error 1058 and automatic updates

im trying to turn on my automatic updates and the services.msc is not
working. it displays error 1058 everytime. i think i have the malware vundo
cuz im getting these pop up ads. how do i get rid of this?
--
hmph.....

You cannot manually start the Automatic Updates service and you receive an
"Error 1058" error message on a computer that is running Windows XP or
Windows XP Tablet PC Edition 2005:
<http://support.microsoft.com/kb/896224>


Please let us know if the problem remains
- -- ---


"dirtydboi" wrote:

> im trying to turn on my automatic updates and the services.msc is not
> working. it displays error 1058 everytime. i think i have the malware vundo
> cuz im getting these pop up ads. how do i get rid of this?
> --
> hmph.....

Hello,

Insure that your system is malware-free /first/ before getting windows updates.
Thoroughly scan the system with your updated anti-virus and anti-malware program.
Document the results so you can have them for posting on an anti-malware forum ---- not here.

Use Windows' Disk Cleanup to delete all temporary files.

Download & save Malwarebytes Anti-Malware from
http://www.besttechie.net/tools/mbam-setup.exe or
http://www.majorgeeks.com/Malwarebyt...are_d5756.html
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in a new reply as soon as it has finished.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

MBAM is an excellent first-line program to use and keep.

Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. ** Post your log to one (and only one) of the following
http://aumha.net/viewforum.php?f=30,
http://www.bleepingcomputer.com/forums/forum22.html,
http://castlecops.com/forum67.html,
http://forum.malwareremoval.com/viewforum.php?f=11
http://forums.spywareinfo.com/index.php?showforum=18
http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
http://forums.subratam.org/index.php?showforum=7,
http://forums.spybot.info/forumdisplay.php?f=22
or other appropriate forums for expert analysis, not here.**

Make very sure you read and follow the very topmost instructions at the forum you have selected.

--
Maurice N
MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
-----

"dirtydboi" <> wrote in message news:5A50927B-861A-40F7-B572-...
> im trying to turn on my automatic updates and the services.msc is not
> working. it displays error 1058 everytime. i think i have the malware vundo
> cuz im getting these pop up ads. how do i get rid of this?
> --
> hmph.....

A log like this:
Malwarebytes' Anti-Malware 1.30
Database version: 1416
Windows 5.1.2600 Service Pack 2

11/22/2008 4:09:06 PM
mbam-log-2008-11-22 (16-09-06).txt

Scan type: Full Scan (C:\|D:\|K:\|)
Objects scanned: 181228
Time elapsed: 58 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{ba410704-aff3-46df-9184-11c396259301} (Trojan.Vundo.H) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba410704-aff3-46df-9184-11c396259301}
(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{d9eec67f-e979-4394-af25-98dbc5ea7bbb} (Trojan.Vundo.H) ->
Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\qomcyapq (Trojan.Vundo.H) -> Delete on
reboot.
HKEY_CLASSES_ROOT\CLSID\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba} (Trojan.Vundo.H) ->
Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
(Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{ba410704-aff3-46df-9184-11c396259301}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
(Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335}
(Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3}
(Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897}
(Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined
and deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined
and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\49bdd6ca
(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
(Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d}
(Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification
Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccyassq ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication
Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccyassq -> Delete on
reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs
(Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted
successfully.

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\RegistrySmart
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted
successfully.

Files Infected:
C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\QssAyccf.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\QssAyccf.ini2 (Trojan.Vundo.H) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\nkcbusuh.dll (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\husubckn.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ptrbkjkx.ini (Trojan.Vundo.H) -> Quarantined and deleted
successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet
Files\Content.IE5\4D6VC5YV\kb600179[1] (Trojan.Vundo) -> Quarantined and
deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP950\A0087684.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087705.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087714.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0088727.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP956\A0088919.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP957\A0089105.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP958\A0089181.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\cekkeikx.dll (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\qoMdbCrr.dll (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log\2008 Mar 09 - 09_35_29 AM_343.log
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application
Data\RegistrySmart\Log\2008 Mar 09 - 09_35_32 AM_406.log
(Rogue.RegistrySmart) -> Quarantined and deleted successfully.


