Jump to content


Photo

Windows 7 - Can't install SP1


  • This topic is locked This topic is locked
25 replies to this topic

#1 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 11:51 AM

If anyone has some time, I'd appreciate a fresh perspective on this problem. Let me stress though, it's not an emergency.

A little history. Back in October of 2012 my wife informed me that she had pop-ups and other nasties on her machine. At that time I didn't know about Spywareinfoforum, so I went to Bleeping Computer and after much work, the logs finally came back clean. However, the machine would not update to SP1. I've tried quite a few ideas from BP and ideas of my own, but to no avail. The most recent idea was to download the SP1 as an ISO and do a stand alone update. But, that didn't work either. If you'd like to read the history, here the link to my most recent request there, and here is the link to the malware removal effort of last October.

I'm starting to think that perhaps the malware might have corrupted something in the OS and the cure might be in a re-install. If that's the case, we're willing to live with the problem. I've been itching to upgrade one of our machines to Windows 8 (when it becomes available) anyway, so this just might be the push I need.

Thanks in advance for any and all ideas and comments.

Hawkeye53

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 February 2012 - 01:20 PM

I've moved your topic to PC Troubleshooting. Please read the Instructions and post the requested logs. We need the information in order to help you.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 01:28 PM

Thanks cmn! Logs are on there way.

#4 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 01:33 PM

Here are the logs.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Maureen :: MAUREEN-PC [administrator]

2/11/2012 12:54:01 PM
mbam-log-2012-02-11 (12-54-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200315
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Maureen at 13:22:51 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1625 [GMT -5:00]
.
AV: CA Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: CA Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\SftService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DC0250D-C1B8-484E-9733-CED923BC9E8F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DC0250D-C1B8-484E-9733-CED923BC9E8F}\841677B637 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\windows\system32\UmxSbxExw.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maureen\appdata\roaming\mozilla\firefox\profiles\9jxvqv3n.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80126&language=en&qkw=
FF - component: c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\maureen\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\maureen\appdata\roaming\mozilla\firefox\profiles\9jxvqv3n.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-5-10 164944]
R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-10-18 107088]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-9 64512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-7-29 63056]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2011-7-28 66128]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/13 12:30:42];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-11-13 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2009-11-13 81920]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2008-12-10 24636]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-10-17 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-10-17 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-10-17 206160]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2009-6-10 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-6-22 189680]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-10-18 152656]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-7-29 82000]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-14 648432]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-14 143968]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-18 135664]
S2 UmxAgent;HIPS Event Manager;"c:\program files\ca\sharedcomponents\hipsengine\umxagent.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [?]
S2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\umxcfg.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [?]
S2 UmxPol;HIPS Policy Manager;"c:\program files\ca\sharedcomponents\hipsengine\umxpol.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-18 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-29 1343400]
.
=============== Created Last 30 ================
.
2012-02-11 17:49:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 17:49:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 16:16:04 -------- d-----w- c:\windows\system32\SPReview
2012-02-11 15:56:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{140d1eac-1579-4a51-9fa3-c01c6b02ebf4}\offreg.dll
2012-02-11 15:39:25 -------- d-----w- c:\program files\Service Pack Trial
2012-02-10 16:33:40 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{140d1eac-1579-4a51-9fa3-c01c6b02ebf4}\mpengine.dll
2012-02-02 21:14:32 -------- dc----w- c:\users\maureen\appdata\local\MigWiz
2012-01-31 16:39:30 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 16:39:29 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 16:39:28 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 16:39:28 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 16:39:28 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 16:39:28 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-31 16:39:28 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 16:39:28 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 16:39:28 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 16:39:28 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
.
==================== Find3M ====================
.
2012-02-11 17:45:23 730924 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-11 16:28:14 152064 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-09 14:31:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:06:13 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:41:38 1288984 ----a-w- c:\windows\system32\ntdll.dll
.
============= FINISH: 13:25:20.39 ===============

