 [Resolved] windows update error: code 80244019, My windows and antivirus software can not update |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jun 16 2009, 11:55 PM
Post
#1
|
|
 Authentic Member  Group: Authentic Member Posts: 75 Joined: 16-June 09 Member No.: 86,305 Operating System: Windows Vista  |
Ok here goes....
 I am not a newb on the "puter," but I am completely and utterly stumped with this nasty virus which i believe is either a Trojan or a root kit. It all started when i was downloading a "Torrent" (which i will never do again cause it has scared me for life as you soon tell) when the sneaky badboy jumped up and bit me on the cyber ass. Its very sneaky in the sense that Norton, CA, or windows live anti virus programs could not catch it. This particular anomaly will not allow me to enter certain sites and no i am not talking about porn sites, this "Thing" as I call it will not even allow me to access Microsoft help sites, tool removal sites, or update sites for my anti viruses or OS. That was my first hint at it being a serious bad ass virus. Next, I don't know where to even start looking, seeing as to how Reg edit ( which i have not changed, nor will i touch for fear serious damage) and my self do not speak the same language. I have tried to update my OS and my (Various) anti virus programs, but with continuous failure. I have tried using a non infected computer and downloading the much needed updates so i can at least try to install them manually but whenever i try to install the updates on my computer an error pops up saying insufficient memory!!! WHY!!???? I have plenty of room i will let you know. The same goes for Microsoft approved tools! I don't know what else to do. Here is the HJT report, if you need any more info on the subject from what else I've tried please let me know. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:30:34 AM, on 6/17/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193 O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6546 bytes |
 |
 
|
|
Replies
|
Jun 25 2009, 06:35 PM
Post
#2
|
|
 Forum God / Classroom Admin Assistant  Group: Classroom Teacher Posts: 12,289 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
seriouscode,
If you have some time and an interest, you can always apply to the classroom. But not until we get you clean. Rules say that you can't have an open thread in Malware removal at the time of application. Back to the clean bit. Can you run DDS in normal mode? |
|
|
|
Posts in this topic
seriouscode [Resolved] windows update error: code 80244019 Jun 16 2009, 11:55 PM
Tomk Hi seriouscode,
My name is Tomk. I would be g... Jun 19 2009, 11:53 PM seriouscode Tomk thank you so much for your reply to help me o... Jun 20 2009, 01:08 AM Tomk seriouscode,
What we are looking at in your logs ... Jun 20 2009, 07:37 AM seriouscode Cool thanks Tomk, I understand computers enough to... Jun 20 2009, 02:17 PM Tomk seriouscode,
Double-click SmitfraudFix.exe
Select... Jun 20 2009, 03:48 PM seriouscode OK this is the new Smitfraudfix Log:
SmitFraudFix... Jun 21 2009, 08:30 AM Tomk seriouscode,
Not knowing all of your required set... Jun 21 2009, 09:08 AM seriouscode Tomk I did the router fixes and here is the Malwar... Jun 21 2009, 07:25 PM Tomk seriouscode,
Is that MBAM log from the computer w... Jun 21 2009, 11:29 PM seriouscode the one we've been working on. The next one th... Jun 22 2009, 12:56 AM Tomk seriouscode,
Good. Please run Malwarebytes on th... Jun 22 2009, 01:54 AM seriouscode Tomk just to sure this malwarebytes new log is sti... Jun 22 2009, 08:42 AM Tomk seriouscode,
Yes. You've given me the log fr... Jun 22 2009, 09:39 AM seriouscode Logfile of Trend Micro HijackThis v2.0.2
Scan save... Jun 22 2009, 10:55 AM Tomk seriouscode,
Let's get an online scan to make... Jun 22 2009, 11:05 AM seriouscode Tomk so far things on the homefront seem to be run... Jun 22 2009, 06:08 PM Tomk seriouscode,
This computer appears to be clean. ... Jun 22 2009, 06:39 PM seriouscode Tomk this is the other computers Mbam log. I gotta... Jun 22 2009, 11:01 PM Tomk seriouscode,
That should have speeded it up.
Let... Jun 22 2009, 11:34 PM seriouscode Tomk here is the K log from that online scan you a... Jun 23 2009, 01:32 PM Tomk seriouscode,
Let's get a deeper scan of that ... Jun 23 2009, 02:29 PM seriouscode Tomk you are like a computer tech gawd to me and a... Jun 23 2009, 07:27 PM Tomk seriouscode,
Thanks for the compliment but I... Jun 23 2009, 08:20 PM Tomk Also, let's close out your original computer.
