Please download Malwarebytes'
Anti-Malware from
Here or
Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
OK ... Updated Malwarebytes and ran it again. I`ve done this several times over the last few days. It seems to remove but next run they`re back.
Also ... Avira Antivir Personal found the following
C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\a LIBRARY\HOUSE PURCHASE\15 Creative Modern Stairs & Staircase Designs WebUrbanist_files\ views.ticker.fade.js [DETECTION] Contains suspicious code HEUR/HTML.Malware [NOTE] The detection was classified as suspicious. [WARNING] The file was ignored! C:\Programme\Silkroad\ Remove.Exe [DETECTION] Is the TR/Gendal.228739 Trojan
[WARNING] The file was ignored!
One is a file from an manufacturer and the other in a directory of the Silkroad games my kids once used. It has a remove.exe file but does not appear in the programs list so I can`t remove it that way. i want to be sure it`s not something nasty before i click on the file to remove it. .
C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\a LIBRARY\HOUSE PURCHASE\15 Creative Modern Stairs & Staircase Designs WebUrbanist_files\ views.ticker.fade.js [DETECTION] Contains suspicious code HEUR/HTML.Malware
Is warning you that the news ticker has some suspicious code in it, maybe you should delete it. If it is set as a favorite in Internet Explorer, then remove it.
The second one;
QUOTE
C:\Programme\Silkroad\ Remove.Exe [DETECTION] Is the TR/Gendal.228739 Trojan
Is a genreal warning, usually indicating a free game with unwanted advertising attached to it. The game itself is legit, so the choice is yours. If the game is no longer used, then remove it as well.
The 2 warnings from MBAM are telling you that Windows updates are not working. Normally this is one of the first things malware does, disable updates. Since you have your updates set to 'Manual' these entries will remain.
I see nothing else here that would prevent you from installing SP3.
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 06:04:17, on 30.07.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
This pretty much reknews my fears that there may stil be malware hiding in there.
If I were to attempt this registry manipulation I`d want to be very careful as I think I`ve only done it once and would appreciate someone knowledgeable leading me through it.
But I want to be clear ... other than not being able to do WU ... my system seems stable, and behaving rather well.
and then there is this... from another tech forum ... the whole thread deals with this "misspelling" hijack of windows updates but this post seems to pull it all together.
Save it to your Desktop Rt Click ->> Extract all ->> And extract it to your Desktop Additional help on extracting zip files can be found HERE Open the File Lister Folder. Note: Leave the FileLister.vbe file in the folder and run it from there.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm. When the program is fnished it will produce a log for you Files.txt Which will be located in the default location from which FileLister was run(the FileLister folder)
Copy and paste the contents of that log in your reply.
bamajim
10.4K Posts
0
July 28th, 2010 08:00
Nothing showing there.
Let's do this
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
expat54
8 Posts
0
July 28th, 2010 15:00
bamajim
OK ... Updated Malwarebytes and ran it again. I`ve done this several times over the last few days. It seems to remove but next run they`re back.
Also ... Avira Antivir Personal found the following
C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\a LIBRARY\HOUSE PURCHASE\15 Creative Modern Stairs & Staircase Designs WebUrbanist_files\
views.ticker.fade.js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Programme\Silkroad\
Remove.Exe
[DETECTION] Is the TR/Gendal.228739 Trojan
[WARNING] The file was ignored!
One is a file from an manufacturer and the other in a directory of the Silkroad games my kids once used. It has a remove.exe file but does not appear in the programs list so I can`t remove it that way. i want to be sure it`s not something nasty before i click on the file to remove it. .
So what`s next?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4363
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.07.2010 22:39:19
mbam-log-2010-07-28 (22-39-19).txt
Scan type: Quick scan
Objects scanned: 156280
Time elapsed: 11 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
bamajim
10.4K Posts
0
July 29th, 2010 07:00
views.ticker.fade.js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
Is warning you that the news ticker has some suspicious code in it, maybe you should delete it. If it is set as a favorite in Internet Explorer, then remove it.
The second one;
Remove.Exe
[DETECTION] Is the TR/Gendal.228739 Trojan
Is a genreal warning, usually indicating a free game with unwanted advertising attached to it. The game itself is legit, so the choice is yours. If the game is no longer used, then remove it as well.
The 2 warnings from MBAM are telling you that Windows updates are not working. Normally this is one of the first things malware does, disable updates. Since you have your updates set to 'Manual' these entries will remain.
I see nothing else here that would prevent you from installing SP3.
expat54
8 Posts
0
July 29th, 2010 13:00
bamajim
Ok ... Thanks for that explanation, I had a feeling they were not real nasty. I deleted those files.
But I am still having trouble with getting windows updates to work. I`d really like to get sp3 and other security updates.
I`m not sure this is a malware problem anymore so maybe you will send me elsewhere. Hopefully you can help.
