Jump to content


Photo

Can't download MS update


  • Please log in to reply
7 replies to this topic

#1 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 May 2004 - 05:44 AM

It starts with the "about:blank" address on MSIE. I check out FAQ, follow the instructions and manage to get rid of the symptom and the spyware (I think). CWShredder removes CWS.Searchx. SpyBot picks up something re Goindirect in the register but is unable to remove it even during start up. I have to manually remove it from the registry. Subsequent scan returns clean report.

The browser seems to be OK but I am unable to apply the latest MS update. The PC just reboots itself when I try to do that. It also reboots itself when I try to get update for SpyBot. I get the following message when I try to download CWShredder and HihackThis. (I have to download it at work and put it on floppy.)


tasd.dll
This dll could not load for one or more of the following reasons:
1) missing.
2) incorrect version.
3) unknown loader error.

It looks like something is still in the system. It really worries me as I can't get the MS update. Could someone please help???

#2 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 26 May 2004 - 07:58 AM

See if you can download this:
http://freeatlast.10...om/Find-All.zip

Unzip, DoubleClick 'Find-All.cmd', follow
instructions and post the log!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#3 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 May 2004 - 08:14 AM

When I click on the link a message box with the following details appears.

tasd.dll

This dll could not load for one or more of the following reasons:
1) missing.
2) incorrect version.
3) unknown loader error.

A blank IE screen (no address & no content) appears on top of the message box. Nothing happens after that.

#4 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 26 May 2004 - 08:23 AM

Well, we can't see your system configurations w/o any logs.
Which os are you running?

Try to download it to a floppy and run locally later, *For 2K/XP only*!

This:
tasd.dll

Is unknown file.
Have you made any attempts to search for it?

Edited by freeatlast, 26 May 2004 - 08:30 AM.

Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#5 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 May 2004 - 05:41 AM

I've been checking my email religiously without realising there is no email notification of subsequent reply and I've been trying to be patient...

My fault - there is a typo . The concerned dll should be tsad.dll, not tasd.dll.

The good news is I've managed to run the program and here is the log:

--==***@@@ 'FIND-ALL' »»*Original*»» VERSION 8.7 -5/30 @@@***==--


Mon May 31 20:38:47 2004 -- ++Results:
»»System Info:

Microsoft Windows 2000 [Version 5.00.2195]
'Find-All' is running from Drive:
C: "" (38CA:2780) - FS:NTFS clusters:4k
Total: 46 110 883 840 [43G] - Free: 23 927 250 944 [22G]


»»IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
--a-- W32i APP ENU 6.0.2800.1106 shp 91,136 08-30-2002 iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q824145;Q330994;Q837009;Q832894;Q831167;

»»Google:
2.0.111.0 C:\Program Files\google\googletoolbar1.dll
-ra-- W32i DLL ENU 2.0.111.0 shp 741,376 05-04-2004 googletoolbar1.dll

»»UserAgent:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


»»Wmplayer version:
6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe
--a-- W32i APP ENU 6.4.9.1125 shp 4,639 06-19-2003 mplayer2.exe

»»M$Java version:
5.0.3810.0 C:\WINNT\System32\msjava.dll
--a-- W32i DLL ENU 5.0.3810.0 shp 947,472 02-28-2003 msjava.dll

»»NotePad(s) version(s)... added Tnx to shadoWWWW ;)
5.0.2140.1 C:\WINNT\notepad.exe
--a-- W32i APP ENU 5.0.2140.1 shp 50,960 12-07-1999 notepad.exe
5.0.2140.1 C:\WINNT\System32\notepad.exe
--a-- W32i APP ENU 5.0.2140.1 shp 50,960 12-07-1999 notepad.exe


»»PC uptime:
8:38pm up 0 days, 2:08

»»Locked or 'Suspect' file(s) found...