Results of screen317's Security Check version 0.99.31
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
CA Anti-Virus Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Out of date HijackThis installed!
HijackThis 1.99.1
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (3.6.26) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
CA CA Internet Security Suite CA Anti-Virus Plus caamsvc.exe
CA CA Internet Security Suite CA Anti-Virus Plus isafe.exe
``````````End of Log````````````

Again, many thanks!!

#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 February 2012 - 02:07 PM

Please do these important security updates:
Update Firefox. Current version is 10.
Update Adobe Flash Player
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#6 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 02:22 PM

Complete

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 February 2012 - 03:33 PM

I think you have already tried this Fixit? http://support.microsoft.com/kb/906602

Please run the System Update Readiness Tool

After that:
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 07:16 PM

Here's the MiniToolBox log.

Thanks so much for spending your time on this!


MiniToolBox by Farbar Version: 18-01-2012
Ran by Maureen (administrator) on 11-02-2012 at 19:13:33
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 02 C:\Windows\system32\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 06:54:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/11/2012 06:54:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.

Error: (02/11/2012 06:47:12 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (02/11/2012 06:47:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2012 05:04:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/11/2012 05:03:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/11/2012 05:00:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/11/2012 00:53:18 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 119c

Start Time: 01cce8e5a33af51b

Termination Time: 13509

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 39c72078-54d9-11e1-9fbb-00256441dd1d

Error: (02/11/2012 00:45:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: Maureen)Maureen
Description: Installing the performance counter strings for service Outlook (Outlook) failed. The first DWORD in the Data section contains the error code.

Error: (02/11/2012 00:45:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: Maureen)Maureen
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (02/11/2012 06:47:16 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/11/2012 06:46:46 PM) (Source: Service Control Manager) (User: )
Description: The HIPS Event Manager service depends on the HIPS Policy Manager service which failed to start because of the following error:
%%1068

Error: (02/11/2012 06:46:46 PM) (Source: Service Control Manager) (User: )
Description: The HIPS Policy Manager service depends on the HIPS Configuration Interpreter service which failed to start because of the following error:
%%2

Error: (02/11/2012 06:46:46 PM) (Source: Service Control Manager) (User: )
Description: The HIPS Firewall Helper service failed to start due to the following error:
%%2

Error: (02/11/2012 06:46:46 PM) (Source: Service Control Manager) (User: )
Description: The HIPS Configuration Interpreter service failed to start due to the following error:
%%2

Error: (02/11/2012 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The HIPS Event Manager service depends on the HIPS Policy Manager service which failed to start because of the following error:
%%1068

Error: (02/11/2012 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The HIPS Policy Manager service depends on the HIPS Configuration Interpreter service which failed to start because of the following error:
%%2

Error: (02/11/2012 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The HIPS Firewall Helper service failed to start due to the following error:
%%2

Error: (02/11/2012 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The HIPS Configuration Interpreter service failed to start due to the following error:
%%2

Error: (02/11/2012 11:41:09 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}


Microsoft Office Sessions:
=========================
Error: (02/10/2012 11:24:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 110 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/08/2012 03:29:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 99 seconds with 60 seconds of active time. This session ended with a crash.

Error: (01/05/2012 10:30:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 102 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/14/2011 10:30:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51 seconds with 0 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3034.36 MB
Available physical RAM: 1582.16 MB
Total Pagefile: 6067 MB
Available Pagefile: 4427.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.79 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:162.66 GB) NTFS

========================= Users: ========================================

User accounts for \\MAUREEN-PC

Administrator Guest Maureen
RA Media Server

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Edited by Hawkeye53, 11 February 2012 - 07:19 PM.


#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 February 2012 - 08:55 PM

Did the System Update Readiness Tool give you any error message? Did it enable you to install SP 1?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 11 February 2012 - 09:16 PM

That's what's odd. The System Update Readiness Tool (which I think is SP1, right?) indicates that it completed successfully and indicated as much, but when I look at System in Control Panel, it doesn't indicate SP1 (like I'm used to with XP) . And, Automatic Update still wants to install the SP1 update and when I let it, it grinds as usual, but ultimately indicates failure.

#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 February 2012 - 11:26 PM

No, it is not SP 1 afik.

See http://windows.micro...tallwindows7sp1 and determine whether you might already have SP 1.

What happens when you do this?
Disable all your CA protections: antivirus and firewall
Go to Control Panel > System and Security.
Under Windows Update, click 'Turn automatic updating on or off' and make sure it is set to Install updates automatically.
