0

Hi all,

I have the update.exe problem. The message keeps popping up on startup and then periodically throughout my session. It slows my network. I have reviewed other threads and run my hijack log which is below.

could someone please take a look at the log and give me instructions of what to remove and how to do it.

Logfile of HijackThis v1.99.1
Scan saved at 18:43:11, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

5
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by jholland1964
0


Update.exe is a tough one. It can be associated with Windows XP or a Device.
You have a few devices you could try disabling one startup file at a time and restart each time to see if it stops. It might be a program associated with your Printer or Sony. Does it give you a path of where the update.exe is located?

0

Yeah, it is saving them all in temporary folders associated with \Local Settings and creating a sub folder each time the update.exe is displayed.

0

Hi, duckers, a few things to be rid of, but i cannot see the normal signs of update.exe....
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure...
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block all the text between the lines:

_____________________________________
Files to delete:
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
_____________________________________

...and click Done, and finally the green light.
Follow promps to reboot your machine.
The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
Please post that log file.
Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again.
GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the scan.
-click Apply all actions and then save the log file.
Post the log file of AVG, Avenger and a fresh hijackthis log.

Edited by mike_2000_17: Fixed formatting

0

Duckers200

Temp Folder and Local settings still doesn't give alot of information regarding what program or device it is associated with. You could try to right click on the update.exe file and choose properties. It might give you an idea of who is providing it and what device or software it is associated with.

Question to ask yourself is have you added any new software ie games, devices etc...
If so try removing and reinstalling it.

I agree with gerbil. Gerbil suggested to clean out your Temp files. So you might want to run it though a disk clean up after it is resolved since it keeps installing a new update file.

Make sure you clean out your Temp Files with Disk clean up.

If you can not recall what items you have installed recently to help find the manufacture to help you repair the corrupted update.exe file try disabling your startup files.

Go to Start, Run and type MSCONFIG
Click on the startup tab. You can choose disable all or you can click one at a time and restart each time to see if you get the error.
If you uncheck each startup item one at a time it will tell you what program it is associated with in the path showing under the path column in startup. Then you can call the manufacture to update the update.exe file.
I wonder if it is your Antivirus. They tend to want to update right at startup. Might also want to run your updates for your Antivirus and check your windows updates to make sure everything is installed first.

Just to let you know disabling startup items means that if you have a camera with a Sync you have to manually start the software before the sync will work. Basically the software will be turned off until you go to your start menu to activate or click on the printer icon and choose print. WARNING: It may disable your Antivirus and or Firewall.

It may be a windows automatic update trying to install and a program in your startup is causing it to stop installing.

Let me know if you have any questions.

RueB 2s De

0

please help me anyone with concern :(
im having a trouble on the startup of my computer.. after the welcome screen, the background of my desktop appears but not the icons, and there's a popup window that appears and says "setting up your personalize setting : C:\directory\CyberGate\windowsupdate\update.exe"..
i just wanted to get help on how to get rid of it.. coz i really having trouble with that... everytime it appears.. my computer freezes upto 5mins.
please help..
thnx for any suggestions and helps..
you can reply me here :(email address removed by jholland1964)

Edited by jholland1964: removed email address

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.