 |  |  |  |  |  |  |  |
Help with Update.exe
 |
Hi all,
I have the update.exe problem. The message keeps popping up on startup and then periodically throughout my session. It slows my network. I have reviewed other threads and run my hijack log which is below.
could someone please take a look at the log and give me instructions of what to remove and how to do it.
Logfile of HijackThis v1.99.1
Scan saved at 18:43:11, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
I have the update.exe problem. The message keeps popping up on startup and then periodically throughout my session. It slows my network. I have reviewed other threads and run my hijack log which is below.
could someone please take a look at the log and give me instructions of what to remove and how to do it.
Logfile of HijackThis v1.99.1
Scan saved at 18:43:11, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Update.exe is a tough one. It can be associated with Windows XP or a Device.
You have a few devices you could try disabling one startup file at a time and restart each time to see if it stops. It might be a program associated with your Printer or Sony. Does it give you a path of where the update.exe is located?
Yeah, it is saving them all in temporary folders associated with \Local Settings and creating a sub folder each time the update.exe is displayed.
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Hi, duckers, a few things to be rid of, but i cannot see the normal signs of update.exe....
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure...
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block all the text between the lines:-
_____________________________________
Files to delete:
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
_____________________________________
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
Please post that log file.
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again.
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the scan.
-click Apply all actions and then save the log file.
Post the log file of AVG, Avenger and a fresh hijackthis log.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure...
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block all the text between the lines:-
_____________________________________
Files to delete:
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
_____________________________________
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
Please post that log file.
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again.
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the scan.
-click Apply all actions and then save the log file.
Post the log file of AVG, Avenger and a fresh hijackthis log.
Deep, deep in the woods, but walking about.
Duckers200
Temp Folder and Local settings still doesn't give alot of information regarding what program or device it is associated with. You could try to right click on the update.exe file and choose properties. It might give you an idea of who is providing it and what device or software it is associated with.
Question to ask yourself is have you added any new software ie games, devices etc...
If so try removing and reinstalling it.
I agree with gerbil. Gerbil suggested to clean out your Temp files. So you might want to run it though a disk clean up after it is resolved since it keeps installing a new update file.
Make sure you clean out your Temp Files with Disk clean up.
If you can not recall what items you have installed recently to help find the manufacture to help you repair the corrupted update.exe file try disabling your startup files.
Go to Start, Run and type MSCONFIG
Click on the startup tab. You can choose disable all or you can click one at a time and restart each time to see if you get the error.
If you uncheck each startup item one at a time it will tell you what program it is associated with in the path showing under the path column in startup. Then you can call the manufacture to update the update.exe file.
I wonder if it is your Antivirus. They tend to want to update right at startup. Might also want to run your updates for your Antivirus and check your windows updates to make sure everything is installed first.
Just to let you know disabling startup items means that if you have a camera with a Sync you have to manually start the software before the sync will work. Basically the software will be turned off until you go to your start menu to activate or click on the printer icon and choose print. WARNING: It may disable your Antivirus and or Firewall.
It may be a windows automatic update trying to install and a program in your startup is causing it to stop installing.
Let me know if you have any questions.
RueB 2s De
Temp Folder and Local settings still doesn't give alot of information regarding what program or device it is associated with. You could try to right click on the update.exe file and choose properties. It might give you an idea of who is providing it and what device or software it is associated with.
Question to ask yourself is have you added any new software ie games, devices etc...
If so try removing and reinstalling it.
I agree with gerbil. Gerbil suggested to clean out your Temp files. So you might want to run it though a disk clean up after it is resolved since it keeps installing a new update file.
Make sure you clean out your Temp Files with Disk clean up.
If you can not recall what items you have installed recently to help find the manufacture to help you repair the corrupted update.exe file try disabling your startup files.
Go to Start, Run and type MSCONFIG
Click on the startup tab. You can choose disable all or you can click one at a time and restart each time to see if you get the error.
If you uncheck each startup item one at a time it will tell you what program it is associated with in the path showing under the path column in startup. Then you can call the manufacture to update the update.exe file.
I wonder if it is your Antivirus. They tend to want to update right at startup. Might also want to run your updates for your Antivirus and check your windows updates to make sure everything is installed first.
Just to let you know disabling startup items means that if you have a camera with a Sync you have to manually start the software before the sync will work. Basically the software will be turned off until you go to your start menu to activate or click on the printer icon and choose print. WARNING: It may disable your Antivirus and or Firewall.
It may be a windows automatic update trying to install and a program in your startup is causing it to stop installing.
Let me know if you have any questions.
RueB 2s De
|
Similar Threads
- I need help removing Update.exe Spyware/Adware (Viruses, Spyware and other Nasties)
- high cpu usage due to update.exe (Viruses, Spyware and other Nasties)
- Pls pls help Update.exe what is this? (Viruses, Spyware and other Nasties)
- Update.exe question (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: How many Anti-spywares should one install?
- Next Thread: System alert pop-ups
Views: 3169 | Replies: 4
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet china combofix commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia email europe explorer facebook fake fancheckvirus gaming google gtaiv gumblar hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news norton obama panel parents pc phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability warning web windows worm zero-day
