Windows Update Won't Run

Hello. I had a PC that had viruses on it, but I got them all removed. The only issue with the PC is that it will not do windows updates. After some research I found out that the Background Intelligent Transfer Service (BITS) will not start. I ran a program that will determine if files are missing. It did find 3 .dll files missing, so I ran a sfc /scannow. After that, the .dlls were still missing, so I manually downloaded them. Now my scan shows that all needed files are there, but it still wont start. I'm trying to figure out if there is anything else I can do before I reformat and reinstall this.

I have ran windows repair, chkdsk, sfc /scannow, nothing is working.

Thanks in advance.
cschutte21Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
johnb6767Connect With a Mentor Commented:
You really dont want to have them install a service pack with the potential of virus/rootkit, do you? Even MS suggests to perform the install on a clean system.....
0
 
Michael-BestCommented:
0
 
johnb6767Commented:
There is a few rootkits that uses restrictions in a hidden key in HKLM\Software

RootRepeal - RootRepeal - Rootkit Detector
http://rootrepeal.googlepages.com/

Under each tab, hit the Scan button, and see if you get any RED files/services/processes/drivers in the list, or just look for the summary, for any hidden files/services/processes/drivers in the lower left hand corner.....

Also.....

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

Attach/paste the contents of c:\reg.txt please....
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
souseranCommented:
You shouldn't have to download .dll files.

I'd recommend you download Dial-a-Fix.

http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Check the boxes next to the following:

Fix Windows Installer
Fix Windows Update
Select everything in the Registration center

Click the GO button.

When that's finished, put your OS media in your drive, and in Dial-a-Fix, click the Hammer icon at the bottom. From the new menu, first, select SFC purge. After that has completed, select SFC scan. Once that completes, remove the OS media and reboot your system.

Report back.
0
 
bigpadhakooCommented:
it is possible your system is infected with thr latest worm conflicker also known as downadup or aprilfools virus. go to http://www.confickerworkinggroup.org/infection_test/cfeyechart.html to check if you are infected or not. removing instructions are here http://www.confickerworkinggroup.org/wiki/ 

if you are not infected Simply go to windows update site and check if your updating engine is perfect or not and also re installation of update engine. you may also get some patches from there to run windows update perfectly.
0
 
tonyteriCommented:
have you tried doing a system restore backa  few weeks?  

/TT
0
 
cschutte21Author Commented:
Souseran, I tried yours first but I had no luck. I am now trying johnb6767's response. And bigpadhakoo's response came back clean.
0
 
bigpadhakooCommented:
allright, which tool you used for virus cleaning ? i recommend to run a scan from spyware doctor it's starter edition is free and can be downloaded from google at http://pack.google.com/intl/en/pack_installer.html
if it doesn't work then you are left with one solid option to repair your operating system with your windows CD. this will definately fix by replacing missing files and relinking registery entries. if issue doesn't fixed then we'll move to advanced level fixes. Just download Hijackthis by Trendmicro from http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to create a indepth logfile of your system and post here. Good Luck !!
0
 
cschutte21Author Commented:
Here are a few logs...
hijackthis.log
report.txt
0
 
cschutte21Author Commented:
bigpadhakoo, I have ran Malwarebytes, ComboFix, Hijack This,  and I currently have AVG installed.
0
 
johnb6767Commented:
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\drivers\a1dca2b8.sys

Hidden Services
-------------------
Service Name: a1dca2b8
Image Path: C:\WINDOWS\System32\drivers\a1dca2b8.sys

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a1dca2b8 in the registry. Does it exist?

Can you give me the following output please?

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

There is probably a hidden key called HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8
or
HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8.sys

I want to verify something before going any further....

Also, is this PC on a network with any others?




0
 
bigpadhakooCommented:
go to microsoft and download service pack 3, this is important coz sp2 is heavily vulnerable. service pack will install every single security patch till release and don't worry it's graduated a year before to assure you stability. there are suspected entries in your log files. sp3 upgrade will fix the issue instead you can use this also.
1. type msconfig in your run command dialog box
2. in startup tab select disable all, someantivirus or security softwares may still continue check their manual to disable them.
3. restart and update your pc.
4. if didn't work run your pc in safemode by pressing f8 after bootscreen prompt
5. update your pc
6. again run step 1 and this time enable all
7. check for updates, if fails disable suspected entries or check yourself by running or stopping services one by one.

if this didn't work thrn you have to upgrade to SP3 for further fix.

Good Luck !!
0
 
bigpadhakooCommented:
as according to technet information sp3 first checks with mailicious software removal tool and also replace all trusted system files in order to a successful install. with this the previous entries in registery becomes broken and remains as garbage which can be fixed by any general reg cleaner
0
 
johnb6767Commented:
"sp3 first checks with mailicious software removal tool"

I can honestly say I have never found an  infection with the MRT...... And I have recently run a side by side comparison of about 4 major Spyware cleaners, and MRT/Windows defender reported systems were clean, and SuperAntiSpyware/Malware Bytes found Rootkits and Trojans.....

The MRT is not sufficient to determine if the PC is clean or not, as it only has a limited scope of what it is designed to detect. An yes, it will replace all trusted files, but even that is not 100%, as most of those files have modules loaded into memory that protect them from being renamed/replaced/deleted.

It just is not a wise decision to run an SP install, ESPECAILLY with the potential for a Rootkit to be on the machine, as it will definately not cure it......
0
 
johnb6767Commented:
cschutte21, can you please respond to my last questions, so we can continue to assist?
0
 
bigpadhakooCommented:
I completely agree that MRT is useless for rootkits and based to detect and paralyze illegal copies of windows but sp3 contains most of the stable security patches that are helpful in detecting rootkit infections more easily than to mess with 100's of entries manually with older releases.  a single scan of spyware doctor starter edition is capable of doing this more easily and it is distributed free by google. btw we always have a open alternative to spend hours with the in depth structure which is not a healthy choice for fast running trends. consider it just a opinion rather than a suggestion.
0
 
cschutte21Author Commented:
I ended up reinstalling the PC. Nothing was working, and the customer was getting a little impatient. After that, it worked great. Thanks for all your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.