystem32dllcachehr1w.dll
2010-08-13 15:24 . 2001-08-17 21:36 229462 -c--a-w- c:windowssystem32dllcachedigifwrk.dll
2010-08-13 15:23 . 2001-08-17 12:51 13824 -c--a-w- c:windowssystem32dllcachebulltlp3.sys
2010-08-13 15:22 . 2001-08-17 12:28 871388 -c--a-w- c:windowssystem32dllcachebcmdm.sys
2010-08-13 15:21 . 2001-08-17 13:56 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll
2010-08-13 15:21 . 2008-04-13 23:57 2188928 -c--a-w- c:windowssystem32dllcachentoskrnl.exe
2010-08-13 01:35 . 2010-08-13 01:35 2826192 ----a-w- c:documents and settingssurenApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateaxfpupdateax.exe
2010-08-13 00:04 . 2010-08-13 00:04 -------- d-----w- c:windowsIIS Temporary Compressed Files
2010-08-13 00:02 . 2001-08-23 12:00 605696 -c--a-w- c:windowssystem32dllcachegetuname.dll
2010-08-13 00:01 . 2010-08-13 00:11 -------- d-----w- C:Inetpub
2010-08-13 00:01 . 2010-08-13 00:04 -------- d-----w- c:windowssystem32msmq
2010-08-12 12:32 . 2010-08-12 12:32 61440 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.0424488892a-6e527a5f-ndecora-sse.dll
2010-08-12 12:32 . 2010-08-12 12:32 503808 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-7c2ca5c7-nmsvcp71.dll
2010-08-12 12:32 . 2010-08-12 12:32 499712 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-7c2ca5c7-njmc.dll
2010-08-12 12:32 . 2010-08-12 12:32 348160 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-7c2ca5c7-nmsvcr71.dll
2010-08-12 12:32 . 2010-08-12 12:32 12800 ----a-w- c:documents and settingssurenApplication DataSunJavaDeploymentSystemCache6.0424488892a-6e527a5f-ndecora-d3d.dll
2010-08-11 21:36 . 2010-08-11 21:36 -------- d-----w- c:program filesCommon FilesSkype
2010-08-11 21:36 . 2010-08-11 21:36 -------- d-----r- c:program filesSkype
2010-08-11 20:06 . 2008-04-14 04:41 23552 -c--a-w- c:windowssystem32dllcachefxsmon.dll
2010-08-11 20:05 . 2008-04-14 04:42 39936 -c--a-w- c:windowssystem32dllcachesnmpthrd.dll
2010-08-11 20:05 . 2008-04-14 04:42 39936 ----a-w- c:windowssystem32wbemsnmpthrd.dll
2010-08-11 20:05 . 2008-04-14 04:41 101888 -c--a-w- c:windowssystem32dllcacheevntagnt.dll
2010-08-11 20:05 . 2008-04-14 04:41 101888 ----a-w- c:windowssystem32evntagnt.dll
2010-08-11 20:05 . 2008-04-14 04:41 331264 -c--a-w- c:windowssystem32dllcacheaqueue.dll
2010-08-11 20:05 . 2008-04-14 04:42 294912 -c----w- c:windowssystem32dllcachedlimport.exe
2010-08-11 19:19 . 2010-08-11 19:19 -------- d-----w- c:documents and settingssurenApplication DataAVG9
2010-08-11 19:03 . 2001-08-23 12:00 16384 -c--a-w- c:windowssystem32dllcachequser.exe
2010-08-11 19:02 . 2001-08-23 12:00 10096640 -c--a-w- c:windowssystem32dllcachehwxcht.dll
2010-08-11 18:59 .

Edited by hamluis, 14 August 2010 - 07:09 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:10 AM

Posted 21 August 2010 - 01:56 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:10 AM

Posted 31 August 2010 - 01:44 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users