PDA

View Full Version : Windows XP Updates - failure to install



mommalina
12-15-2010, 01:22 PM
I have computer set to have notification of Windows updates
but no download or installation.

Nod32 notified me that I needed to install Windows updates.
Windows did not notify me of pending updates.

Went to update site, downloaded (express) updates, which
failed to install twice.

Nod32, SAS Pro, MBAM, and AdMuncher were all updated.

Why didn't Windows notify me of pending updates?
I checked and computer is configured to do that.

Why won't updates install?

Thanks.

Nazzgull
12-15-2010, 01:29 PM
Hi,
You may find this article useful :
http://support.microsoft.com/kb/943144

Also, check this one too :
http://www.pchell.com/support/windows_updates_download_but_wont_install.shtml

In fact, both links using the same method.

mommalina
12-15-2010, 01:51 PM
Nazgull, thank you for the prompt reply.

So far, I have:

- confirmed that XP SP-3 is still installed.

- disabled Nod32, MBAM, SAS Pro, and Ad Muncher

But installation again failed.

The instructions are way above my head, and the mention of
messing with the registry scares the hell out of me.

I need some dumbed-down instructions, if possible, or
opening the KH chatroom to see me through this.

Thanks.

Nazzgull
12-15-2010, 02:11 PM
Okay, I can not join now, don't have enough time. I'll post you here and I'm off.

You don't have anything to scare, this is not some big registry edits, just follow my steps.



Please go to Start > Run > type CMD and press Enter.
In Command Prompt please type next command and press Enter :

net stop wuauserv

Note : This command turn off your Automatic Update service.


Do not close Command Prompt and type next command bellow :

regsvr32 %windir%\system32\wups2.dll

Note : This command will register wups2.dll file, which is important for full working of Automatic Updates.



If you receive verification message, click OK.



Now we have to start Automatic Updates service by typing command bellow in Command Prompt :


net start wuauserv



Type exit to exit Command Prompt.
Now I suggest you to restart your computer and check can you apply Automatic Updates again.


If this steps didn't solve your problem, please install update from link bellow :
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7A81B0CD-A0B9-497E-8A89-404327772E5A&displaylang=en

Also, there is an option to update Windows Update Agent and you can read how to do that on link I gave you above, one more :
http://www.pchell.com/support/windows_updates_download_but_wont_install.shtml

mommalina
12-15-2010, 02:39 PM
I got as far as inserting regsvr32 %windir%\system32\wups2.dll,
and got this alert:

Reg 32 LoadLibrary("windir%\system32\wups2.dill") failed.
The specified module could not be found.

Over to you. Thanks.

Nazzgull
12-15-2010, 03:00 PM
You have mistake - not wups2.dill , it's wups2.dll.

If you don't like to type, you can Copy-paste that command, highlight it bellow
regsvr32 %windir%\system32\wups2.dll

You can not use CTRL+V keys in Command Prompt, but you can use Right click > Paste.

mommalina
12-15-2010, 03:48 PM
Thanks for this tip. Will try to remember for next time.


You can not use CTRL+V keys in Command Prompt, but you can use Right click > Paste.

I continued, and it indicated all was successful and to do
updates.

But updates failed again!

Over to you. Thanks

Lina

Nazzgull
12-15-2010, 04:03 PM
Please download Windows Update Agent from link bellow and install it :
http://download.windowsupdate.com/WindowsUpdate/redist/standalone/7.4.7600.226/WindowsUpdateAgent30-x86.exe

If you receive message that Windows Update Agent has already been installed on your computer, follow steps below title "Download the Latest Version of Windows Update Agent" on THIS (http://www.kickenhardware.net/forum/Download%20the%20Latest%20Version%20of%20Windows%2 0Update%20Agent) link.

I hope you'll be able to use it now. If you still have problem, i suggest you to remove Nod32, maybe it causing problem.

mommalina
12-15-2010, 04:16 PM
I forgot to mention that the Nod 32 alert stopped, turning
icon from orange to green again. But the installs failed
anyway.


