Windows won't update - is it malware?

[alx21]

Hi

My PCs are set to notify me of Windows Updates so that I can choose which ones to download and install. For several months I haven't had any notifications of newly released updates and thought nothing of it. However, two days ago I decided to do a manual check and there were 11 updates available dated 11th August 2015. Whenever I try to download them, the screen just says “Downloading updates, 0kb total, 0% complete”, regardless of how long I spend trying to download e.g. one hour, 90 minutes etc.

So I decided to try just one update for IE and after about 30 minutes it downloaded and installed. There are now 30 pending updates and at this rate it will take 15 hours to download and install them. I also know that updating Windows when infected creates difficulties at a later stage.

I have scanned with Malwarebytes and SuperAntiSpyware and the PCs seem clean, but a few strange things have been happening; sometimes when reading a PDF the document closes abruptly, and also my Canon scanner gets stuck through a scan, something that never happened before, and I also get the occasional blank IE page.

Am I infected? My logs are below. Thanks.

[Dakeyras]

Hi and welcome back to Safer Networking.

After reviewing the logs provided(in future please do not attach them but merely post unless advised otherwise, thank you) nothing particularly malicious seems to be the root cause. Though I do advise you consider uninstalling this utter dross:

Toolwiz Time Freeze 2014

As it is not something I would personally advise anyone download/install/use etc as it has the potential to render a machine little more than a expensive doorstop. My humble opinion however and your call. Anyway to err on the side of caution before considering other root causes lets rule out malware as follows shall we...

Next:

For the duration of the below two scans, temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

• Right-click on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply.

Scan with Zoek:

Please download Zoek and save to the desktop.

• Right-click on zoek.exe and select Run as Administrator .
• Once the GUI(graphical user interface) has loaded >> click on the More Options tab >> select Auto Clean only.
• Ensure the option Scan All Users is selected >> now click on the Run Script tab.
• Zoek will momentary close and a new GUI will appear and the scan will commence.
• Please be patient as the scan may take some time depending on the specifications of your computer.
• Once the scan is completed a log file named zoek-results.log will open via notepad, post the contents in your next reply.
• If the system requires a reboot after the aforementioned scan, click on OK at the prompt(the log will appear after the reboot).
• The zoek-results.log can also be found on your system drive.

Note: Do not forget to re-enable your Security software after running the above scans!

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• Junkware Removal Tool Log.
• Zoek Log.

[alx21]

Hi Dakeyras

Thanks for your help and sorry about the attachments; I completely forgot. The PC is running ok and not showing any more odd symptoms, but I haven't attempted any more updates, I will wait for your prompt. The JRT and Zoek logs are below-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x86
Ran by USER (Administrator) on 14/02/2016 at 20:59:31.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08G6DIIW (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S00M8CO (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0RIN9YF (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERVM4ZDC (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSO6AD2Z (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE2SDBRZ (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L61HB3AJ (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJME0V0Y (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/02/2016 at 21:00:47.63
End of JRT log

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by USER on 14/02/2016 at 21:01:47.89.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

14/02/2016 21:02:51 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Users\USER\AppData\Local\VirtualStore deleted successfully
C:\Users\USER2\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3911347883-1701421413-189546050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\Gj0neWhS.default\extensions\abs@avira.com" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 14:27]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gfe_rd=cr&ei=mTEsVKTNJOGq8wfem4HADQ&gws_rd=ssl"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gfe_rd=cr&ei=mTEsVKTNJOGq8wfem4HADQ&gws_rd=ssl"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\USER2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=112 folders=25 2484024 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USER\AppData\Local\Temp will be emptied at reboot
C:\Users\USER2\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\USER\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/02/2016 at 21:21:53.09 ======================

[Dakeyras]

Hi.

Thanks for your help and sorry about the attachments; I completely forgot.

You're welcome, fair play re the attachments.

The PC is running ok and not showing any more odd symptoms,

Acknowledged.

I haven't attempted any more updates, I will wait for your prompt.

Please visit this page How do I reset Windows Update components?, under the heading Windows 8.1, Windows 8, and Windows 7, click on:

Run now

At the prompt, save to your desktop. Once downloaded, double click on WindowsUpdateDiagnostic.diagcab >> once the GUI(graphical user interface) appears/loads >> select Windows Update

Then click on Next >> follow the prompts. Once completed reboot your machine if not prompted and then check for Windows Updates(do not download any/install etc).

Next:

Let myself know the outcome of the above when ready and we will then go from there, thank you.

[alx21]

I have run the Windows Update Diagnostic troubleshooter, rebooted and searched for new updates, but none was found after 60 minutes, and again after 45 minutes. The 30 updates which were present but won't download have also disappeared. The troubleshooter posted the following message-

Problems found-

1. Service registration is missing or corrupt – not fixed.
2. Windows Update error 0x8007005 (2016-02-15-T_11_38_55P) – not fixed.
3. Problems installing recent updates – fixed.
4. Problems installing recent updates – fixed.
5. Problems installing recent updates – fixed.

Which way forward?

[Dakeyras]

Hi.

My apologies for the delay. All acknowledged, lets carry out a benign scan as follows shall we to further try and ascertain what may be the actual problem...

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.

• Right-click FSS.exe and select Run as Administrator to start the program >> click on Yes at the prompt.
• Select all available options.
• Then click on the Scan tab.
• When the scan is complete, it will produce a log named FSS.txt.
• Post the contents in your next reply.