Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't update might be cause virus or malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 mrt29

mrt29

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 22 July 2017 - 02:09 PM

Hello All

 

Once again came for the help.I have a  friend laptop was working so slow and firewall, windows update etc.won't start. I was run adwcleaner, malwarebytes and much more find it some browser hijack, malware, spyware delete with cleaning tools and still not sure cleared everything? But now working little bit faster.Than I was use tweaking windows repair to fix issues now mostly service upping running but windows update still keep hanging. Can you give me direction for what do I can make fix this error please?

 

Windows 7 64 bit

 

Toshiba Laptop

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 AM

Posted 23 July 2017 - 07:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You should update Windows defender when all is well.
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
GroupPolicy: Restriction <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-581699734-879885965-2682733920-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File

cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 23 July 2017 - 09:25 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Black People (23-07-2017 09:52:54) Run:1
Running from C:\Users\Black People\Downloads
Loaded Profiles: Black People (Available Profiles: Black People & Mcx1-LAPTOPPC & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
GroupPolicy: Restriction <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-581699734-879885965-2682733920-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
 
cmd: netsh winsock reset catalog
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
HKU\S-1-5-21-581699734-879885965-2682733920-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\NetDvr_Plugins => key removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-16] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Black People\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
 
========= netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23962337 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 31082 B
Edge => 0 B
Chrome => 290037978 B
Firefox => 229376 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100816 B
systemprofile32 => 66088 B
LocalService => 132244 B
NetworkService => 82844 B
L. Stroud => 6302874 B
Black People => 38985218 B
Mcx1-LAPTOPPC => 1031893 B
Guest => 65906 B
 
RecycleBin => 0 B
EmptyTemp: => 344.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:55:08 ====
 
 
I try the windows update and windows defender still waiting nothing happen.(Running 25 min.)


#4 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 23 July 2017 - 11:48 AM

Windows Defender: The program can't check for definition updates. Error found 0x80004004.

 

Windows Update was still running I close the window.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 AM

Posted 23 July 2017 - 01:35 PM


You will get better protection with Microsoft's Security Essentials on the Windows 7 machine.

Download and install.
https://www.microsoft.com/en-ca/download/details.aspx?id=5201

Keep me posted.

#6 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 23 July 2017 - 01:56 PM

Installed, updated and running... Windows update running background still won't update.



#7 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 23 July 2017 - 02:23 PM

MSE scan completed. When I try the checking update still waiting. Windows update still same.(Checking for updates)



#8 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 26 July 2017 - 10:25 AM

Hello again I was busy couple days. Today I checked again MSE won't update. Remove the computer install the avast antivirus. Still no luck about windows update everything else works normal. Can't figured out why windows update not working.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 AM

Posted 26 July 2017 - 12:41 PM

Hi,

Try this. Follow the instructions on each step.

Locate the CMD.EXE and run it as an Administrator.

At the DOS prompt execute these commands in bold.

:step1: net stop wuauserv

:step2: Renames the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old , essentially clearing the Windows Update download cache so that it can start over.

:step3: Restart the Windows Update service net start wuauserv

Restart the computer normally.

How is it now?

Edited by nasdaq, 26 July 2017 - 12:43 PM.


#10 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 27 July 2017 - 12:35 AM

I follow the instructions and running at least 7 or 8 hours still same keep saying checking for updates.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 AM

Posted 27 July 2017 - 08:13 AM


Hi,

I'm out of suggestions on this update issue.

I suggest you start a new topic in the Windows 7 forum.

https://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert with that operating system should be able to help you.

This is not caused by malware and not my forte.

I will keep this topic open for 6 days. If you need to return please do.

#12 mrt29

mrt29
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 27 July 2017 - 01:33 PM

I really appreciated try the help solve the problem. Thanks much Nasdaq. I will start the new topic in Windows 7 forum. If any more issues  I will let you know.

 

https://www.bleepingcomputer.com/forums/t/652692/windows-wont-update/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users