Please download Windows Update Agent from link bellow and install it :
http://download.windowsupdate.com/WindowsUpdate/redist/standalone/7.4.7600.226/WindowsUpdateAgent30-x86.exe

Did so. Alert said it was already installed.


If you receive message that Windows Update Agent has already been installed on your computer, follow steps below title "Download the Latest Version of Windows Update Agent" on THIS (http://www.kickenhardware.net/forum/Download%20the%20Latest%20Version%20of%20Windows%2 0Update%20Agent) link.

I received this notice:


Not Found
The requested URL /forum/Download the Latest Version of Windows Update Agent was not found on this server.

Any other instructions, or shall I proceed uninstalling Nod 32?

Nazzgull
12-15-2010, 04:22 PM
Did so. Alert said it was already installed.


Sorry, I didn't posted link property, my mistake.

If you receive a message stating the Update Agent is already installed follow these extra steps:



Click Start > Run
Click the Browse button
Navigate to where you saved WindowsUpdateAgent30-x86.exe on your desktop and click it one time.
Click on the Open button
On the Open line, go to the end of the command. After the last quotation mark type the following

/wuforce

The line should look something like the following now:

"C:\Documents and Settings\username\Desktop\WindowsUpdateAgent30-x86.exe" /wuforce

Click Ok and install the Update Agent.


Source : http://www.pchell.com/support/windows_updates_download_but_wont_install.shtml

mommalina
12-15-2010, 05:20 PM
Sorry, I deleted my last post--accidentally clicked Submit
Reply before I had edited and completed it.

Nod 32 icon turned orange again.


# Click Start > Run
# Click the Browse button

I get the Browse window and request for file
name .. :confused: .. Did nothing.


* Navigate to where you saved WindowsUpdateAgent30-x86.exe on your desktop and click it one time.
* Click on the Open button
* On the Open line, go to the end of the command. After the last quotation mark type the following

/wuforce

BTW, I'm using Firefox, so I did not have the download on
my desktop. I went to FF, Tools, Downloads to get it. I had
to click twice to open it. It opens to Open executable file?
and ability to download but not add anything to the url.

So I can't do the next step:


* The line should look something like the following now:

"C:\Documents and Settings\username\Desktop\WindowsUpdateAgent30-x86.exe" /wuforce

* Click Ok and install the Update Agent.


Over to you again .. :(

Nazzgull
12-15-2010, 05:32 PM
In Run window you have Browse button bellow, click on that and navigate to your WindowsUpdateAgent30-x86.exe file. Than, when you choose it, you'll be able to see navigation path in Run window, you just have to add /wuforce at the end and click OK.

This is Run window, and i put it to point to bs player installation file, just for example to show you how it looks.
http://i56.tinypic.com/vevs8.png

You see Browse.. button ? That's what we need.

mommalina
12-15-2010, 06:03 PM
In Run window you have Browse button bellow, click on that and navigate to your WindowsUpdateAgent30-x86.exe file. Than, when you choose it, you'll be able to see navigation path in Run window, you just have to add /wuforce at the end and click OK.

This is Run window, and i put it to point to bs player installation file, just for example to show you how it looks.
http://i56.tinypic.com/vevs8.png

You see Browse.. button ? That's what we need.

I see the Run window you displayed.

I typed WindowsUpdateAgent30-x86.exe into it.
Clicking on Browse offers a Browse Window, asking
for a file. When I type in the url, it says not found. If I
click OK, it says it can't find it and suggests I try Search.

When I clicked on two entries I found in Search, both
documents and prefetch, they offered download with no
opportunity to add to the url.

Sorry, I'm lost .. :(

TonyDi
12-15-2010, 06:14 PM
Lina, looking back at post #8:

You should have clicked on the link Nazzgull provided and you should saved the file, preferably to your desktop. So let's start there. Did you download the file? If so, you should be able to see it. It's called WindowsUpdateAgent30-x86.exe.

Double click on it to run it.

mommalina
12-15-2010, 06:46 PM
Lina, looking back at post #8:

You should have clicked on the link Nazzgull provided and you should saved the file, preferably to your desktop. So let's start there. Did you download the file? If so, you should be able to see it. It's called WindowsUpdateAgent30-x86.exe.

