Windows Updates

More logs

 

I'm running WinXp SP2. Two or three days ago I restarted my PC and the red windows alert appeared stating that the "automatic updates are disabled".

When I click the balloon the error in security center is

"We're sorry. The Security Center could not change your Automatic Updates settings. To try changing the settings yourself, go to System in Control Panel. On the Automatic Updates tab, select Automatic (recommended), and then click OK."

I did as instructed, but the automatic updates appear as "ON" under this location. I've tried to update windows and get an error that my IE isn't version 5 or higher. I have version 7 installed. I reinstalled IE7 and still have the same error.

When attempting a windows update. My startup after the logon splash screen is much slower than normal. sometimes programs that would normally starup don't and have even been removed from the startup under 'msconfig' Here are the logs from the read and run me...

 

if it helps, I think this all started with a TMP virus that avast caught when I tried to extract an iphone ipa file. Ive ran several other scanners and still haven't came up with anything.

 

http://www.majorgeeks.com/images/grenade.gif Welcome to MajorGeeks.com!

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Pre-Instructions:
Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Again, make sure ALL browser windows are closed when you click FIX.

Step 2:
Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named C:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 3:
Default Security Settings

To Default Security Settings:
For Internet Explorer 6 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to the Security Tab and click Default Level for the following:

• Internet
• Local Intranet
• Trusted Sites
• Restricted Sites.

Click OK to exit.

For Internet Explorer 7 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

Step 4:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 5:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Thanks! Here are the two logs.

 

The previous log post I completed the steps remotely.

I ran them again when I got home. these are the logs from doing the steps locally.

 

It appears something blocked our fix, disable these programs below and any other antispy or antivirus programs you may have installed.

• Ad-Aware 2007 (temporarily uninstall this)
• Spyware Doctor (Uninstall if you didn't purchase)
• Trojan Remover (Uninstall if you didn't purchase)
• a-squared Anti-Malware

After completing the above, run ComboFix once more and get a fresh log. Also, run C:\MGtools\GetLogs.bat by double clicking on it and attaching the logs below.

1. C:\ComboFix.txt
2. C:\MGlogs.zip

 

lavasof ad-aware away does not show up in my add/remove or all programs. There's no uninstall file under the c:\program files\lavasoft\ad-aware...
I manually deleted the folder.

 

Okay, if you like and use this for protection we can reinstall later. You may have to reinstall and then uninstall when the Add/Remove entry gets replaced.

Just procede and attach the new logs and we'll go from there.

 

attempt #3

 

I see in your logs where it appears your "msconfig" is not set to normal startup. We need to address this first.

Click Start > Run > type in msconfig and and hit OK. Next, under the General Tab be sure "Normal Startup" is checked. If it is NOT then check it and click OK but DO NOT reboot. Run the below steps then attach the requested file. Again, do not restart until you hear back from me.

Next, open notepad, then Copy & Paste the following text in the quote box into the window:

• Save this as fix.bat
• Choose to Save as all files.
• Doubleclick fix.bat and let the program run.
• A small black dos window will flash, this is normal.

Next, are you familiar with the entry below?

Information on the IP address "11.1.2.1":

Finally, run the C:\MGtools\GetLogs.bat and attach the new "C:\MGlogs.zip".

 

The IP listed above is my default gateway for my home network. I changed my linksys router to that address and it's static. Not sure what the system\CCS is.

 

Step 1:
First, select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Again, make sure ALL browser windows are closed when you click FIX.

Step 2:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Once you complete the above instructions your logs will be clean.

Final Steps:
If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!