"Maurice N ~ MVP" wrote:

> Hello,
>
> Insure that your system is malware-free /first/ before getting windows updates.
> Thoroughly scan the system with your updated anti-virus and anti-malware program.
> Document the results so you can have them for posting on an anti-malware forum ---- not here.
>
> Use Windows' Disk Cleanup to delete all temporary files.
>
> Download & save Malwarebytes Anti-Malware from
> http://www.besttechie.net/tools/mbam-setup.exe or
> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
> Double Click mbam-setup.exe to install the application.
> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
> If an update is found, it will download and install the latest version.
> Once the program has loaded, select Perform FULL Scan, then click Scan.
> The scan may take some time to finish,so please be patient.
> When the scan is complete, click OK, then Show Results to view the results.
> Make sure that everything is checked, and click Remove Selected.
> When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
> The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
> Copy & Paste the entire report in a new reply as soon as it has finished.
> Extra Note:
> If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
> click OK to either and let MBAM proceed with the disinfection process.
> If asked to restart the computer, please do so immediately.
>
> MBAM is an excellent first-line program to use and keep.
>
> Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
> http://www.elephantboycomputers.com/...moving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. ** Post your log to one (and only one) of the following
> http://aumha.net/viewforum.php?f=30,
> http://www.bleepingcomputer.com/forums/forum22.html,
> http://castlecops.com/forum67.html,
> http://forum.malwareremoval.com/viewforum.php?f=11
> http://forums.spywareinfo.com/index.php?showforum=18
> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
> http://forums.subratam.org/index.php?showforum=7,
> http://forums.spybot.info/forumdisplay.php?f=22
> or other appropriate forums for expert analysis, not here.**
>
> Make very sure you read and follow the very topmost instructions at the forum you have selected.
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
>
> "dirtydboi" <> wrote in message news:5A50927B-861A-40F7-B572-...
> > im trying to turn on my automatic updates and the services.msc is not
> > working. it displays error 1058 everytime. i think i have the malware vundo
> > cuz im getting these pop up ads. how do i get rid of this?
> > --
> > hmph.....
>

