Hello, I am unable to update windows and whenever I use Google Chrome some webpages dont load or load incorrectly. Thank you in advance for any help you can give me. Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 05:10:46, on 17/07/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe' O4 - HKLM\..\Run: [Microsoft Default Manager] 'C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe' -resume O4 - HKLM\..\Run: [PDVDDXSrv] 'C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe' O4 - HKLM\..\Run: [ZoneAlarm Client] 'C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe' O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe' O4 - HKLM\..\Run: [Adobe ARM] 'C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe' O4 - HKLM\..\Run: [BCSSync] 'C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe' /DelayServices O4 - HKCU\..\Run: [Steam] 'C:\Program Files (x86)\Steam\steam.exe' -silent O4 - HKCU\..\Run: [Google Update] 'C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe' /c O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 9427 bytes

OK, lets do some general clean up of your system: Please download OTM by OldTimer. Alternative Mirror 1 Alternative Mirror 2 Save it to your desktop. Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):-------------------------------------------------------------------:Filesipconfig /flushdns /c:Commands[EmptyFlash][EmptyTemp][ResetHosts][CreateRestorePoint][Reboot]--------------------------------------------------------------------- Return to OTMoveIt3, right click in the 'Paste Instructions for Items to be Moved' window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Let me see the log from OTM, also give update... Kevin

‎Error code 80073EFE, unable to Update windows and browser problems.

Responses(39)
Solutions(0)

RTitans

20 Posts

0

July 20th, 2011 16:00

It recommended, and I update, adobe flash player.

Ross.

kevinf80_1d0ac6

1.1K Posts

0

July 20th, 2011 17:00

Are your pages loading any better

RTitans

20 Posts

0

July 20th, 2011 21:00

No, it has stayed the same.

Ross

kevinf80_1d0ac6

1.1K Posts

0

July 21st, 2011 03:00

OK, lets do some general clean up of your system:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator

Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
-------------------------------------------------------------------

:Files
ipconfig /flushdns /c
:Commands
[EmptyFlash]
[EmptyTemp]
[ResetHosts]
[CreateRestorePoint]
[Reboot]

---------------------------------------------------------------------
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see the log from OTM, also give update...

Kevin

RTitans

20 Posts

0

July 21st, 2011 04:00

I am unable to run the program, whenever I open it it says 'OM.exe has stopped working' followed by a box saying

'The application failed to initialize properly (0xc0000005).

Thanks for continuing to help me by the way,

Ross.

kevinf80_1d0ac6

1.1K Posts

0

July 21st, 2011 05:00

Turn off all security and try again, you can disconnect from the internet whilst security is off

RTitans

20 Posts

0

July 21st, 2011 07:00

I still get the same error.

Ross.

kevinf80_1d0ac6

1.1K Posts

0

July 21st, 2011 15:00

Run it from Safe Mode.....

RTitans

20 Posts

0

July 22nd, 2011 07:00

still didn't work...

kevinf80_1d0ac6

1.1K Posts

0

July 22nd, 2011 09:00

Hiya Ross,

I`m not 100% sure but am suspicious that your system may still be infected, I know the logs indicate otherwise but symptoms still give me some concern. I want to run a scan from outside of windows and see if it picks anything up.
Avira rescue system is the best tool for the job. One stipulation that must be followed. The CD must be created on a known clean PC, from the same PC print off the instruction, they really are very easy to follow. All you need is a blank writable CD, everything else is included in the tutorial. Obviously the PC must have a burner.
All instructions are available here Avira Rescue System Read through the instructions a couple of times to familiarize yourself with them, create the CD and print off the instruction. It will be to your advantage to have the instructions available during the process.
When complete post back to this thread in the forum..

Kevin

RTitans

20 Posts

0

July 23rd, 2011 11:00

I am going to be able to do it, but it is going take a day or so. I have to get to a clean computer.

Thanks,

Ross.

kevinf80_1d0ac6

1.1K Posts

0

July 23rd, 2011 16:00

Thats OK Ross,just post back when you`re ready.....

Kevin

RTitans

20 Posts

0

July 26th, 2011 09:00

Just finished scan, no detections were found, but there were 13 alerts saying either 'Error reading file' or 'Bad Archive Header'

do you need me to post the list of these files?

Thanks,

Ross.

kevinf80_1d0ac6

1.1K Posts

0

July 26th, 2011 14:00

Hiya Ross,

I would like you to remove the Zonealarm Firewall and see if OTM will run, you can use the Removal Utility available Here save the Utility to your Desktop, right click and select "Run as Administartor" ensure you enable Windows Firewall.

Try OTM again, let me see the log if successful. Also let me see the log you mention from Avira..

Kevin

RTitans

20 Posts

0

July 26th, 2011 16:00

Got OM to work, Just tried a few pages and already seems a lot better, no problems at all so far!

Here is the OM log:

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Ross\Desktop\cmd.bat deleted successfully.

C:\Users\Ross\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Ross

->Temp folder emptied: 158832308 bytes

->Temporary Internet Files folder emptied: 134434224 bytes

->Java cache emptied: 119746 bytes

->Google Chrome cache emptied: 354361656 bytes

->Flash cache emptied: 8723 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 149379 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 522752 bytes

Total Files Cleaned = 618.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.18.0 log created on 07262011_232601

Files moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

1
2
3

View All

No Events found!

Virus & Spyware

Was this post helpful?