Then click Windows Update.

If that doesn't work you can download SP 1 directly from Download Center. The one you want is windows6.1-KB976932-X86.exe, the bottom one. However Microsoft recommends using the Windows Update if at all possible. Again it is advisable to turn off all protections while installing.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 12 February 2012 - 09:14 AM

cnm,

When I follow the link and perform the instructions the computer indicates that it has NOT been upgraded to SP1. I could paste a screen print, but it does have my full license key on the screen and I'd not want that any more exposed that it usually is. I'd feel comfortable PM-ing to you if you'd like to see it.

It isn't necessary to turn Automatic Updates on and off, the machine always wants to try the update. But, to be sure, I did as you indicated and the system immediately began the SP1 update. And, as before, it gets to Configuring 99% when it fails and indicates Failure configuring Service Pack. Reverting Changes. Do not turn off your computer.

Your next recommendation is to do a stand alone update. I did do one yesterday with an ISO version and not an .exe, and it failed in the usual way. However, once the computer has reverted the changes I'll try the .exe. Even if it fails, at least we'll know we tried all the possibilities.

Another idea, to your knowledge is there a detailed log of the failed SP install that might tell us specifically what failed? I can see the Automatic Update log, but that is little more than date & time of the failed or successful install. I can see no detailed information in that area.


When the SP finally finished it issued an error message. It had not done that before. Error: ERROR_ACCESS_DEENIED (0x80070005) and the suggestion for that error are pointing me toward the stand alone .exe installation. I'll let you know how that goes.

Edited by Hawkeye53, 12 February 2012 - 09:58 AM.


#13 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 12 February 2012 - 11:07 AM

cnm,

Ok the .exe stand alone install failed too. I've been chasing that error number (above), but it leads to a lot of sites that want one to install programs with spyware, junkware, etc.

One additional thing that just bubbled up in my memory. Originally this was a Vista machine. We purchased the Window 7 upgrade at the same time as the machine. The upgrade became available around 3 months after the purchase, and we upgraded then. So I wonder if this is a true Windows 7 machine or a hybrid Vista and Windows 7. And, if that plays into any of this?

Edited by Hawkeye53, 12 February 2012 - 11:46 AM.


#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 12 February 2012 - 12:26 PM

I think it's unlikely the previous Vista would matter if you followed http://windows.micro...ta-to-windows-7 and Upgrade Advisor.

Here are various things to try for your exact problem: http://answers.micro...0e-5a47d60aa2a8
We haven't tried this:

Try Renamng the 'Software Distribution folder':
Click the Start Menu and enter: %windir% then press 'OK'
Next: Locate the SoftwareDistribution folder
Right click on the 'SoftwareDistribution' folder and then select the 'Rename' option.
Rename the folder to: SoftwareDistributionOld and press the 'ENTER' key.
Windows will create a new 'SoftwareDistribution' folder when needed.

Please try that and see if it works.
Disable CA Internet Security Suite CA Anti-Virus Plus while attempting update.

If that doesn't solve the problem, note this success:

i had to reset to factory settings, which reset all the system updates done to the laptop, then when i tried installing IE 9 and Windows 7 service pack 1 they both succeeded without issues. Guess the whole problem the entire time was a faulty update

It seems possible that uninstalling the last few updates might work.
Control Panel > Programs > Uninstall or change a program. On the left, click 'View installed updates'. They are shown in reverse date order, most recent first.
Under 'Microsoft Windows' select most recent and click Uninstall. You have to do it one at a time.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 12 February 2012 - 04:52 PM

Just by way of update....

1/2 way through first suggestion and no success. However, some learning that might come in handy down the road. First, one doesn't easily rename the SoftwareDistribution directory. At least not on this computer. Several files are "in use". After some testing I found that there are two log files and a another file called datastore.edb that are always in use. The logs are not verbose, merely date and time stamps and whether the update was successful of not. I tried stopping a lot of different services and processes trying to find what had these files open, but never did figure that out. Finally a boot to safe made allowed the folder to be renamed.

Next, I was never particularly enamored or CA, it was just a product provided at no charge by my ISP. So, I removed CA with the intention of replacing it with Microsoft Security Essentials. I figured maybe CA was at the root of these SP1 problems. So, with CA removed and the SoftwareDistribution folder renamed, I tried the update. Just as before, the update wouldn't finish. So, I decided to load MSE and...drum roll...it won't load either! Error code 0x80070643.

I'm going to work through the remainder of your suggestion (i.e. reset to Factory Settings) and see what I get.

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 12 February 2012 - 05:26 PM

This just in! Suggestion from Dragonslore.

I see something that appears very familiar and which I myself have had to deal with on a neighbor's system.

Both Windows Vista and Windows 7 on certain systems are known to suffer from this problem.

This can happen when trying to install any of the Service packs and there is no chip on the motherboard which is required for use with BitLocker. The problem here being that BitLocker is "Not" present, so the service pack only gets so far, then fails and rolls back because of this.

It took me well over a year or more to find this solution as it never came up in searches until recently.

The following article should explain what needs to be done, just make changes as needed for Windows 7 and Service Pack 1.

http://www.microsoft...&displaylang=en


Before you do that please make a System Restore Point.
