Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows update not working ping microsoft no reply..Help please


  • This topic is locked This topic is locked
42 replies to this topic

#1 nimble11

nimble11

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 01:40 AM

Hi there

 

I have the same problem on two machines. in the last 10 days windows update stopped working.

Windows update specialist forum had a thorough look and advised me to try hijack this.

 

Basically pinging microsoft shows no reply so updates for both windows and defender no longer working

 

I have run spybot, adaware, awdcleaner, malware bytes, hitman pro but problem still exists.

 

Please can someone look at my logfiles....anyhelp much appreciated

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:00 p.m., on 12/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\bran\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\bran\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\bran\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS5.5\dynamiclinkmanager.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\32\Adobe QT32 Server.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\bran\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2774313206-2879964054-3653509382-1183\..\Run: [AdobeBridge]  (User 'Mike')
O4 - HKUS\S-1-5-21-2774313206-2879964054-3653509382-1198\..\Run: [Google Update] "C:\Users\Tom.SPYGLASS\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'tom')
O4 - HKUS\S-1-5-21-2774313206-2879964054-3653509382-1255\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'xsys')
O4 - HKUS\S-1-5-21-2774313206-2879964054-3653509382-500\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'sysadmin')
O4 - HKUS\S-1-5-21-2774313206-2879964054-3653509382-500\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'sysadmin')
O4 - HKUS\S-1-5-21-451467225-3742024843-3151924067-1000\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (User 'sysadmin')
O4 - HKUS\S-1-5-21-451467225-3742024843-3151924067-1002\..\Run: [AdobeBridge]  (User 'Mike')
O4 - HKUS\S-1-5-21-451467225-3742024843-3151924067-1003\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-451467225-3742024843-3151924067-1004\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Spy Glass')
O4 - Startup: Dropbox.lnk = bran\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://vendorvpn.toyota.co.nz/public/download/f5opswati.cab#Version=3,6,6034,2
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vendorvpn.toyota.co.nz/public/download/urxvpn.cab#version=7071,2012,1217,851
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - https://vendorvpn.toyota.co.nz/public/download/f5opswati.cab#Version=3,6,6034,2
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://vendorvpn.toyota.co.nz/public/download/f5tunsrv.cab#version=7071,2012,1217,851
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vendorvpn.toyota.co.nz/public/download/InstallerControl.cab#7071,2012,1217,851
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - https://vendorvpn.toyota.co.nz/public/download/f5opswati.cab#Version=3,6,6034,2
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://vendorvpn.toyota.co.nz/public/download/f5InspectionHost.cab#version=7071,2012,1217,851
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vendorvpn.toyota.co.nz/public/download/urxshost.cab#version=7071,2012,1217,851
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vendorvpn.toyota.co.nz/public/download/urxhost.cab#version=7071,2012,1217,851
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - https://vendorvpn.toyota.co.nz/public/download/f5opswati.cab#Version=3,6,6034,2
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpyGlass.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{DACD3499-282C-4B73-B95F-6D60CD6ABCE2}: Domain = toyota.co.nz
O17 - HKLM\System\CCS\Services\Tcpip\..\{DACD3499-282C-4B73-B95F-6D60CD6ABCE2}: NameServer = 10.200.147.184 10.200.147.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpyGlass.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SpyGlass.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\PSEXESVC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18710 bytes
 

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 02:52 PM

Please run the following:

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.
Direct link to the file: http://downloads.malwarebytes.org/file/mbar
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Doubleclick on the MBAR file you downloaded.
  • Approve the UAC prompt in Vista and newer operating systems.
  • Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
  • By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
  • mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
  • After reading the Introduction, click 'Next' if you agree.
  • On the Update Database screen, click on the 'Update' button.
  • Once you see 'Success: Database was successfully updated' click on 'Next'.
  • Click the 'Scan' button.
    • With some infections, you may see two messages boxes.
    • 1.'Could not load protection driver'. Click 'OK'.
    • 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.
    Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

    mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
    system-log.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 03:31 PM

Cheers log attached

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 03:34 PM

Hello,

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

NEXT

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 04:03 PM

cheers logs attached

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 06:43 PM

Hello

Please open up the MBAR folder and locate the "FixDamage.exe" tool in the mbar\plugins folder.

