Cannot install any security software or update windows

Hi

I was away from my computer for several months and my family were using my lap top.

Now when I returned I have several problems.

I cannot install any security software or update windows (error 80070422)

Yesterday I installed spybot and it found and removed some infections, or so I thought. When i powered up my lap top today spybot was gone as was an install of google chrome.

I now tried to save malwarebytes and created a folder on my desktop, changed the name of the exe to explorer.exe, it will download but near the end it will open the folder I created and it will be empty. I also tried to install security essentials but it also cannot be found.

I know there are a lot of microsoft updates to be installed , I think around 0.5GB but I cannot install them.

Please help me if you can to resolve this problem.

Windows vista SP1 (I know it should be at least SP2?)
No security software on laptop working.

Thank you for any help and your time.

edit: I also removed an older version of java but now when i downloaded a new version it too is missing and will not install

 

I wanted to edit my post below but left it for too long.
When I download anything now on explorer 8 all downloads are going to a temp folder which I cannot find. I also do not know how to change the download location because when I download a file it does not prompt for a location to save it to.

I have set my laptop to show hidden folders and used MSCONFIG to boot from normal start up mode. I have some files from AVG left over but cannot download the removal tool due to the temp download folder problem.

Im sorry if my information posted is confusing but I know very little about my problems or how to fix them, sorry if this is annoying for you more advanced users.

I will wait for further instructions, thank you.

 

Hello dr.moriarty Thank you for your response and help.

I have already made a mistake regarding temp file cleaner. I downloaded ccleaner along with spybot yesterday before coming to this form. I ran ccleaner and deleted the files at the time but when i turned lap top on today ccleaner, spybot and chrome had vanished so im not sure if the infection used system restore

After my post today I done some research on here and went and downloaded SUPERantispyware portable onto a cd and managed to run it on this laptop. It found and removed threats as you will see in my attached .txt files.

After running SAS I was able to download Malwarebytes and sucessfully renamed and opened it from my desktop. I then ran a quick scan and fixed 3 more Issues as you will see in my attached file.

That is where my good luck ended though and im not sure why.

Could not and still can't download combofix , RootRepeal, MG Tools , AVG removal tool, TDS Killer, unhide desktop.

The files are no longer downloading to a temp folder but they do not show up in the path a specify either :confused
Files will download to 99% and then a explorer pop up will say "copying 0 bytes" and the download just dissapears

This series of infections has also disabled windows security centre and I cant switch it on, I am also concerned that some links I click in my browser redirect through api.viglink

I will wait for further instructions. Sorry also for bumping my OP, I should have read the stickies beforehand but at least now I know.

Thanks again dr.moriarty

 

Hi again.

Yes I have access to another lap top which I can use.
I will be online most of the day so I will wait for your guidance.

Thank you.

 

Hi again.
I know this post is a bump and I will be at the bottom of the list but I am providing the logs of the other tools which had to be transferred via cd to infected machine. If it takes a few days to reply thats fine because you are busy here.

ComboFix>> See log below that I will attach to this post.
TDSSKiller>> See log below that I will attach to this post.
MGtools>> See log below that I will attach to this post.
RootRepeal>> Failed, will describe problem below

After running combofix I got an error message every time I tried to open a programme or file, the error read as follows "Illegal operation attempted on a registry key that has been marked for deletion"
After reading about the error I saw it was ok to try and reboot laptop. After reboot the error was gone and I could open files and programmes. Also after running combofix I could download and run programmes such as java from the internet so I updated it.

All tools ran fairly sommthly except ROOTREPEAL >> When I ran rootrepeal I disabled my firewall etc for it to run smoothly. It scanned some files but then became stuck on C:\Windows\winsxs\manifests\ While it was scanning up to that file it was using 16,000 memory but once it got to the file above the memory usage jumped up and up until it was using nearly 2GB of memory, at that point I ended the scan and had to end the process in task manager. I also tried this scan in Safe Mode but it had the same result.

Laptop is running a lot smoother after combofix so that is brillant but I still think there maybe some threats because sometimes it becomes un responsive and also there seems to be 2 transpearent files on my desktop and I dont know how they got there, I cannot remove them because It says other programmes may need them, the file is >> Desktop.ini >> [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Also I would like to know if it is safe to download and install the 650MB of microsoft updates that are in a queue to be downloaded?

Thanks for helping.

 

Hello again.

I just want to inform you that I preformed step4 before running any of the scans.

Right Click Start
Select Explore
Select Organize
Select Folder and Search Options
Select the View tab
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide extensions for known file types option.
Uncheck the Hide protected operating system files (recommended) option.
Click yes to confirm that you really want to do this.
Click Apply
Click OK


It still shows that hidden files are shown and both boxes that have to be unticked are unticked :confused

Regarding the updates from microsoft, they are taking over and downloading in the background themselves..I will not reboot laptop until further instruction

Thanks

 

Ok I will wait for updates to be finished>> reboot.

Sorry but im not sure which other logs you are looking for :confused

I thought I had uploaded all except rootrepeal?

"edit" I see you are looking for Malwarebytes and superantispyware logs...You will find them attached to my 3rd post ITT.. I posted them before I managed to transfer the other tools onto this laptop today

 

Hello again dr M.

It has taken me a while to reply due to microsoft updates taking about 15hrs to install. So many restarts but at least it is done now

Adobe reader outdated>> Ununstalled and downloaded new version Reader X
Question - what is this? C:\Users\jer\Desktop\756yy.com.exe
That file was TDSSkiller which I renamed when transferring to this laptop.
I have also removed all .exe, zip etc from desktop and have put them in downloads folder.

When I ran C:\MGtools\analyse.exe it scaned no problem however when I checked the results there was no such entry that you requested I delete >> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) does not exist :confused

Anyway I continued on to use combofix and that ran smoothly.

I have deleted the temp folders as you requested and also updated Java
Also I did the esets scanner and ran MGtools >> see both attached logs below.

Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

The only problem I had while running the scans was the entry you asked me to delete does not appear to be there anymore, or at least it is not showing up in the results.

The laptop seems to be running a LOT smoother after following the steps that you instructed me to do

The only concern I have atm is when I insert my USB broadband/midband dongle into the machine windows reads it as a CD ask asks if I want to view the files? This problem wasn't happening yesterday? I can run the modem by clicking start>computer>CD DriveF>autorun.exe but beforehand it has always run itself when inserted into the usb slot. I think that this is not a problem caused by the scans or malware but probably caused by the windows updates that have been installed> would you say that is the case?

BTW do you know what I should do with the 2 desktop.ini files that are on my desktop? I dont want to delete them as a warning pops up and says other programmes may not function without them.

Thank you again for helping and I await final instruction providing my logs are clean (fingers crossed )

 

Im delighted the logs look clean! Computer seems to be running well all day

Thanks for looking into my modem issue. Im nearly positive its related to updates :confused

Also sorry you had to repeat yourself about the desktop icons. I noticed after posting that today that you had already answered it in another post :-o

 

Hello again Dr M.

Yes indeed that microsoft article seems to have resolved my issues :guitar

Have also preformed all of the final steps.
Lap top is running better than ever before, on the internet also.

Ill be sure to keep everything up to date in future and I think the next time I am leaving my lap top at home I will create a guest acc for the others that will be using it.

Thanks for everything Dr M, I appreciate your time and patience.
See you around the forums :major