And I would like you to download ERUNT from http://www.softpedia...k/Erunt-g.shtml
Install it and backup your registry to C:/Windows/erdnt

Then download and run Windows6.0-KB948465-X86.exe from http://www.microsoft...ng=en&id=16468.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 12 February 2012 - 05:42 PM

Ahh,,,I like the sound of this. Pulling out updates one by one is even less exciting than watching paint dry ;)

Ok, it might not get done tonight, but tomorrow for sure. cnm, thanks so much for your time and effort on this!! As a partial pay back, add on a few more years of service for me as a malware fighter once I learn enough to be useful. Thanks to Dragonslore too!!

#18 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 13 February 2012 - 08:27 PM

The following article should explain what needs to be done, just make changes as needed for Windows 7 and Service Pack 1.

http://www.microsoft...&displaylang=en

This link is just the location of the SP's. I can't find an article there. I tried searching for articles on BitLocker, but can't find anything.

Then download and run Windows6.0-KB948465-X86.exe from http://www.microsoft...ng=en&id=16468.

Since I wasn't able to find article and do whatever I was supposed to do there, I didn't download again. We've already tried it more than a few times.

#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 13 February 2012 - 08:52 PM

The link gives you a DOWNLOAD button for Windows6.0-KB948465-X86.exe.
This is a fix for KB948465. We have not done that yet. Please just pay no attention to the fact that it says it is SP 2 for Vista, which you do not have. Dragonslore says it will fix the update hang. (I'm guessing that Vista didn't get the SP 2 before it was upgraded to Win 7, so we must supply it now.)
If you have backed up Registry and made a Restore Point I would like you to try it.

Just download and run to install it.
http://www.microsoft...ang=en&id=16468

Instructions
To start the download, click the Download button and then do one of the following, or select another language from Change Language and then click Change.
Click Run to start the installation immediately.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 18 February 2012 - 10:32 AM

Hi cnm,

Just had a chance to try Dragonslore's fix and no go. I sure appreciate your effort and Dragonslore's too! I need to move on other stuff, so this computer is going to have to exist sans service pack.

Again, thank you!!

Hawkeye53

#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 18 February 2012 - 01:38 PM

OK, one last attempt.

With Explorer go to Windows\System32\cmd.exe. Right-click 'cmd.exe'and 'Run as Administrator'.

In the command window enter
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT"
Please let me know the result - error message? success?

If success try for SP 1 one last time.

If you must do without SP 1, be very cautious when browsing as you have unpatched vulnerabilities.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#22 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 18 February 2012 - 04:41 PM

Unfortunately, same results.

No problem running as Admin. No problem deleting the key. No problem downloading the SP. The SP appears to run and finish. Then it wants to go through Configuring Windows or text similar to that. When it gets to 99% it says "failed to configure windows updates reverting changes". So, then it takes about 15 minutes to revert and eventually the machine reboots.

Now this time we've got something new! The machine seems to be rebuilding the registry. It's counting through each registry update operation. i.e. applying update operation * of 69424 to Registry (and the registry path). Then it jumps back to "Failure configuring...".

Finally, the tiny window...Installation was not successful". There's a lot more text, but that's pretty much it.

I've been looking too at the other suggestions on the web and MS and they all want me to do an OS rebuild, but it won't go on this machine. Since it started life as a Vista machine it wants the Vista disk. If you put that in it works for awhile and then wants the Windows 7 disk. When you put that in, it crabs that the Win7 disk isn't compatible with the OS.

#23 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 18 February 2012 - 05:25 PM

It does sound like a little bit of progress.
Do this so-called clean boot:

Click the Start button, type msconfig in the search box, and then click msconfig.exe. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
On the General tab, click Selective startup, and then clear the Load startup items check box.

Click Services, click Hide all Microsoft services, and then click Disable all.

Click OK, and then click Restart.

Open Windows Update by clicking the Start button . In the search box, type Update, and then, in the list of results, click Windows Update.

In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

If any updates are found, click Install updates but only install one at a time. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Once updates are installed, restart your computer. Click the Start button, type msconfig in the search box, and then click msconfig.exe. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.



But it could be that you will have to format and install Windows 7 from scratch.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#24 Hawkeye53

Hawkeye53

    Member

  • Helper Trainee
  • Pip
  • 31 posts

Posted 24 February 2012 - 03:17 PM

Just had a chance to try this and it failed in the usual way. I sure appreciate your help!!

I agree, about the only thing left is a re-install, but it won't go with this system. Since it started it's life as a Vista machine, I have that disk and the Win 7 upgrade disk. Simply put, neither will work. I think I'll just wait for Windows 8.

#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 24 February 2012 - 08:37 PM

Might as well try the System File Checker, although I doubt that it will find anything amiss. http://pcsupport.abo...sfc-scannow.htm

Start > Run, enter 'cmd.exe'.
At the command prompt, enter 'sfc /scannow' (space after 'sfc').

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#26 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,222 posts

Posted 11 March 2012 - 04:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button