Windows Update

[ElkNight]

When I try to update, I get error FFFFFFFE.

 

I was trying to research it, and I found that it could be caused by male ware or something.

I use malewarebytes and have never found anything with it

 

Im on vista 64 bit.

 

 

Here is a hijackthis log.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:12:21 AM, on 8/16/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Windows\P1370Mon[Caution: Executable File]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched[Caution: Executable File]

C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5[Caution: Executable File]

C:\Program Files (x86)\Mozilla Firefox\firefox[Caution: Executable File]

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop[Caution: Executable File]

C:\Program Files (x86)\Mozilla Firefox\plugin-container[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Contacts\wlcomm[Caution: Executable File]

C:\Program Files (x86)\uTorrent\uTorrent[Caution: Executable File]

C:\Users\Josh\Random\Desktop\HijackThis[Caution: Executable File]

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59475

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll

F2 - REG:system.ini: UserInit=userinit[Caution: Executable File],

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (file missing)

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart[Caution: Executable File]" MSRun

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE[Caution: Executable File]

O4 - HKLM\..\Run: [P1370Mon[Caution: Executable File]] C:\Windows\P1370Mon[Caution: Executable File]

O4 - HKLM\..\Run: [P1370Cfg[Caution: Executable File]] P1370Cfg[Caution: Executable File] /d:6

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched[Caution: Executable File]"

O4 - HKCU\..\Run: [P2kAutostart] V600

O4 - HKCU\..\Run: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate[Caution: Executable File]" /c

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr[Caution: Executable File]" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr[Caution: Executable File]" /background (User 'Default user')

O4 - Startup: JOSH.lnk = ?

O4 - Startup: JoshK.lnk = ?

O4 - Startup: JoshKloster.lnk = ?

O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5[Caution: Executable File]

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg[Caution: Executable File],-112 (ALG) - Unknown owner - C:\Windows\System32\alg[Caution: Executable File] (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx[Caution: Executable File] (file missing)

O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\Windows\SysWOW64\AmplusnetPrivacyTools[Caution: Executable File]

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService[Caution: Executable File]

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder[Caution: Executable File]

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR[Caution: Executable File] (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService[Caution: Executable File]

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr[Caution: Executable File]

O23 - Service: Google Update Service (gupdate1c9e6e783e1486e) (gupdate1c9e6e783e1486e) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService[Caution: Executable File]

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc[Caution: Executable File] (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc[Caution: Executable File],-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc[Caution: Executable File]

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA[Caution: Executable File]

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\System32\PSEXESVC[Caution: Executable File]

O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\Windows\System32\PSSDNSVC[Caution: Executable File]

O23 - Service: @%systemroot%\system32\Locator[Caution: Executable File],-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc[Caution: Executable File],-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap[Caution: Executable File],-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\spoolsv[Caution: Executable File],-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv[Caution: Executable File] (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService[Caution: Executable File]

O23 - Service: @%SystemRoot%\system32\ui0detect[Caution: Executable File],-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\vds[Caution: Executable File],-100 (vds) - Unknown owner - C:\Windows\System32\vds[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\vssvc[Caution: Executable File],-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc[Caution: Executable File] (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv[Caution: Executable File],-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv[Caution: Executable File] (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk[Caution: Executable File],-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk[Caution: Executable File] (file missing)

--

End of file - 9950 bytes

 

 

 

I also ran it though the Hijackthis checker and these were the main "problems."

 

O4 - HKLM\..\Run: [P1370Cfg[Caution: Executable File]] P1370Cfg[Caution: Executable File] /d:6

O4 - HKLM\..\Run: [P1370Mon[Caution: Executable File]] C:\Windows\P1370Mon[Caution: Executable File]

 

P1370Mon[Caution: Executable File] is supposed to be Live! Cam Console Auto Launcher.

 

Anyone have any possible ideas/solutions?

[VARN]

I would try rebooting and installing offline, download the file and install without window update.

[Lord Diddy]

What antivirus are you using? Also I see a torrent program so make sure there arent anyything fishy in your downloads.