Help Needed! (HJT log, Windows Update and Errors)

[dchild000]

My family has this Dell Computer thats now gone mad. The Task manager doesn't come up at all! (I read the thread on bringing it back but I wasn't sure what I was supposed to be fixing in HTJ so I thought I'd post the log here and see what needs fixing.

But also, I'm not sure if this can be helped here or in another thread but I use Trend Micro PC-cilin as my anti-virus and I had it run a windows vunerability/security check, and it came back with 21 Items at Risk level... :dead: It then tells you to use Windows Update to fix these security issues, but unfortunately when I try that It takes me to the windows update page via IE, but then prompts to tell me "Your security settings prohibit ActiveX controls from running on this page. As a result, this page may not display correctly" so I click Ok and if I let the page sit for a couple minutes I get this from the page

The website has encountered a problem and cannot display the page you are trying to view. Take the following steps to try solving the problem:
Refresh the page.
In Internet Explorer, delete your Temporary Internet Files by going to the Tools menu and clicking Internet Options.
Close and then re-open Internet Explorer.

I did what it recommended and nothing....so I can't get to the updates to fix my security.... @_@

Lastly is there anywhere on this forum that can help me fix 'Access Violation' error codes?

Thanks
Dchild

 

[Tedster]

what does your antivirus and several anti-trojans say?

 

[dchild000]

out of the 21 Security risks only 6 have names and 3 of which are the only criticals of the list. They are as follows:

Risk Level | Name
Very High / ASF_MANYMIZE.A;WORM_MANYMIIZE.A
Critical /AGOBOT FAMILY;WORM_GAOBOT.AC;WORM_MUMU.C;WORM_NACH...
Critical / BKDR_LORRAC.A;JS_CBASE.EXP1;JS_SEFEX.A;WORM_BUGBEA...
Critical / BKDR_LIDUAN.A;HTML_ALPHX.A;HTML_ALPHX.C;HTML_ALPHX...
Very High / HTML_BAYFRAUD.B;HTML_GOLDFRAUD.A;HTML_PACHFRAUD.A;...
Very High / BKDR_ZGOO.A;HTML_JACKLER.A;HTML_MHTREDIR.B;HTML_MH...


Those are all of the ones with names, the ones with out names are mostly Between Moderate-Very High.

As for the HTJ log, could someone tell me what I should fix because I don't want to make this computer worse off than it is

Thanks, hope this helps.

 

[howard_hopkinso]

Hello and welcome to Techspot.

You are running a completely unpatched version of Windows. After your problem is fixed. Update your Windows to at least service pack 1 and preferably service pack 2.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

winupdates.

Close control panel.

Open your task manager and click on the processes tab. End process for(if there).

winupdates.exe

Close task manager.

Run HJT with no other programmes open and have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Click on the fix checked button.

Close HJT.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate the above 023 services and double click on them. Select stop if they are running and set the startup type to disabled. Click apply/ok.

Locate and delete the following bold file(if there).

C:\Program Files\winupdates\winupdates.exe /auto

Reboot into normal mode and turn system restore back on.

Regards Howard :wave: :wave:

 

[dchild000]

Ok new issuse ^^;

I did everything you listed and these are the problems now...^^; (but thanks for your help so far )

• I still can't use my task manager. When I press Ctrl-Alt-Del nothing happens
• Now my Monitor flicks on and off without me pressing the power button( its doent hat before btw, but it would just stop after a while...)
• I decided to run a virus check (both online and off, [TrendMicro PC-cilin and House Call]) and this computer has the virus WORM_VB.AS in the windows update folder... @_@
• I've deleted 90% of the traces of it but one seemed to be undeletable. Its in the winupdate folder. >_<
• House Call found some things but it couldn't delete them... I figure I'll try again...
• And lastly (probably not with this comp ^^ when I opened the command prompt in safe mode (I wanted to see if it worked b/c in normal mode I have to type command instead of cmd for anything to come up and stay up) by acessing run and typing in cmd it'll come up but I get this error...
  
  16 bit MS-DOS Subsystem in the title bar
  
  C:\WINDOWS\System32\cmd.com
  The NTVDM CPU has encountered an illegal instruction.
  CS:00cf IP:0656 OP:fe b5 06 db 02 Choose 'Close' to terminate the application.
  
  Close / Ignore

I think that if I fix these problems I can get my file recovery program to work and grab whats left of what I need and put it on my harddrive, but I only seem to be getting an Access Violation when I use it, I even tried uninstalling it and re-installing it... still the same thing... I would not like to have to re-install windows seeing as how this isn't my computer adn the owner probably wouldn't go for it :/

Your help is much appreciated... Thanks Soooo much
-Dchild

 

[howard_hopkinso]

Please post a fresh HJT log.

Regards Howard

 

[dchild000]

New Developements

I searched around a few hours ago and downloaded Ewido and it got rid of the virus/virii/worm/trojan that made my task manager disapper

I tried to see if maybe my run would work and well I still have to type in command for the command prompt to stay up. Also I decided to leave the upload both reports (My new HTJ file and the Scan Report from Ewido)

I forgot to mention in the last post that one of my other problems happens to be with IE. I stopped using IE and switched over to firefox along time ago because when I'd got to certain pages with IE all of the sudden there would be a page cannot be displayed error. It wasn't the internet connection either because I started using Firefox and those same pages would come up fine, no problems...

But now, the big problem is trying to update this computer since it has no service packs :/ And the only way to get updates is to use IE b/c windows doesn't support Firefox (>_<) and everytime I go to the page in IE, it says that my that my security settings prohibits ActiveX from being used and the page probably won't display properly. Then I press ok, and if I let it stay for a couple of mins I get an error on the windows page saying it can't display the page for me to get my updates! T_T I know this needs to be fixed but I tried to change the security settings and still nothing... is there someway I get either get ActiveX working right again or the Updates from another page that Firefox will access?

Thanks again
-Dchild

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager and end process for(if there).

winupdates.exe

Close task manager.

Run HJT and let it fix this entry.

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

Close HJT.

Locate and delete this folder.

C:\Program Files\winupdates\winupdates.exe /auto

Reboot into normal mode and turn system restore back on.

Install a Windows service pack. Either sp1 or better still sp2.

Untill you update your Windows OS, you will keep on getting these kinds of infections.

Regards Howard

 

[dchild000]

I did that, but now the problem is getting those updates, because IE isn't letting me get to the updates page b/c I believe somethings wrong with my ActiveX settings :/ Do you or anyone else have any ideas of what I can do to fix this? I know I need the updates, I just can't get to them.

Thanks for all the help
-Dchild-

 

[howard_hopkinso]

Please post a fresh HJT log.

Regards Howard