Jump to content

can't access windows update


tricky101

Recommended Posts

Hi

I definatly think i've got some kind of malware issue here. Have run all the scans...adaware, MBAM, spybot but it seems to be sticking around.

Symptons:

- few days back i noticed I.E forcefully loading itself or trying to, with an ad site as its location url.

- Have had a few instnaces of firefox loading a tab witha suspicious looking URL but the URL does not load (firefox is my main browser)

- some suspicious looking things in my startup list.

- One of the programs has removed a suspicious lookign thign that was being run at startup (svcacz.dll) which now produces an error upon startup as the file no longer exists but it is however still in the startup run file.

Here's a hijackthis log i just ran, prior to this i ran an adaware full scan and an MBAM quick scan, with restarts after both, both having found threats however the threats may already be back.

any help would be appreciated.

Hi

I definatly think i've got some kind of malware issue here. Have run all the scans...adaware, MBAM, spybot but it seems to be sticking around.

Symptons:

- few days back i noticed I.E forcefully loading itself or trying to, with an ad site as its location url.

- Have had a few instnaces of firefox loading a tab witha suspicious looking URL but the URL does not load (firefox is my main browser)

- some suspicious looking things in my startup list.

- One of the programs has removed a suspicious lookign thign that was being run at startup (svcacz.dll) which now produces an error upon startup as the file no longer exists but it is however still in the startup run file.

Here's a hijackthis log i just ran, prior to this i ran an adaware full scan and an MBAM quick scan, with restarts after both, both having found threats however the threats may already be back.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:35:16, on 14/09/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Administrator\Desktop\anti virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reade

<Moderator merging of topics and consolidation of posts ~ Maurice>

3rd post

upon attempting to paste in my logfile it gave me a connection drop error, once i removed the logfile paste it allowed me to post

im assuming that could be related, ill try paste again

i can't seem to paste it in here without getting a connection reset error, so ill try attach it

4th post

seems my hijackthis log stuff has appeared now (im guessing some kind of forum security measure delays it)

any help would be great

5th post

tried a few more thigns but still not fixed, keep getting warnings from adaware about svchost.exe trying to connect to a malicious website

6th post

adaware now seems to be tryign to block exploerer.exe from making changes to the internet explorers security settings in the registry....this seems odd to say the least

7th post

can't seem to find a way to edit my post so im going to add another reply to mention that i cant seem to access the windows update site either, i get a connection error upon trying to

8th post

some input or help would be appricated

is there some kind of queue system tat is in place with regards to gettign help here?

9th post

making a new thread as my other got a bit clustered with me adding new stuff to it and im not sure if my hijackthis log was correct

1 of the symptons is in the title, others would be svchost.exe being stopped by adaware from connecting to a malicious website and explorer.exe trying to make registry changes randomly to the internet explorer security settings

attempt at pasting the hijackthis log, this didn't seem to work that well last time: ( i get connection errors when trying to add the post)

10th & others

help would be apricated

it wont allow me to post my hijackthislog i get a connection reset error upon trying to paste it in

both my browsers, firefox and I.E are nto allowing me to attach or paste in a hijackthis log file

@tricky101

Await a response from an expert. Do NOT add any further posts until then.

You had more than 1 topic and several posts, which got your topics updated with response counts over 1, and that tends to have helpers believe you were being helped.

Edited by Maurice Naggar
Merge posts
Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.