Windows Update Error

eddie57

eddie57

Member
My Boss asked me to look at her daughter's laptop because of some issues. It's a Dell Inspiron N5010, the OS is Windows 7 Home Premium . When I turned the laptop on it was attempting to install windows updates and configuring windows, but it could not. It then shut down and when I restarted the laptop it gave me the following message: "Failure configuring Windows updates, Reverting changes, Do not turn off your computer. It stays in this mode until I hit escape then it shuts down and then restarts windows and does the same thing, saying it's confguring Windows updates, xx% complete, Do not turn off your computer.

PS: When I ran the Microsoft windows updater troubleshooter, I got the message "an error occurred while troubleshooting and the troubleshooting wizard cannot continue. error code 0x80080005.

Any suggestions are appreciated.

Thanks

Eddie
 
I would start by scanning the system for malware using malwarebytes.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.



Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Someone turned off the machine when it was updating from Microsoft and now it is stuck in a loop... can you get into safe mode ? you either need to finish the updates or remove them, if you can get into safe mode, try system restore..
 
And stop the updates. I stopped them when i had similar problems. It pisses me off too bad. Needless to say, i'm happy and thriving without the updates. They are anyway just minor fixes. If it's really important, i'll take some time sometimes, and update them all at once.
 
Starting Laptop

John,

How should I start up the laptop when trying to correct the problems? Should I be starting it in safe mode?

Thanks

Eddie
 
johnb35 said:
I would start by scanning the system for malware using malwarebytes.



Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Click to expand...

These are the scan logs your requested.

PS: I also turned off the windows update.

HIJACKTHIS LOG.....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:04:17 PM, on 9/6/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ooVoo Video Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110810213159.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ooVoo Video Chat - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
O2 - BHO: Yontoo Layer (Drop Down Deals)s - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\PageRage\YontooIEClient.dll
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
O3 - Toolbar: ooVoo Video Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: McAfee Application Installer Cleanup (0239491346889463) (0239491346889463mcinstcleanup) - Unknown owner - C:\Users\ANYSSA~1\AppData\Local\Temp\023949~1.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14755 bytes


MALWAREBYTES LOG:

Includes a log from a scan I did yesterday before I received your reply to my thread, and a second log from a scan I did today. In yesterday's scan there was a trojan in the scan results. I removed that item. The pupbundlerinstaller was not removed yesterday, but I did remove it today.

9-5-12 SCAN....

Malwarebytes Anti-Ma1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
anyssa321 :: ANYSSA321-PC [administrator]

9/5/2012 6:32:38 PM
mbam-log-2012-09-05 (18-32-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196246
Time elapsed: 30 minute(s), 52 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1772 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Windows\Temp\68B5.tmp (PUP.BundleInstaller.IB) -> No action taken.
C:\Users\anyssa321\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Today's Scan (9-6-12):

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.12

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
anyssa321 :: ANYSSA321-PC [administrator]

9/6/2012 5:29:08 PM
mbam-log-2012-09-06 (17-29-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193930
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1468 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.

(end)
 
So your able to boot into windows in normal mode now then? Seems so. Unfortunately both windows updates and malware can cause this issue. There are some other issues I see though. So I need you to run a special uninstall scan using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list. Then copy and paste the contents back here.
 
uninstall list

johnb35 said:
So your able to boot into windows in normal mode now then? Seems so. Unfortunately both windows updates and malware can cause this issue. There are some other issues I see though. So I need you to run a special uninstall scan using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list. Then copy and paste the contents back here.
Click to expand...

Here is the "uninstall list" as you requested.

***Shall I continue to leave the "windows update" off? That allows me to start the laptop normally. Before it would attempt to install updates then revert changes or something like that, and keep doing it over and over. Thanks!


"Uninstall list"

Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
Bing Bar
Bing Rewards Client Installer
Conduit Engine
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell Perks Webslice IE8
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell VideoStage
Dell Webcam Central
eBay
Facebook Video Calling 1.2.0.159
ffdshow [rev 2527] [2008-12-19]
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HiJackThis
IDT Audio
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Explorer
Java(TM) 6 Update 29
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
ooVoo
ooVoo Toolbar
ooVoo Video Chat Toolbar
Realtek USB 2.0 Card Reader
Roxio Burn
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Toolbars
Skype™ 5.10
SpywareBlaster 4.6
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Verizon V CAST Media Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
 
Please uninstall the following.

Ask Toolbar
Bing Rewards Client Installer
Conduit Engine
Java(TM) 6 Update 29
ooVoo Toolbar
ooVoo Video Chat Toolbar

I believe you can still run oovoo without the toolbars.

Then go here to download the lastest version of java.

www.java.com

Question... Is AVG currently installed on this machine? I see it in the hijackthis log but no reference to it in the add/remove programs list.

I would assume one of the windows update is causing an issue, however there was a trojan entry removed. You can try reenabling windows updates and see what happens.
 
