Jump to content

Recommended Posts

Hello - THis issue started as a Webhp maleware infection. I worked with that group until they could no longer assist and then they told me to post here.

Here is that original thread: http://forums.malwarebytes.org/index.php?&showtopic=118340&st=20

Windows will not run any updates. I go to the update page and when I search for updates I get an error (picture attached)

I alos cannot update Adobe, Java, and most likely some other software.

ANy help is greatly appreciated.

post-120449-0-89000100-1362081140.jpg

Link to post
Share on other sites

Sorry - I forgot to mention that i have already run this. It seems to find that there is an issue with WIndows Update and says that it has fixed the problem but the issue still exists. Have also tried updating in safe mode with networking, that does not work either.

Link to post
Share on other sites

To be clear I did just run the WIndows fix utility again - same results, the issue still exists.

Hello Magikvw,

If the windows update failure-issue has not been resolved already, do let us know and do the following.

Also let us know 'if' you had used any sort of registry tweaker/ registry cleaner such as System Mechanic or Advanced system care (spit) ...or anything else, by whatever name. If yes, the name of the program and when used.

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, (or Win-key +R) and in the search-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG.exe

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for Background Intelligent Transfer Service. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Base Filtering Engine. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Cryptographic Services. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

Edited by Maurice Naggar
Link to post
Share on other sites

Hello and thank you - Sorry my my late reply I have been out ill for a few days. I am still having the following issues.

Cannot Update Windows

Cannot Update Adobe Acrobat X Standard

Cannot reinstall Google tool bar

Here are the items that we ran on this machine trying to rid it of the webhp issue:

Malwarebytes

Symantec Endpoint

Combofix

TFC

TDSKiller

ESET Online Scanner

AdwCleaner

Security Check

Malwarebytes Anti-Rootkit

I don't know if any of these are the type of program you were asking about.

I followed your instructions above to check the services. Each of the services you listed above were on the list and were checked. There were A LOT of other services on the list as wel - did you want a complete list or were you just interested in differences in the ones you had listed?

To be clear - my services list matched those that you listed in your previous post.

Thank you - Jeff

Link to post
Share on other sites

First, you'll notice I'm going to focus on Windows Update and leave off the other 2 (at least for now).

Windows Update is the more important to address, as is IE browser.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

As to IE, you really need to describe more than simplay "crashing". e.g. What if any "exception message shows"....How / when / where it fails .... a basic description of what site is involved....any multi-media on the site.

In any event, do the following for IE

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page

http://support.microsoft.com/mats/ie_performance_and_safety

If your Internet Explorer is still having issues, then see the reply by Yog Li marked as answer at the following MS Technet page

http://social.technet.microsoft.com/Forums/en-US/itprovistaie/thread/d7603c5d-b8f6-46d0-ab0a-14fb6177813c/

Link to post
Share on other sites

OK thank you.

Here are the results from FSS:

Farbar Service Scanner Version: 03-03-2013

Ran by jlincoln (administrator) on 06-03-2013 at 16:38:58

Running from "C:\Users\jlincoln\Desktop"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

I ran both tools for IE and I will let you know if I have any further issues. To be more detailed it was crashing as foillows:

I would get a pop up saying that IE had stopped running - then it would check for issues and restart IE.

It seemed to be happeneing in the following circumstances:

1) When clicking quickly through messages in G-mail

2) When trying to open a PDF file from a hyber link

3) When opening a new tab

So far the problem has not reoccured since running the fix tools - if it does I will follow the link you provided.

Link to post
Share on other sites

I would suggest that you do a Windows Update run and tell me what the results are.

run a manual check for updates at Windows Update, etc., etc...

When you reach Windows Update, do a Custom scan for updates. Take (accept) only items marked Important or Critical.

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that. Allow it to restart.

IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description of the "failing update item".

Link to post
Share on other sites

Is this your computer? or is it somebody else's ?

Is this your home computer?

Or does the system belong to an organization or company ? If the latter, get help from your administrator or IT help desk.

If this is yours and a home computer, does your login have administrator-level rights?

If we cannot make much headway here, I would recommend you insure that the system is malware free (run antivirus & full MBAM scans) and if the same problem persists, then get help at the Microsoft Answers Windows Update forum

What information to post in the Windows Update forum

http://answers.microsoft.com/thread/1467f44b-ee27-4f7d-98d7-f1c4b35b3395

Link to post
Share on other sites

Then please get help on the Answers forum. This "error" is {from my limited experience helping another) is a woolly bugger

You should also tell the company manager and suggest you get a local pro to look into this. Having windows update out-of-commission in a corporate setting is not something one wants "hanging" for any significant time.

I wish you well. Good luck.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.