Please run this tool, then check to see if Windows update will now work

Edited by CatByte, 25 August 2013 - 06:11 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 06:53 PM

Ran the tool, rebooted

 

still get message windows update cannot currently check for updates, because the service is not running. You may need to restart your computer.

 

cheers


Edited by nimble11, 12 August 2013 - 06:54 PM.


#8 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 06:56 PM

Also btw when i try to update bit defender get message "error found 0xc80003f3. The configuration registery key couldn't be opened



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 07:29 PM

hello

when you go into services.msc and scroll to the Windows Update Service, is it set to automatic? Is the service started?


(Start> type services.msc into the start box > click on "services" when it populates in the window above)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 07:54 PM

Hey thanks again for your help

 

windows update: started : Automatic (delayed start) :local user



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 08:14 PM

Please shut down the computer completely,

Reboot, then see if windows update service remains started.

See if WU will work, then see if BitDefender will update as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 08:31 PM

Cheers and sorry still no luck both WU and windows defender giving the same error messages.

 

Thanks



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:11 PM

Posted 12 August 2013 - 08:46 PM

Please run the troubleshooter found here

http://support.microsoft.com/kb/971058

as for BitDefender,

It may have been corrupted, try uninstalling is completely then re-install it

Use the removal tool found here

http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 08:58 PM

Thankss

No change this was the result from that tool

 

 

Windows Update Publisher details

Issues found
Problems installing recent updatesProblems installing recent updates Not fixed  
Repair Windows Update Completed
 
Check for missing or corrupt filesCheck for missing or corrupt files Detected  
Repair missing or corrupt files Completed
 
Some security settings are missing or have been changedSome security settings are missing or have been changed Fixed  
Reset security settings Completed
 
Service registration is missing or corruptService registration is missing or corrupt Fixed  
Reset service registration Completed
 
Potential issues that were checked
Windows Update environment variables are incorrectWindows Update environment variables are incorrect Issue not present  
Windows Update error NoneWindows Update error None Issue not present  
Windows Update services are not runningWindows Update services are not running Issue not present  
Cryptographic service components are not registeredCryptographic service components are not registered Issue not present  

Issues found Detection details

6 Problems installing recent updates Not fixed  
 
Repair Windows Update Completed
 
Repair Windows Update services and dependencies
 
6 Check for missing or corrupt files Detected  
 
Repair missing or corrupt files Completed
 
SFC Output
Output: Windows Resource Protection could not start the repair service.
 
 
 
6 Some security settings are missing or have been changed Fixed  
 
Reset security settings Completed
 
 
6 Service registration is missing or corrupt Fixed  
 
Reset service registration Completed
 
 

Potential issues that were checked Detection details

 Windows Update environment variables are incorrect Issue not present  
 
 
 Windows Update error None Issue not present  
 
 
 Windows Update services are not running Issue not present  
 
 
 Cryptographic service components are not registered Issue not present  
 
 

Detection details  

Collected File
0.46KB
File Name:  CheckSURLog.cab
 
Collection information
Computer Name:  SPY-WS17
Windows Version: 6.1
Architecture: amd64
Time: Tuesday, August 13, 2013 1:47:29 PM

Publisher details  

Background Intelligent Transfer Service
Find and fix problems that may prevent background downloads from working
Package Version: 1.1.2.20130414
Publisher: Microsoft Corporation
Windows Update
Find and fix problems with Windows Update
Package Version: 8.1.2.20130414
Publisher: Microsoft Corporation
Windows Update
Find and fix problems with Windows Update
Package Version: 8.1.2.20130414
Publisher: Microsoft Corporation
 



#15 nimble11

nimble11
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 August 2013 - 09:00 PM

Just scanning some of my external drives i found a file that may have been the culpirit.

 

I have a seperate linux machine running bitdefender off a cd to scan my drives etc it it shows a file on one of my external drives infected with backoor.generic 647659






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users