Double click on it to run it.

Tony, when I click on it to run it, it says it's already
installed. We did get that far ;)

We are trying to add something to the original download url.

Thanks. ♥

I'm going to take a break and watch two hot one-hour
Spanish soap operas .... don't know why I can follow them
but am at a loss with computer instructions .. :smash:

TonyDi
12-15-2010, 07:00 PM
Please get an OK from Nazzgull before proceeding with the following because I don't know what this does but I think I know where she's headed.

Move the WindowsUpdateAgent30-x86.exe file that you downloaded to your root directory, C. Now when you open your computer it should be sitting in the same folder as Windows, Program Files, etc.

Then open the RUN command and type in c:\WindowsUpdateAgent30-x86.exe /wuforce and hit the OK key.

Nazzgull
12-16-2010, 08:50 AM
I typed WindowsUpdateAgent30-x86.exe into it.

You don't have to type, you just have to click on Browse and fine the file on your computer.


When I type in the url, it says not found. If I
click OK, it says it can't find it and suggests I try Search.

Not URL, you have to fine WindowsUpdateAgent30-x86.exe file. That's easy.

mommalina
12-16-2010, 12:02 PM
You don't have to type, you just have to click on Browse and fine the file on your computer.

When I click on Browse, I get a Browse window with a blank
text box to fill in with a File name .. :confused: .. that's why I typed in
WindowsUpdateAgent30-x86.exe, which can't be found.
What should I do in that window?



Not URL, you have to fine WindowsUpdateAgent30-x86.exe file. That's easy.

Where do you suggest I look for it?

Via Search I did find two files for
WindowsUpdateAgent30-x86:

- first in My Documents and Settings,
WindowsUpdateAgent30-x86.
When I click on that it allows a download and then says it's
not needed because it's already installed.

- second in Windows Prefetch,
WINDOWSUPDATEAGENT30-X86.EXE-03D3FOD9.pf.
I can't open it; it suggests I use the web, and takes me
here:
http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=pf
I'm lost .. :(
It also suggests I chose a program from a list. I click OK
but don't know which program to choose ... again, I'm lost.

I'm surely frustrating both of us. Sorry .. :(

TonyDi
12-16-2010, 12:26 PM
What about my suggestion in post #16? Nazzgull is that OK?

Dan18960
12-16-2010, 04:56 PM
Sorry guys but what Lina is encountering is WAY OVER HER HEAD.

To start off with the WindowsUpdateAgent needs a parameter to run. And this is probably not going to fix her problem with Windows updates failing.

Lina I have a 6 (that is SIX) page process that Microsoft Tech Support sent to me with a number of register dll's required, Windows update agent parameters, and other "fixes".

Microsoft does provide FREE technical support for Window Update failures - I am not sure of that level, but I have had the technician even take over the system to do some repairs when I was having higher application issues.

mommalina
12-16-2010, 05:17 PM
Sorry guys but what Lina is encountering is WAY OVER HER HEAD.

To start off with the WindowsUpdateAgent needs a parameter to run. And this is probably not going to fix her problem with Windows updates failing.

Lina I have a 6 (that is SIX) page process that Microsoft Tech Support sent to me with a number of register dll's required, Windows update agent parameters, and other "fixes".

Microsoft does provide FREE technical support for Window Update failures - I am not sure of that level, but I have had the technician even take over the system to do some repairs when I was having higher application issues.

Dan, thanks for chiming in.

How do I get Microsoft to give me the free support I need?
that would work, given my lack of tech expertise?

What could have caused this failure to install Windows updates?

Do you think uninstalling Nod32 would be worth a try?

sho-dan
12-16-2010, 08:55 PM
Hello Lina :)

Do try this Nod32 temp disble method to see if the Window updates will install. I have the same type of Windows update auto install blocked with Antivir until I disabled Antivir guard and the updates downloaded/intalled.

How do I temporarily disable ESET Smart Security/ESET NOD32 Antivirus? (http://kb.eset.com/esetkb/index?page=content&id=SOLN548)

btw, this only happens in my XP pro computer, but not in my Vista/W7 box.

