Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OS Errors and Update Failures


  • Please log in to reply
51 replies to this topic

#1 kevb8ll

kevb8ll

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 03 October 2014 - 09:17 AM

A friend's acer laptop is having serious issues.

 

1. IE won't load, just crashes every time you try. (More of this shortly).

 

2. Windows updates are not being installed. Sometimes the updater will identify the updates needed, however when you try to install them, they all fail. Then when you run the updater again, it crashes after telling you that it can't find any updates.

 

What I have tried so far:

 

1. Ran malwarebytes. Removed several nasty items, including wajam and snapdo. The updater appeared to work at this point, (although IE didn't). It identified 8 updates but again failed to install them.

 

2. I downloaded the MS fixit program for update failure, however it wouldn't run, it just crashes and gives the same error as IE.

 

3. I then tried to run updater in safe mode with networking, but it won't run.

 

The Win version is 7 home premium service pack 1.

 

Could someone be kind enough to help me with this?

 

Kev


Edited by hamluis, 03 October 2014 - 11:59 AM.
Moved from Win 7 to Am I Infected - Hamluis.

I don't do silly signature things - not since my Karma ran over my Dogma!

BC AdBot (Login to Remove)

 


m

#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 03 October 2014 - 09:33 AM

did you malwarebytes in safe mode? if you did not try running it that way and see what you come up with. id also run a full scan on it.



#3 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 03 October 2014 - 09:36 AM

I didn't run in safe mode actually, will do that now.


I don't do silly signature things - not since my Karma ran over my Dogma!

#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:58 AM

Posted 03 October 2014 - 09:50 AM

What version of Malwarebytes did you run.

 

Please post the Malwarebytes log.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 07:27 AM

 
Registry Keys: 2
PUP.Optional.MindSpark.A, HKU\S-1-5-21-384091979-3377806535-2182098746-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyScrapNook_12, Quarantined, [113f3bd5ef8d50e6c7070f18c53e1fe1], 
PUP.Optional.Linkury.A, HKU\S-1-5-21-384091979-3377806535-2182098746-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [db7509076f0d0b2baf07f71d6d965ea2], 
 
Registry Values: 6
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [54fc4ac6c4b8b77f3659001e2ad923dd]
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [3e12df315b21ba7cbad8100163a046ba]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [351b53bd92ea6ccac2cd39e5b74c35cb]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [351bca46e19b8caa7022a071ab5847b9]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-384091979-3377806535-2182098746-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [5bf5b0601e5e0234f99744da32d12ad6]
PUP.Optional.Linkury.A, HKU\S-1-5-21-384091979-3377806535-2182098746-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, YahooOC, Quarantined, [db7509076f0d0b2baf07f71d6d965ea2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
PUP.Optional.GameAd.A, C:\Users\ACER\AppData\Local\Temp\loygame-pro.exe, Quarantined, [a6aa70a0b4c8b680d269a54d38cc01ff], 
PUP.Optional.GameAd.A, C:\Users\ACER\AppData\Local\Temp\updatepackasc.exe, Quarantined, [1d33b957dd9f0a2c6ccf1ed40ef636ca], 
PUP.Optional.MySearchDial.A, C:\Windows\System32\Tasks\MySearchDial, Quarantined, [3719f51bc4b806306d6ab46bac5717e9], 
PUP.Optional.MySearchDial.A, C:\Windows\Tasks\MySearchDial.job, Quarantined, [60f0c947f587f6407e12df425fa4649c], 
PUP.Optional.Wajam.A, C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, Quarantined, [7ed2bc544b31fc3a0273d755a45ff907], 
PUP.Optional.Wajam.A, C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, Quarantined, [b49ca36d6517c47251245fcdc1425aa6], 
 
Physical Sectors: 0
(No malicious items detected)

I don't do silly signature things - not since my Karma ran over my Dogma!

#6 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 07:29 AM

To add, there is an issue with windows registration too.

 

I registered previously without any problem, now getting the error to say not genuine windows. I have gone to properties and updated the product key to the correct key. It says it is genuine, however doesn't update so therefore thinks that the OS is not genuine.


I don't do silly signature things - not since my Karma ran over my Dogma!

#7 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 07:39 AM

Just realised this has been moved. Sorry if I put it in the wrong place, but the issue appeared to be a windows error.


I don't do silly signature things - not since my Karma ran over my Dogma!

#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:58 AM

Posted 04 October 2014 - 08:48 AM

Please do the following.

Please download AdwCleaner and install it.

 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
________________________________________________________________

 

Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
 
tds2.jpg
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
 
2012081514h0118.png
 
3.  Click Start Scan and allow the scan process to run.
 
 
tds4-1.jpg
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
Click Continue.
 
 
tds6.jpg
 
5.  Click Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

________________________________________________________________
 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:58 AM

Posted 04 October 2014 - 08:50 AM

Just realised this has been moved. Sorry if I put it in the wrong place, but the issue appeared to be a windows error.

Your topic initially had been posted in the proper forum.  But once you posted the MBAM log it needed to be moved to the Am I Infected forum.  Scans of this nature are not allowed in the Windows forums.  So you didn't do anything wrong. :thumbup2:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 10:28 AM

ADW Log:

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 16:24:49
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ACER - ACER-PC
# Running from : C:\Users\ACER\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\ACER\AppData\Local\GamingWonderland
Folder Deleted : C:\Users\ACER\AppData\Local\PackageAware
Folder Deleted : C:\Users\ACER\AppData\LocalLow\MyScrapNook_12
Folder Deleted : C:\Users\ACER\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\ACER\AppData\Roaming\OpenCandy
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : DigitalSite
Task Deleted : MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v28.0 (en-GB)
 
[ File : C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\7b5ohrjv.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2506 octets] - [04/10/2014 16:21:59]
AdwCleaner[S0].txt - [2479 octets] - [04/10/2014 16:24:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2539 octets] ##########

I don't do silly signature things - not since my Karma ran over my Dogma!

#11 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 10:44 AM

I can't paste the log from TDSS on my friend's laptop - chrome just freezes when I paste. However it didn't find anything.

 

I am running ESET at the moment.


I don't do silly signature things - not since my Karma ran over my Dogma!

#12 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 12:15 PM

Ok The ESET scanner has stopped on 89%. Been like that for 40 mins now. Shall I stop it and process what it has found?


I don't do silly signature things - not since my Karma ran over my Dogma!

#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:58 AM

Posted 04 October 2014 - 12:33 PM

This is a long scan, I would give it at least another thirty minutes.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 04 October 2014 - 01:04 PM

45 mins later, still on the same place.


I don't do silly signature things - not since my Karma ran over my Dogma!

#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:58 AM

Posted 04 October 2014 - 01:14 PM

I have seen this scan take two or three hours, I'm not worried about this taking so much time.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users