PDA

View Full Version : won't let me update windows



mpage81073
2008-05-17, 15:55
I have been trying to do a windows update, and keep getting [Error number 0x80072EE7]. I did everything that MS told me to do to fix, but still keeps giving me this error. Then someone suggested that this error is being caused be malware, that the spyware software is not detecting and removing the culprit. ANy help would greatly be appreciated. Here is the log file.
If you need any other information just let me know.
Michael


Logfile of HijackThis v1.99.1
Scan saved at 7:17:29 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
F:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\michael\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Fix-It AV] F:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} (CLaunchRBO10 Object) - http://www.playrealbaseball.com/include/launchRBO_v1.1.0.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD910CB-DE09-473B-A66C-AA56622EC49B}: NameServer = 85.255.116.43,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF58C691-C416-45D5-B81F-D1C631F5EB25}: NameServer = 85.255.116.43,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.43 85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.43 85.255.112.135
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - F:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

mpage81073
2008-05-17, 16:17
Hello again, I have seen in other threads you are asking for Combofix log, so I am now posting it in case it helps.

ComboFix 08-05-15.3 - michael 2008-05-17 8:08:59.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.701 [GMT -5:00]
Running from: C:\Documents and Settings\michael\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\WINDOWS\system32\kdcvc.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 07:34 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-05-17 07:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-17 07:25 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-05-16 22:59 . 2008-05-16 22:59 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 22:50 . 2008-05-16 22:50 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 22:42 . 2008-05-16 22:42 <DIR> d-------- C:\Program Files\ACW
2008-05-16 16:27 . 2008-05-16 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 16:17 . 2008-05-16 16:17 <DIR> d-------- C:\Documents and Settings\michael\Application Data\AdwareAlert
2008-05-16 15:24 . 2001-11-01 14:21 28,432 --a------ C:\WINDOWS\system32\drivers\teefer.sys
2008-05-16 15:24 . 2001-06-22 13:48 7,888 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-05-16 15:23 . 2008-05-16 15:23 <DIR> d-------- C:\WINDOWS\519D55B61FAA40B1B685F986A9F3E0B8.TMP
2008-05-16 15:23 . 2001-07-25 14:25 45,056 --a------ C:\WINDOWS\system32\wps.dll
2008-05-16 15:22 . 2008-05-16 15:22 <DIR> d--h----- C:\VCOM
2008-05-16 15:21 . 2008-05-16 15:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-16 15:21 . 2008-05-16 15:21 <DIR> d-------- C:\Documents and Settings\michael\Application Data\VCOM
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 22:51 . 2008-04-27 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-27 09:09 . 2008-04-27 09:09 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-27 08:28 . 2008-03-12 18:38 445,504 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 01:02 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-03-19 08:08 --------- d-----w C:\Program Files\Sony Online Entertainment
2008-03-19 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 16:58 90,112 ----a-w C:\WINDOWS\system32\launchRBO.dll
2007-03-14 05:25 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-02-12 08:27 1232896]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Fix-It AV"="F:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2003-01-23 14:01 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"D:\\Papyrus\\NASCAR Racing 2003 Season\\SERVER.EXE"=
"E:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"D:\\Program Files\\NETAMIN\\Real Baseball\\patcher\\fc.exe"=
"D:\\Program Files\\NETAMIN\\Real Baseball\\game\\RealBaseball.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 06:16]
R3 SaiHFF04;SaiHFF04;C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2005-11-03 10:52]
R3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2005-11-03 10:52]
S3 mxInsMon;mxInsMon;F:\PROGRA~1\VCOM\SYSTEM~1\mxInsMon.sys [2003-01-23 13:46]
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 08:00:02 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 08:12:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
F:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
F:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-05-17 8:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 13:12:56

Pre-Run: 8,816,017,408 bytes free
Post-Run: 9,095,184,384 bytes free

123 --- E O F --- 2007-11-14 09:01:29

mpage81073
2008-05-17, 17:08
THANKS FOR LOOKING , but I fixed problem myself, I forgot to reinstall spybot, removed old copy to upgrade but forgot to upgrade, I just ran spybot, and it removed a couple of files, and now I am able to update windows, Again THANKS for your time