... Jun 23 2009, 08:22 PM seriouscode Tomk, here is the java log:
JavaRa 1.14 Removal L... Jun 24 2009, 01:29 PM Tomk seriouscode,
Mbam is a good program to keep. Run... Jun 24 2009, 02:14 PM seriouscode Tomk dude I have got a seriously critically fatal ... Jun 24 2009, 08:18 PM Tomk seriouscode,
I notgood up. There are two entries... Jun 24 2009, 09:10 PM seriouscode still dead. Very dead. All safe mode paths lead to... Jun 24 2009, 09:25 PM Tomk seriouscode,
Alright. This should take care of i... Jun 24 2009, 10:13 PM seriouscode Tomk,
this is what i see when i get into the rec... Jun 24 2009, 10:32 PM Tomk seriouscode,
I don't blame you a bit for bein... Jun 24 2009, 11:15 PM seriouscode The files copy ok... But when i go back and try to... Jun 24 2009, 11:43 PM Tomk seriouscode,
You didn't know to capitalize CO... Jun 24 2009, 11:51 PM seriouscode they did copy lol. And don't worry i don't... Jun 25 2009, 06:24 AM Tomk seriouscode,
Good morning. Glad to hear you... Jun 25 2009, 07:29 AM seriouscode Tomk,
Ok i logged via the admin log in in normal ... Jun 25 2009, 02:24 PM Tomk seriouscode,
That sounds like it may be related t... Jun 25 2009, 02:46 PM seriouscode And there is that other snag... We're about to... Jun 25 2009, 02:55 PM Tomk seriouscode,
Please start the computer in safe mo... Jun 25 2009, 03:16 PM seriouscode safe mode is good to go. Jun 25 2009, 03:39 PM Tomk seriouscode,
Ah. That means it's probably a ... Jun 25 2009, 03:55 PM Tomk seriouscode,
Please run DDS and post me the log a... Jun 25 2009, 04:41 PM seriouscode Tomk,
You are quickly becoming a really good frie... Jun 25 2009, 06:23 PM seriouscode no not yet. That was safe mode scan Jun 25 2009, 06:45 PM seriouscode Normal mode still continues to flash refresh. I ca... Jun 25 2009, 06:50 PM Tomk RE: [Resolved] windows update error: code 80244019 Jun 25 2009, 07:02 PM seriouscode So where do we go from here? Jun 25 2009, 07:07 PM Tomk I'm still working on it with some collegues.
... Jun 25 2009, 07:18 PM Tomk seriouscode,
Theoretically, win32k.sys should not... Jun 25 2009, 08:59 PM seriouscode I got a dos window saying:
File found
Press any... Jun 25 2009, 10:37 PM Tomk seriouscode,
Well now. Please reboot and see wha... Jun 25 2009, 11:00 PM seriouscode [size="5"]Tomk this is the Gmer log file... Jun 26 2009, 08:01 AM Tomk seriouscode,
The good news is no scary rootkit. ... Jun 26 2009, 08:17 AM seriouscode just to be clear, can i run it on safe mode? Jun 26 2009, 08:23 AM seriouscode Tomk,
Here is the Mbam log:
Malwarebytes' A... Jun 26 2009, 08:55 AM Tomk seriouscode,
Now I'd like you to go ahead and... Jun 26 2009, 10:37 AM seriouscode and then? Jun 26 2009, 10:48 AM Tomk seriouscode,
And then I'd like to see the rep... Jun 26 2009, 11:02 AM seriouscode Tomk,
Here is the combo fix log in safemode no ne... Jun 26 2009, 11:24 AM Tomk seriouscode,
Aha...
Your computer appears to h... Jun 26 2009, 02:06 PM seriouscode Your a genius! it loaded in normal mode Jun 26 2009, 02:34 PM seriouscode but its taken more then 10 mins to load and my nor... Jun 26 2009, 02:40 PM Tomk seriouscode,
Awesome. Now we have something ... Jun 26 2009, 02:54 PM seriouscode tomk
here is the fix file log
ComboFix 09-06-2... Jun 26 2009, 03:53 PM Tomk seriouscode,
Looking good.
Now will it allow you... Jun 26 2009, 03:57 PM seriouscode yes i can download everything now. Norton, Windows... Jun 26 2009, 09:55 PM Tomk seriouscode,
Please post me a new HijackThis log ... Jun 26 2009, 10:04 PM seriouscode Hey Tomk,
Thank you for being so patient with me... Jun 26 2009, 10:20 PM Tomk I don't like Norton. I think it isn't as ... Jun 26 2009, 10:42 PM seriouscode Thank you Tomk. I will get started on those to do ... Jun 26 2009, 10:47 PM Tomk seriouscode,
Odd's are that I'll be aroun... Jun 26 2009, 11:05 PM seriouscode Tomk,
After a very thorough reading last night ... Jun 27 2009, 11:14 AM Tomk seriouscode,
Log looks good
Time for some hous... Jun 27 2009, 11:40 AM seriouscode Tomk,
I'm still in the process of reading the... Jun 27 2009, 01:06 PM Tomk seriouscode,
I've changed my answer to this p... Jun 27 2009, 01:34 PM seriouscode Tomk,
I understand everything you've helped m... Jun 27 2009, 09:58 PM Tomk seriouscode,
You are very welcome.
Good Luck and... Jun 27 2009, 10:06 PM
Tomk Since this issue appears to be resolved ... this T... Jun 27 2009, 10:08 PM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
 |
0 | AplusWebMaster | 0 | Today, 11:02 AM Last post by: AplusWebMaster |
||
 |
18 | HelpMePl0x | 918 | Today, 09:40 AM Last post by: LDTate |
|||
|
14 | annie1963 | 312 | Today, 09:12 AM Last post by: Tomk |
|||
|
13 | improv | 213 | Yesterday, 08:14 PM Last post by: SweetTech |
|||
|
Time is now: 16th March 2010 - 01:25 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
