Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Windows Update. Computer Resources Maxed Out.


  • This topic is locked This topic is locked
61 replies to this topic

#1 AugustAPC

AugustAPC

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 02 July 2012 - 12:38 PM

I've been having problems with the same Windows Security Update appearing over and over again. I've tried many times to install the program, sometimes it says that the updates have been installed correctly, sometimes it says that they could not be installed. I also tried using Microsoft's "Fix It" program. I posted a thread here (http://www.bleepingcomputer.com/forums/topic458964.html), detailing my struggles. This problem is causing my computer's resources to be maxed out, forcing me to restart, as I cannot open anymore programs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
Run by Austin Gustafson at 9:21:46 on 2012-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.413 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\www.update
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288273749000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{84427DA0-3E60-4434-A20D-072958FA2AF7} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\austin gustafson\application data\mozilla\firefox\profiles\ji8xiv1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=dikm2mb6g1vbm
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-5-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-5-24 203440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-5-24 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-26 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-5-24 133912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpksl31ac5a10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKsl31ac5a10.sys [?]
S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\mpksl461828cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\MpKsl461828cc.sys [?]
S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\mpksl71a9ace2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\MpKsl71a9ace2.sys [?]
S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpkslc7de6f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKslc7de6f4b.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-21 77624]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\bc.tmp --> c:\windows\system32\BC.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-22 113120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-3-2 27064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-21 181432]
S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-02 05:11:12 -------- d-----w- C:\a2acf2338966f21a02cc1b
2012-07-01 11:10:05 -------- d-----w- C:\d3e8448d5dc3e8e394d752b1
2012-07-01 10:56:46 -------- d-----w- C:\50a055fafd52fd2a5a
2012-06-29 16:59:38 -------- d-----w- C:\1919b87461604beadbc5
2012-06-27 11:31:49 -------- d-----w- c:\documents and settings\austin gustafson\application data\DDMSettings
2012-06-27 11:25:41 -------- d-----w- c:\program files\common files\DivX Shared
2012-06-22 11:08:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 11:08:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 06:07:12 -------- d-----w- c:\documents and settings\austin gustafson\application data\ElevatedDiagnostics
2012-06-14 00:29:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-10 06:17:58 -------- d-----w- C:\a7ce6761b2a8518a0614787f0b095dde
.
==================== Find3M ====================
.
2012-06-28 12:52:40 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52:37 203440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-28 12:52:36 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 9:25:13.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 03:27 PM

Hello AugustAPC,
Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Start >> type in cmd and [Enter-key] to get a command-prompt window
type in
net stop wuauserv <Enter-key>


EXIT <Enter-key>


N.B. That will temporarily stop the windows update automatic service. On your next Windows restart, it will be on again.


Go to Windows Explorer.
Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
Modify following as appropriate.
If your Windows folder is C:\Windows.
Look at this folder
C:\Windows\SoftwareDistribution\Download <<<--- this folder


Delete all the contents of the Download folder.

Next,
Step 4
Download this zip file from here http://sdrv.ms/Kp1lc3 so we can get a report.

Save the zip file to a unique folder.
Un-zip & extract the contents. Then double-click the vbs file to start it.

You will get a Notepad report named UpdateHistory.txt located in your %temp% (temporary file folder).

The topmost entries (at the top of the file) are the most recent update items.

Copy the topmost 2 pages and then paste into your reply here.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 03:55 PM

Report run at 7/5/2012 4:54:10 PM
------------------------------------------------------------------
Title: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656369)
Description: A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Date/Time in GMT: 7/5/2012 8:14:37 PM
Install mechanism: AutomaticUpdates
Install status: Succeeded
------------------------------------------------------------------
Title: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604092)
Description: A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Date/Time in GMT: 7/5/2012 8:13:41 PM
Install mechanism: AutomaticUpdates
Install status: Succeeded

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 04:11 PM

This report shows the sucessful installation of two updates, just this afternoon.
KB2604092 and KB2656369, both .Net Framework 2

and it does not show "failures". It appears this pc is over the hurddle, as far as MS updates.
But please make a new online visit, using Internet Explorer
go to http://windowsupdate.microsoft.com

Wait a bit for it to fully populate. Then select Custom scan.
Disregard anything "Optional".

See IF anything Important or Critical related to Windows XP is offered. If none, then close IE and report back.

Edited by Maurice Naggar, 05 July 2012 - 04:12 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 04:22 PM

It's saying the same 3 updates need to be installed. There are also 9 optional software updates and 2 optional hardware updates. I know you told me to disregard them, but I figured I'd mention them.

Also, I should mention that prior to your response, I did a boot time scan with Avast. It found two viruses and quarantined them.