Follow up

johnb35 said:
Please uninstall the following.

Ask Toolbar
Bing Rewards Client Installer
Conduit Engine
Java(TM) 6 Update 29
ooVoo Toolbar
ooVoo Video Chat Toolbar

I believe you can still run oovoo without the toolbars.

Then go here to download the lastest version of java.

www.java.com

Question... Is AVG currently installed on this machine? I see it in the hijackthis log but no reference to it in the add/remove programs list.

I would assume one of the windows update is causing an issue, however there was a trojan entry removed. You can try reenabling windows updates and see what happens.
Click to expand...


Yes AVG is installed. The machine has McAfee but it had expired. I uninstalled it and then installed AVG yesterday. The trojan was removed yesterday when I ran Malwarebytes yesterday. I will let you know how it worked.
 
johnb35 said:
Please uninstall the following.

Ask Toolbar
Bing Rewards Client Installer
Conduit Engine
Java(TM) 6 Update 29
ooVoo Toolbar
ooVoo Video Chat Toolbar

I believe you can still run oovoo without the toolbars.

Then go here to download the lastest version of java.

www.java.com

Question... Is AVG currently installed on this machine? I see it in the hijackthis log but no reference to it in the add/remove programs list.

I would assume one of the windows update is causing an issue, however there was a trojan entry removed. You can try reenabling windows updates and see what happens.
Click to expand...

When I tried to uninstall the "Ask Toolbar" I got a window named "Windows Installer". The window says "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter an alternate path to a folder containing the installation package "Ask Toolbar msi" in the box below." The box below is name "Use source" and gives me the option to browse. Not sure what to browse for or where to browse.

All the other items you asked me to delete were deleted.

Also, regarding the Java programs, The site where I downloaded the new version of Java said to remove older versions of Java. I did remove the version you asked. But there is another Java version installed on the labtop called Java (TM) 6 Update 23 (64-bit). Should I remove this version? I updated the Java at the site you provided to "Java 7 Update 7".

Thanks again.
 
Windows Updates

Still unable to install windows updates. Getting the same message "failure confguring Windows updates, Reverting changes, Do not turn off your computer.

Shall I do a windows restore? I have a July restore point.

Thanks
 
I get this problem a lot with Windows 7, you need to boot into safe
mode, perform a system restore back to before the update was installed, boot normally, completely disable updates, and remove any that are pending to be installed. This is the only way I can ever fix it unfortunately.
 
EclipticShell said:
I get this problem a lot with Windows 7, you need to boot into safe
mode, perform a system restore back to before the update was installed, boot normally, completely disable updates, and remove any that are pending to be installed. This is the only way I can ever fix it unfortunately.
Click to expand...

How do I determine the correct restore point date? Also, how do I remove the updates pending to be installed? When you say to disable the updates do you mean to turn off the automatic updates and set it to "never check for updates"?

You also said " This is the only way I can ever fix it unfortunately". Did you set it up to update automatically after you corrected the issue or how did you take care of critical updates? Thanks

Eddie
 
EclipticShell said:
I get this problem a lot with Windows 7, you need to boot into safe
mode, perform a system restore back to before the update was installed, boot normally, completely disable updates, and remove any that are pending to be installed. This is the only way I can ever fix it unfortunately.
Click to expand...

Your idea is really bad because it leaves your system vulnerable because it can't get updates to patch security holes and such.

Eddie, did you try my idea?
 
Not yet.

lucasbytegenius said:
Your idea is really bad because it leaves your system vulnerable because it can't get updates to patch security holes and such.

Eddie, did you try my idea?
Click to expand...

Not yet. I am at work. Will give it a shot when I get home. I was researching on the web and there are a lot of options on how to fix it. I tried several last night, none were successful. I tried the microsoft troubleshooter and that didn't work. I have about 10 different options left that people on other sites have attempted to fix this. Not too many positive outcomes from the posts I've read. Why can't Microsoft get it right???
 
eddie57 said:
Not yet. I am at work. Will give it a shot when I get home. I was researching on the web and there are a lot of options on how to fix it. I tried several last night, none were successful. I tried the microsoft troubleshooter and that didn't work. I have about 10 different options left that people on other sites have attempted to fix this. Not too many positive outcomes from the posts I've read. Why can't Microsoft get it right???
Click to expand...

I don't think this is Microsoft's fault because it sounds like the computer lost power or overheated and did a hard shutdown.
 
Not so

lucasbytegenius said:
I don't think this is Microsoft's fault because it sounds like the computer lost power or overheated and did a hard shutdown.
Click to expand...

The unit is not overheating or losing power. I don't know where you come up with that assumption? The laptop just tries to configure the updates, they don't install and then the system reverts back to where it was previously. It works fine after that. It take about 15 minutes for the system to to attempt to configure the updates and then revert back. It's annoying and nothing else.
 
You must log in or register to reply here.
Back
Top