When I try running updates I get this error code.
0x8024D007
I looked this up and then proceed with the suggestions here.
http://support.microsoft.com/kb/956701
registering the windows update files using register.bat seemed to run ok. But still not able to get to the windows update site.
so I tried the second suggestion to install windows update agent. as described here
http://support.microsoft.com/kb/949104/
the first link there did not work at all so I downloaded the executable for an ex-86 based computer and ran it.
When I ran it I got an error box saying the Windows Update Installer installation had failed with the same error code as mentioned above.
I also just wanted to ask if the altered spellings in the registry may be a clue. The Malware bytes report shows
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
why is it fysystemROOT ????
bamajim
10.4K Posts
0
July 29th, 2010 15:00
Let's see a fresh Hijacktjhis log please.
expat54
8 Posts
0
July 29th, 2010 22:00
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:04:17, on 30.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource5\CTDetctu.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15095&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Programme\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WAB] C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia\Common\b966a02419.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280417772975
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6c269571-c6d7-4818-bca4-32a035e8c884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {f6acf75c-c32c-447b-9bef-46b766368d29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1ca0ab26357a468) (gupdate1ca0ab26357a468) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - http://banners.wunderground.com/weathersticker/htmlSticker2_cond/language/www/global/stations/07486.gif
--
End of file - 11966 bytes
bamajim
10.4K Posts
0
July 30th, 2010 07:00
At first glance is seems some of the services required to get updates are not working.
Click Start->> Control Panel->> In the left pane Select Classic View
In the right pane Select Administrative tools ->> Component Services
Another window will open
Double Click Services(In the Right pane)
Find the following services:
Background Intelligent Transfer Service (BITS)
Automatic Updates
Windows Installer
Check to see if they are all Started. If now, then start them. Highlight the service and select Start.
Reply with the reults
expat54
8 Posts
0
July 30th, 2010 10:00
bamajim
I vaguely remember doing this following some MS site directions a while back without success.
I`m translating from the German here so some of this might not be literally what it says ...
None of the three services was started.
Automatice Updates was set on automatic.
When I started it I got a failure box saying "the service automatic updates on local computer can not be started"
Failure 2: The system cannot find the file.
The Pfad (path) for the exe file again had that misspelling with the "f" instead of the "s".
Pfad zurEXE-Datei: %fystemroot%\system32\svchost.exe -k netsvcsIntelligenter
Background Intellegent Transfer Service (BITS) was also set on automatic.
Same thing when I started it ... could not find the file and the misspelling in the path. .
%fystemRoot%\system32\svchost.exe -k netsvcs
Windows Installer was set on manual and when I started it ... IT STARTED !!!
I wonder if you want me to change it to automatic?
I`m kind of wondering if your gonna tell me I have to edit the registry ... which is not something I feel real comfortable with.
So what`s next?
bamajim
10.4K Posts
0
July 30th, 2010 15:00
Do you have a copy of the XP OS (operating system disk)?
expat54
8 Posts
0
July 30th, 2010 15:00
No ...
this version of the Dimension 3100 has the partitioned restore function with no OS on CD.
This always made me nervous in the event of a harddisk failure
I have read that getting a disk from Dell is not necessarily easy.
Any other options?
expat54
8 Posts
0
July 31st, 2010 05:00
bamajim
I thought I`d add a few things to my last response.
This is why I referred to possibly editing the registry in a previous post..
I suspect you are already familiar with this stuff but I just wanted to mention it anyway.
take a peak here.
http://forums.malwarebytes.org/index.php?showtopic=11558
This pretty much reknews my fears that there may stil be malware hiding in there.
If I were to attempt this registry manipulation I`d want to be very careful as I think I`ve only done it once and would appreciate someone knowledgeable leading me through it.
But I want to be clear ... other than not being able to do WU ... my system seems stable, and behaving rather well.
and then there is this... from another tech forum ... the whole thread deals with this "misspelling" hijack of windows updates but this post seems to pull it all together.
http://forums.techarena.in/windows-xp-support/1129836.htm#post4623332
I wonder what you think of this approach to the problem?
thanx
bamajim
10.4K Posts
0
August 2nd, 2010 14:00
If we need to do some registry fixes, I'll make them so you don't have to do them manually.
The link you sighted: those fixes should already be included in the version of MBAM you have.
I want to take another look at a couple of things
1. Go HERE and download FileLister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
When the program is fnished it will produce a log for you Files.txt
Which will be located in the default location from which FileLister was run(the FileLister folder)
Copy and paste the contents of that log in your reply.
expat54
8 Posts
0
August 4th, 2010 15:00
Bamajim
A friend helped me get windowsupdates fixed. The key was WUS_Fix.exe. which restored the default registry settings.
Thanks for your assistance.