Rob-S
12-16-2010, 09:12 PM
Lina,
Microsoft Support offers an 'automatic' Fix it (http://support.microsoft.com/kb/822798#FixItForMeAlways) option for windows update issues. The Fix It utility will attempt to repair a few of the most common issues. I suggest you give it a try.

Click the link above, then on the page that opens, click the 'Microsoft Fix It' icon. A 'File Download' dialog box will appear....click 'Run', then follow the steps in the Fix it wizard.

mommalina
12-16-2010, 10:34 PM
Hello Lina :)

Do try this Nod32 temp disble method to see if the Window updates will install. I have the same type of Windows update auto install blocked with Antivir until I disabled Antivir guard and the updates downloaded/intalled.

How do I temporarily disable ESET Smart Security/ESET NOD32 Antivirus? (http://kb.eset.com/esetkb/index?page=content&id=SOLN548)

btw, this only happens in my XP pro computer, but not in my Vista/W7 box.

sho-dan, I don't have the Eset Security Suite, just Nod 32
Version 4. I clicked on the system tray icon, disabled
real time protection and antivirus and spyware protection,
then tried to install updates - failed again.

Earlier I disabled the Windows Firewall, Nod 32, SAS Pro,
and MBAM and tried to install the updates - failed again.

Thanks for trying to help ♥

mommalina
12-16-2010, 10:51 PM
Lina,
Microsoft Support offers an 'automatic' Fix it (http://support.microsoft.com/kb/822798#FixItForMeAlways) option for windows update issues. The Fix It utility will attempt to repair a few of the most common issues. I suggest you give it a try.

Click the link above, then on the page that opens, click the 'Microsoft Fix It' icon. A 'File Download' dialog box will appear....click 'Run', then follow the steps in the Fix it wizard.

Did that, rebooted; updates still won't install .. :(

Thanks for trying, Rob.

TonyDi
12-16-2010, 11:00 PM
Time to switch to a Mac.

mommalina
12-16-2010, 11:01 PM
Time to switch to a Mac.

Tony, I'd probably screw that up also .. :( .. :rolleyes:

mommalina
12-16-2010, 11:13 PM
BTW. shortly before this inability to install the
Windows updates:

- every so often Firefox would come up,
but the page would be blank. It would
say "Done" in the bottom lefthand corner.
Sometimes for only one web site,
sometimes for all. It just happened again
and I rebooted and all is well.

- MBAM found and removed an infection
a while ago. Here's what it says in the
Quarantine section:


The quarantine holds all previously found
and removed threats. To permanently delete threats, use the options below.

Vendor/Date/Category/Item

Hijack StartMenu, 11/30/2010, Registry Data, HKEY CURRENT USER\SOFTWARE\Microsoft\Windows\Current Version\Explorer

Worm.KoobFace, 6/24/2010, C\Documents and Settings\Lina\My Documents\Downloads\setup exe

Be aware that I may not have typed some
of the information correctly. Had a problem
deciphering small print.

Any relevance to the update problem?

Kenny94
12-17-2010, 08:35 AM
Any relevance to the update problem?

You might have some malware that is preventing the updates.

Update Run Malwarebytes


Launch Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to look at some information about what is going on in your computer:

Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
http://i270.photobucket.com/albums/jj116/Bugbatter2/DDS.jpg

Instead of attaching, please copy/past both logs into your Thread
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html)Then post your DDS (DDS.txt and Attach.txt

Nazzgull
12-17-2010, 11:55 AM
Now it starting look like malware infection.

mommalina
12-17-2010, 02:59 PM
Here's today's MBAM Quick scan (12/17/10):