I'm also experiencing extremely choppy video and audio playback on online videos.

Edited by AugustAPC, 05 July 2012 - 04:26 PM.


#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 04:26 PM

Always, disregard any optional updates. Tell me which KB items it is re-offering, along with description if possible. Then hold on till I reply later.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 04:32 PM

Posted Image

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 04:35 PM

Close the Windows Update screen(s).

Let's have you to an online antivirus check.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:
{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}
  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology

    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/onlinescan/cac4.php?page=faq
  • Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 06:23 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=573393b76a0c3d439971dffe15b5630c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-28 10:41:32
# local_time=2012-02-28 05:41:32 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72978
# found=1
# cleaned=0
# scan_time=3744
C:\_OTL\MovedFiles\02232012_220417\C_Program Files\LP\DF44\A9.tmp a variant of Win32/Kryptik.ABHI trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=573393b76a0c3d439971dffe15b5630c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-30 06:48:11
# local_time=2012-06-30 02:48:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 9738057 9738057 0 0
# scanned=71840
# found=0
# cleaned=0
# scan_time=4298
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=573393b76a0c3d439971dffe15b5630c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 09:40:34
# local_time=2012-07-05 05:40:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 10184684 10184684 0 0
# scanned=351
# found=0
# cleaned=0
# scan_time=15
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=573393b76a0c3d439971dffe15b5630c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-05 11:22:07
# local_time=2012-07-05 07:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 10184742 10184742 0 0
# scanned=77033
# found=1
# cleaned=1
# scan_time=6050
C:\Documents and Settings\Austin Gustafson\Local Settings\temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 08:23 PM

ESET snagged one undesired toolbar. And that was all.
Let's follow up with the following, which will re-flush the Windows Update download folder, and refresh the windows update controls.

Close and exit any open work documents or program windows you opened.

1a. Open Internet Explorer (only!) to http://support.microsoft.com/kb/910336 [ignore the title & Symptoms].

1b. Dismiss/close the "automated troubleshooter" pop-up! - then...

1c. Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT and then AGGRESSIVE modes. [1]

2. Reboot & then run a manual check for updates at Windows Update, etc., etc...
When you reach Windows Update, do a Custom scan for updates. Take (accept) the ones marked Critical or Important.
Decline any that are marked as "optional".

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that. Allow it to restart.


IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description (if you see it).

Please have good patience, this is not very complicated. Ask me if you have questions.
~~~~~~~~~~~~~~~
[1] Running the Fixit in aggressive mode will result in your history of installed MS updates to be "empty" when viewed online at Windows Updates.
What is actually installed on your system will not be affected.

When all done, let me know the results from this.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 09:08 PM

Well, all the updates were downloaded and installed without having to restart. There were no failures. I guess I'll go ahead and restarted anyway and see if I get any notifications.

#12 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 09:19 PM

As of now, the Updates are gone... so that's good! Hopefully they don't pop up again. Still having audio/video playback issues with youtube and other services.

#13 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 05 July 2012 - 10:38 PM

As of now, the Updates are gone... so that's good! Hopefully they don't pop up again. Still having audio/video playback issues with youtube and other services.

The latter issue may be due to an out of date Flash player utility, or, long shot, you need to delete temporary internet files.

Download TFC by OldTimer and SAVE it to your desktop
  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
NEXT:
To de-install
Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,
Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<


Close all browsers and instant messenger (IM) programs.
Run the uninstaller.


To get latest Flash Player
Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!


Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218

NEXT:
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Copy and paste the Checkup.txt for review.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#14 AugustAPC

AugustAPC
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 05 July 2012 - 11:09 PM

The Windows Update came back when I restarted after using TFC. Same updates too.

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Internet Security
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

Edited by Maurice Naggar, 06 July 2012 - 08:09 AM.


#15 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:44 AM

Posted 06 July 2012 - 08:07 AM

Ok. We'll have to address the repeating updates in a next round.
For now, the security state of your Windows XP is "in question", by which I mean, it appears to have 2 antivirus apps active and no firewall.
A) Remove (de-install) Avast or MS Security Essentials. Having 2 active antivirus monitors will lead to conflicts and deadlocks.
My personal inclination would be to de-install Avast.

B} You do not appear to have a firewall on !?!? Turn on Windows firewall.
Go to Control Panel >>> Security Center
Turn on the firewall.

and report back what it shows (now) for firewall status, and antivirus status, and Automatic Updates.
As to Automatic Updates, change your setting to Notify only but not download automatically.

NEXT:
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Copy and Paste the contents of Log.txt + Info.txt for review

NEXT:
Run a new SecurityCheck. Copy and Paste Checkup.txt for review
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users