»»Tasks (services):
0 System Process
8 System
152 SMSS.EXE
180 CSRSS.EXE Title:
200 WINLOGON.EXE Title: NetDDE Agent
228 SERVICES.EXE Svcs: Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation,LmHosts,M
ssenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,Wmi
240 LSASS.EXE Svcs: PolicyAgent,SamSs
500 svchost.exe Svcs: RpcSs
528 spoolsv.exe Svcs: Spooler
556 CCEVTMGR.EXE Svcs: ccEvtMgr
572 NISUM.EXE Svcs: NISUM
708 CCPXYSVC.EXE Svcs: ccPxySvc
720 Ctsvccda.exe Svcs: Creative Service for CDROM Access
748 SAgent2.exe Svcs: EPSONStatusAgent2
764 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasAuto,RasMan,RemoteAccess,SENS,SharedAccess,TapiSrv
800 mdm.exe Svcs: MDM
864 mnmsrvc.exe Svcs: mnmsrvc
920 sqlservr.exe Svcs: MSSQLSERVER
1016 NAVAPSVC.EXE Svcs: navapsvc
1072 regsvc.exe Svcs: RemoteRegistry
1116 mstask.exe Svcs: Schedule
1176 WinMgmt.exe Svcs: WinMgmt
1236 mspmspsv.exe Svcs: WMDM PMSP Service
1516 explorer.exe Title: Program Manager
1152 anvshell.exe Title:
1288 EM_EXEC.EXE Title: Logitech E/M Executive
1412 CTNotify.exe Title: Disc Detector
1660 iTouch.exe Title:
1684 Mediadet.exe Title: Dialog
1692 InCD.exe Title: InCD
1736 ccApp.exe Title:
1796 realsched.exe Title: Notification Wnd for RNAdmin
1824 internat.exe Title:
1668 tsystray.exe Title: Notification Wnd for PNSetupMgr
1816 QuickDCF.exe Title: TrayIconHandler
1828 ImageFox.exe Title: ImageFox
1800 sqlmangr.exe Title: SQL Server Service Manager
700 OUTLOOK.EXE Title: Inbox - Microsoft Outlook
1248 IEXPLORE.EXE Title: Cannot find server - Microsoft Internet Explorer
1988 WINWORD.EXE Title: Microsoft Word
1904 IEXPLORE.EXE Title: SWI Forums -> Can't download MS update - Microsoft Internet Explorer
1360 CMD.EXE Title: C:\WINNT\system32\cmd.exe
624 NTVDM.EXE
848 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2614DA1-D197-11d3-9765-ED762A928249}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM




»»Size of 'Windows' key: (Defaults *450)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs

»»Group/user settings:


User: [MASTER\Louisa Lai], is a member of:

BUILTIN\Administrators
MASTER\Debugger Users
\Everyone

User is a member of group MASTER\None.
User is a member of group \Everyone.
User is a member of group MASTER\Debugger Users.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.

»»ACLs list:
C:\junkxxx Everyone:(OI)(CI)F

ERROR: There are no more files.


»»Contents of file(s) in 'junkxxx' folder:

»»Md5sums

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+
Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/


0 bytes, 0 ms = 0.00 MB/sec
------
»»Rehash:

Mon May 31 20:39:13 2004 -- ++Find-All backups created:
A C:\CWS\Spyware\winBackup.hiv
A C:\CWS\Spyware\windows.txt
A C:\FindallwinBackup.hiv
A C:\findallappinit.reg

***Next Registry run should open this key directly:

! REG.EXE VERSION 2.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



#6 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 June 2004 - 09:50 PM

BUMP.

Would someone help with this please???

#7 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 09 June 2004 - 04:11 AM

BUMP.

The PC reboots itself when I download PDF files as well.

#8 louisa

louisa

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 June 2004 - 07:35 AM

BUMP

It's been 4 weeks since I post the log. Could someone respond to this, please? (Even to tell me it can't be fixed...)

I understand there are a lot of new queries and not enough people. I am getting a bit desperate as my PC reboots so many times every night.

Thanks
Louisa




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button