01:00:24 Lina MESSAGE Scheduled update executed successfully
01:00:24 Lina MESSAGE IP Protection stopped
01:00:29 Lina MESSAGE Database updated successfully
01:00:31 Lina MESSAGE IP Protection started successfully
11:40:43 (null) MESSAGE Protection started successfully
11:40:47 Lina MESSAGE IP Protection started successfully
11:41:49 Lina MESSAGE Scheduled update executed successfully
11:41:49 Lina MESSAGE IP Protection stopped
11:41:55 Lina MESSAGE Database updated successfully
11:41:57 Lina MESSAGE IP Protection started successfully
13:00:16 Lina MESSAGE Scheduled update executed successfully
13:00:16 Lina MESSAGE IP Protection stopped
13:00:24 Lina MESSAGE Database updated successfully
13:00:27 Lina MESSAGE IP Protection started successfully
13:49:52 (null) MESSAGE Protection started successfully
13:58:06 (null) MESSAGE Protection started successfully
13:58:11 Lina MESSAGE IP Protection started successfully


Here's one I did yesterday, 12/16/10. Note the error
(wonder it is relevant).


09:52:36 Lina MESSAGE Protection started successfully
09:52:40 Lina MESSAGE IP Protection started successfully
09:53:29 Lina MESSAGE Scheduled update executed successfully
09:53:29 Lina MESSAGE IP Protection stopped
09:53:35 Lina MESSAGE Database updated successfully
09:53:37 Lina MESSAGE IP Protection started successfully
13:00:18 Lina MESSAGE Scheduled update executed successfully
13:00:18 Lina MESSAGE IP Protection stopped
13:00:25 Lina MESSAGE Database updated successfully
13:00:27 Lina MESSAGE IP Protection started successfully
16:00:00 Lina ERROR Scheduled scan failed: GetUserToken failed with error code 1245
17:00:26 Lina MESSAGE Scheduled update executed successfully
17:00:26 Lina MESSAGE IP Protection stopped
17:00:34 Lina MESSAGE Database updated successfully
17:00:36 Lina MESSAGE IP Protection started successfully
21:32:57 (null) MESSAGE Protection started successfully
21:33:02 Lina MESSAGE IP Protection started successfully
21:34:17 Lina MESSAGE Scheduled update executed successfully
21:34:17 Lina MESSAGE IP Protection stopped
21:34:22 Lina MESSAGE Database updated successfully
21:34:23 Lina MESSAGE IP Protection started successfully
21:38:09 (null) MESSAGE Protection started successfully
21:38:13 Lina MESSAGE IP Protection started successfully
22:46:22 (null) MESSAGE Protection started successfully
22:46:26 Lina MESSAGE IP Protection started successfully
23:59:04 (null) MESSAGE Protection started successfully
23:59:09 Lina MESSAGE IP Protection started successfully

Note: I wonder if my having turned off real-time protection
briefly in order to retry Windows updates accounts for some
of the IP Protection stopped entries?

I'm waiting for some help from a friend before performing
the DDS scan. Afraid I'll screw it up. Be back, probably
this evening.

Thanks.

Dan18960
12-17-2010, 03:22 PM
Actually guys I have had this happening in the last 2 months from ROOTKITS! :mad2:

Nazzgull
12-17-2010, 03:22 PM
You don't have to afraid. MBAM just gave you a message that it's unable to update database entry, it's nothing special. It did it again later, as you can see, workable!

You should put DDS scan now. DDS only scan your computer and gives a report! It doesn't fix any issue, for fixing - Kenny will give you instructions after he read a log, so please post it.

By the way, I suggest you to shutdown Nod32 and MBAM till Kenny fix your problem.

Nazzgull
12-17-2010, 03:23 PM
Actually guys I have had this happening in the last 2 months from ROOTKITS! :mad2:

That's also possible.

mommalina
12-19-2010, 10:23 AM
Kenny, looks like my friend is unavailable to help me
with the DDS. Will tackle it, but later. I had to
prepare for a family Christmas gathering today, and
I have two medical appointments tomorrow.

Please don't give up on me. Thanks.

Kenny94
12-19-2010, 10:39 AM
Take your time Lina.....:)

mommalina
12-21-2010, 09:24 AM
Kenny, one of my sons arrived from out of town last night,
accompanied by my rambunctious great-granddaughter.
He works with computers at AT&T. I asked for his help
seeing me through DDS.