1. Always begin a new thread about *your* problems.

2. We do not interpret MBAM or HijackThis logs in the public newsgroups.

3. Repost:
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**

PS: You've got a *lot* more work to do!
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Paul wrote:
> A log like this:
> Malwarebytes' Anti-Malware 1.30
> Database version: 1416
> Windows 5.1.2600 Service Pack 2
>
> 11/22/2008 4:09:06 PM
> mbam-log-2008-11-22 (16-09-06).txt
>
> Scan type: Full Scan (C:\|D:\|K:\|)
> Objects scanned: 181228
> Time elapsed: 58 minute(s), 5 second(s)
>
> Memory Processes Infected: 0
> Memory Modules Infected: 4
> Registry Keys Infected: 23
> Registry Values Infected: 4
> Registry Data Items Infected: 3
> Folders Infected: 2
> Files Infected: 22
>
> Memory Processes Infected:
> (No malicious items detected)
>
> Memory Modules Infected:
> C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo) -> Delete on reboot.
> C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo) -> Delete on reboot.
>
> Registry Keys Infected:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
> Helper Objects\{ba410704-aff3-46df-9184-11c396259301} (Trojan.Vundo.H) ->
> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\CLSID\{ba410704-aff3-46df-9184-11c396259301}
> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
> Helper Objects\{d9eec67f-e979-4394-af25-98dbc5ea7bbb} (Trojan.Vundo.H) ->
> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\qomcyapq (Trojan.Vundo.H) -> Delete on
> reboot.
> HKEY_CLASSES_ROOT\CLSID\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo.H) -> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
> Helper Objects\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba} (Trojan.Vundo.H) ->
> Delete on reboot.
> HKEY_CLASSES_ROOT\CLSID\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
> (Trojan.Vundo.H) -> Delete on reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{ba410704-aff3-46df-9184-11c396259301}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f3ab47d7-ddde-45d2-a22d-1a7bb41090ba}
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335}
> (Adware.Seekmo) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3}
> (Adware.Coupons) -> Quarantined and deleted successfully.
> HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897}
> (Adware.Seekmo) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
> Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) ->
> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/cpbrkpie.ocx
> (Adware.Coupons) -> Quarantined and deleted successfully.
> HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) ->
> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined
> and
> deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined
> and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) ->
> Quarantined
> and deleted successfully.
>
> Registry Values Infected:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\49bdd6ca
> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{d9eec67f-e979-4394-af25-98dbc5ea7bbb}
> (Trojan.Vundo) -> Delete on reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
> Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d}
> (Adware.Zango) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx
> (Adware.Coupons) -> Quarantined and deleted successfully.
>
> Registry Data Items Infected:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification
> Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccyassq ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication
> Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccyassq -> Delete
> on
> reboot.
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs
> (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted
> successfully.
>
> Folders Infected:
> C:\Documents and Settings\HP_Administrator\Application Data\RegistrySmart
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted
> successfully.
>
> Files Infected:
> C:\WINDOWS\system32\aoketd.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\qoMcyApQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\fccyAssQ.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\QssAyccf.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\QssAyccf.ini2 (Trojan.Vundo.H) -> Quarantined and
> deleted successfully.
> C:\WINDOWS\system32\nkcbusuh.dll (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\husubckn.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\WINDOWS\system32\xkjkbrtp.dll (Trojan.Vundo.H) -> Delete on reboot.
> C:\WINDOWS\system32\ptrbkjkx.ini (Trojan.Vundo.H) -> Quarantined and
> deleted
> successfully.
> C:\Documents and Settings\HP_Administrator\Local Settings\Temporary
> Internet
> Files\Content.IE5\4D6VC5YV\kb600179[1] (Trojan.Vundo) -> Quarantined and
> deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP950\A0087684.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087705.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0087714.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP951\A0088727.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP956\A0088919.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP957\A0089105.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\System Volume
> Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP958\A0089181.dll
> (Trojan.Vundo) -> Quarantined and deleted successfully.
> C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\cekkeikx.dll (Trojan.Vundo) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\qoMdbCrr.dll (Trojan.Vundo) -> Quarantined and deleted
> successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log\2008 Mar 09 - 09_35_29 AM_343.log
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
> C:\Documents and Settings\HP_Administrator\Application
> Data\RegistrySmart\Log\2008 Mar 09 - 09_35_32 AM_406.log
> (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
>
>
> "Maurice N ~ MVP" wrote:
>
>> Hello,
>>
>> Insure that your system is malware-free /first/ before getting windows
>> updates.
>> Thoroughly scan the system with your updated anti-virus and anti-malware
>> program.
>> Document the results so you can have them for posting on an anti-malware
>> forum ---- not here.
>>
>> Use Windows' Disk Cleanup to delete all temporary files.
>>
>> Download & save Malwarebytes Anti-Malware from
>> http://www.besttechie.net/tools/mbam-setup.exe or
>> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
>> Double Click mbam-setup.exe to install the application.
>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
>> and Launch Malwarebytes Anti-Malware, then click Finish. If an update is
>> found, it will download and install the latest version.
>> Once the program has loaded, select Perform FULL Scan, then click Scan.
>> The scan may take some time to finish,so please be patient.
>> When the scan is complete, click OK, then Show Results to view the
>> results.
>> Make sure that everything is checked, and click Remove Selected.
>> When disinfection is completed, a log will open in Notepad and you may be
>> prompted to Restart.(See Extra Note)
>> The log is automatically saved by MBAM and can be viewed by clicking the
>> Logs tab in MBAM.
>> Copy & Paste the entire report in a new reply as soon as it has finished.
>> Extra Note:
>> If MBAM encounters a file that is difficult to remove, you will be
>> presented with 1 of 2 prompts.
>> click OK to either and let MBAM proceed with the disinfection process.
>> If asked to restart the computer, please do so immediately.
>>
>> MBAM is an excellent first-line program to use and keep.
>>
>> Run a /thorough/ check for malware, including posting your HijackThis log
>> to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_R...:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine.blogspot.com/
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
>>
>> Make very sure you read and follow the very topmost instructions at the
>> forum you have selected.
>>
>> --
>> Maurice N
>> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
>> -----
>>
>> "dirtydboi" <> wrote in message
>> news:5A50927B-861A-40F7-B572-...
>>> im trying to turn on my automatic updates and the services.msc is not
>>> working. it displays error 1058 everytime. i think i have the malware
>>> vundo cuz im getting these pop up ads. how do i get rid of this?
>>> --
>>> hmph.....

i have the same problem. did you fix it? i need help

"dirtydboi" wrote:

> im trying to turn on my automatic updates and the services.msc is not
> working. it displays error 1058 everytime. i think i have the malware vundo
> cuz im getting these pop up ads. how do i get rid of this?
> --
> hmph.....

