Windows will not update, stoping other programs from updating

Joesservice · 06 Nov 2014

Ok, here are the results from the re-scan with Rootkits scan. I have quarantined, removed and restarted again.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/6/2014
Scan Time: 2:39:11 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.06.08
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe's Servicenter
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 358078
Time Elapsed: 42 min, 26 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Trojan.Agent, C:\Windows\svchost.exe, 3864, , [38631d192b51191d9b995934719224dc]
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\L, , [3368360097e5bd7925afde22b44c2ad6],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U, , [1586171fb2ca999de3f25da3748cf50b],
Files: 7
Trojan.Agent, C:\Windows\svchost.exe, , [38631d192b51191d9b995934719224dc],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\L\00000004.@, , [3368360097e5bd7925afde22b44c2ad6],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\L\201d3dde, , [3368360097e5bd7925afde22b44c2ad6],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U\00000004.@, , [1586171fb2ca999de3f25da3748cf50b],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U\80000000.@, , [1586171fb2ca999de3f25da3748cf50b],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U\80000032.@, , [1586171fb2ca999de3f25da3748cf50b],
Backdoor.0Access, C:\Windows\Installer\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U\80000064.@, , [1586171fb2ca999de3f25da3748cf50b],
Physical Sectors: 3
Rootkit.Pihar.c.MBR, Physical Sector #42 on Drive #0, , [53343e92f0bca61cfa4e7b2c1f3cac06],
Rootkit.Pihar.c.MBR, Master Boot Record on Drive #0, , [f0fa67cbefe31582e8cebc9310f7e781],
Forged physical sector, Physical Sector #625141392 on Drive #0, , [0d1cbf0c62511c1e46f08a019c927215],

(end)

Layback Bear · 06 Nov 2014

Damn you sure are working with a mess.

Here is something else that I use to make sure things are clean.
The reason is no one program finds and fixes all problems.
Check the Blue box and just follow the instructions. It also takes some time.
It has always worked for me with out turning off my other security programs.

Free Virus Scan | Online Virus Scanner from ESET

Be advised that many Security Experts recommend a Clean Install after finding a rootkit.

All so note I'm not a security expert but the programs I recommend are ones I use and Jacee our security expert recommends often.

NoelDP · 06 Nov 2014

Layback Bear said:

Noel I'm not understanding you question in post #8.

There are almost certainly entries in Scheduled Tasks that have no business being there

Layback Bear · 06 Nov 2014

Okay we will have Joesservice take a look.
I never schedule anything on my systems so it just went over my head.

NoelDP · 06 Nov 2014

Layback Bear said:

Okay we will have Joesservice take a look.
I never schedule anything on my systems so it just went over my head.

Few people do - but I've noticed that over the past few months, malware will install a task to re-infest the system

Joesservice · 06 Nov 2014

I'm running the EST scan now. Its taking a while. My shift is over at 5 eastern time. I will let it run this evening and post my results in the morning.
Thanks guys so much!!! You both are more helpful than other sites I've found.

Layback Bear · 06 Nov 2014

You would think that the security scans would pick them up; but infections are tricky things.

The amount of infections and rootkit, backdoors, found is very troublesome.
Their is a very good chance the only way to be safe with this system is to do a clean install.
If it was a company computer I would be worried what data has already been compromised and sent to China or Russia.

Layback Bear · 06 Nov 2014

Noel is your helper. I just drop in now and again when he gets very busy and it is something I can give some guidance.

I don't know what information (data) this computer has had access to but I would be concerned that that data is compromised. If this computer was connected in anyway to your company domain or network their is even a bigger concern.

If you have a I.T. department I recommend that you inform them of this thread and the problems that have been found. These infection are very well capable of traveling to other computers that it has contact with.

These are very dangerous.

Rootkit.Pihar.c.MBR, Master Boot Record on Drive #0,

Backdoor.0Access, C:\Windows\Installer

Trojan.Agent, C:\Windows\svchost.exe, 3864

Joesservice · 07 Nov 2014

We are a small independent Auto Repair shop. None of the 4 computers are networked. No IT department. And none of the info on this computer gets sent anywhere by us. We do however do a lot of internet searching for car related problems or forums.
I ran the EST scan last night but when I came in this morning nothing was on the screen. I'm going to try and run it again.

Thanks again!!

Joesservice · 07 Nov 2014

The EST scan came back good. No results.
Windows is updating now. I don't know if fully fixed but least I can update Windows and hopefully will be able to update the other programs.