"Maurice N ~ MVP" wrote:

> Hello,
>
> Insure that your system is malware-free /first/ before getting windows updates.
> Thoroughly scan the system with your updated anti-virus and anti-malware program.
> Document the results so you can have them for posting on an anti-malware forum ---- not here.
>
> Use Windows' Disk Cleanup to delete all temporary files.
>
> Download & save Malwarebytes Anti-Malware from
> http://www.besttechie.net/tools/mbam-setup.exe or
> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
> Double Click mbam-setup.exe to install the application.
> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
> If an update is found, it will download and install the latest version.
> Once the program has loaded, select Perform FULL Scan, then click Scan.
> The scan may take some time to finish,so please be patient.
> When the scan is complete, click OK, then Show Results to view the results.
> Make sure that everything is checked, and click Remove Selected.
> When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
> The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
> Copy & Paste the entire report in a new reply as soon as it has finished.
> Extra Note:
> If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
> click OK to either and let MBAM proceed with the disinfection process.
> If asked to restart the computer, please do so immediately.
>
> MBAM is an excellent first-line program to use and keep.
>
> Run a /thorough/ check for malware, including posting your HijackThis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
> http://www.elephantboycomputers.com/...moving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. ** Post your log to one (and only one) of the following
> http://aumha.net/viewforum.php?f=30,
> http://www.bleepingcomputer.com/forums/forum22.html,
> http://castlecops.com/forum67.html,
> http://forum.malwareremoval.com/viewforum.php?f=11
> http://forums.spywareinfo.com/index.php?showforum=18
> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
> http://forums.subratam.org/index.php?showforum=7,
> http://forums.spybot.info/forumdisplay.php?f=22
> or other appropriate forums for expert analysis, not here.**
>
> Make very sure you read and follow the very topmost instructions at the forum you have selected.
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
As well as the 1058 problem I am getting W32/Fake AlertTDSSXFUM.DLL &
3iMaximus viruses and I cannot update my PC Guard or run the Malware
software. Please Help!!

Peter

Peter wrote:
> "Maurice N ~ MVP" wrote:
>> Insure that your system is malware-free /first/ before getting windows
>> updates.
>> Thoroughly scan the system with your updated anti-virus and anti-malware
>> program.
>> Document the results so you can have them for posting on an anti-malware
>> forum ---- not here.
>>
>> Use Windows' Disk Cleanup to delete all temporary files.
>>
>> Download & save Malwarebytes Anti-Malware from
>> http://www.besttechie.net/tools/mbam-setup.exe or
>> http://www.majorgeeks.com/Malwarebyt...are_d5756.html
>> Double Click mbam-setup.exe to install the application.
>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
>> and Launch Malwarebytes Anti-Malware, then click Finish. If an update is
>> found, it will download and install the latest version.
>> Once the program has loaded, select Perform FULL Scan, then click Scan.
>> The scan may take some time to finish,so please be patient.
>> When the scan is complete, click OK, then Show Results to view the
>> results.
>> Make sure that everything is checked, and click Remove Selected.
>> When disinfection is completed, a log will open in Notepad and you may be
>> prompted to Restart.(See Extra Note)
>> The log is automatically saved by MBAM and can be viewed by clicking the
>> Logs tab in MBAM.
>> Copy & Paste the entire report in a new reply as soon as it has finished.
>> Extra Note:
>> If MBAM encounters a file that is difficult to remove, you will be
>> presented with 1 of 2 prompts.
>> click OK to either and let MBAM proceed with the disinfection process.
>> If asked to restart the computer, please do so immediately.
>>
>> MBAM is an excellent first-line program to use and keep.
>>
>> Run a /thorough/ check for malware, including posting your HijackThis log
>> to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_R...:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine.blogspot.com/
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. ** Post your log to one (and only one) of
>> the
>> following http://aumha.net/viewforum.php?f=30,
>> http://www.bleepingcomputer.com/forums/forum22.html,
>> http://castlecops.com/forum67.html,
>> http://forum.malwareremoval.com/viewforum.php?f=11
>> http://forums.spywareinfo.com/index.php?showforum=18
>>
>> http://www.spywarewarrior.com/viewfo...0ca7ab9210f7ae,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
>>
>> Make very sure you read and follow the very topmost instructions at the
>> forum you have selected.
>>
>> --
>> Maurice N
>> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
>> -----
> As well as the 1058 problem I am getting W32/Fake AlertTDSSXFUM.DLL &
> 3iMaximus viruses and I cannot update my PC Guard or run the Malware
> software. Please Help!!

Follow the instructions Maurice posted & which you quoted?