Unfortunately, the KH forum seemed to be down all
evening. I had no problem accessing any other web site.

So here's what he tried, in his own words:


Set the system configurator to use default settings to see if that would allow the Windows updates that have already been downloaded to run. It did not. I could see that the system configurator was not utilizing the default settings as when the Lina user account was opened and 1st started, a window popped up which displayed the system configurator setting. That window now does not pop up anymore after starting the Lina user account.*

Also, after setting the system configurator to utilize the default settings, win patrol notifications were occurring after an account was closed and then opened again. One was indicated to be malware - powerreg scheduler.exe I attempted to scan for that file in windows explorer but could not find it.

Also tried setting up another system administrator account and using it to install the Windows updates that have already been downloaded. That did not work either. Tried using that account both before and after modifying the system configurator settings.


A MBAM full scan after all this indicated no infection.

* ATTN: Rich M

That window now does not pop up anymore after starting the Lina user account.

I kept getting the configuration window at startup both
on my old computer (XP) and current one (XP Pro). So
maybe this is the way to finally get rid of it?

BTW, with the configuration window no longer popping
up, I went to RUN, msconfig to see what was in startup.
My son asked how I brought the window up again! So,
thanks to KH, looks like he may have learned something
also! .. ;)

My son plans to leave tomorrow morning, so I don't
know if he'll have time to stop by and help me with
DDS. But another friend may be able to help me
over the phone soon.

So hang in there, Kenny. Thanks for your patience.

mommalina
12-21-2010, 10:00 AM
Forgot something. Something new now appears
in User Accounts:


ASP.NET Machine A...
Limited account
Password protected

Rob-S
12-21-2010, 11:05 AM
Forgot something. Something new now appears
in User Accounts:
ASP.NET Machine A...
Limited account
Password protected

Lina,
Asp.Net user is created (for security reasons) when the Microsoft NetFramework update is installed. It's legit...no need to worry about it. In a nutshell, NetFramework is a Microsoft service that runs in the background.

June
12-21-2010, 09:23 PM
I don't remember what OS Lina is using. Would a system repair help the issue?

mommalina
12-21-2010, 10:25 PM
DDS (Ver_10-12-12.02) - NTFSx86
Run by Lina at 22:17:39.48 on Tue 12/21/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1240 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Lina\LOCALS~1\Temp\TeamViewer\Version6 \TeamViewer.exe
c:\docume~1\lina\locals~1\temp\teamviewer\version6 \TeamViewer_Desktop.exe
C:\DOCUME~1\Lina\LOCALS~1\Temp\TeamViewer\Version6 \tv_w32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Ad Muncher] "c:\program files\ad muncher\AdMunch.exe" /bt
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_report
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266646072265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266665718078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lina\applic~1\mozilla\firefox\profiles \oc11j8pd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\lina\application data\mozilla\firefox\profiles\oc11j8pd.default\ext ensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Ad Muncher Browser Extensions: {3ED591BC-7CC7-495B-A526-B2431356EDC1} - c:\program files\ad muncher\FirefoxExtension_2.0
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-5-14 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-20 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2010-2-20 20952]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-12-16 70016]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]

=============== Created Last 30 ================

2010-12-17 18:22:30 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-17 18:22:26 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-17 18:22:25 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-17 18:22:22 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-17 18:22:18 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-17 18:20:59 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-12-17 18:19:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-12-17 18:18:57 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-12-17 18:17:57 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-12-17 18:16:58 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-12-17 18:15:57 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-12-17 18:14:59 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-12-17 18:13:54 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-12-17 18:12:59 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-12-17 18:11:58 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-12-17 18:10:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-12-17 18:09:59 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-12-17 18:08:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-12-17 18:07:56 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-12-17 18:06:55 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-12-17 18:06:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-17 18:06:49 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-12-17 18:06:42 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-12-17 18:06:40 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-12-17 18:06:31 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-12-17 18:06:28 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-12-17 18:06:26 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-17 18:06:19 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-12-17 18:06:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-12-17 18:06:05 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-12-17 18:06:00 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-17 18:04:59 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-12-17 18:03:57 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-12-17 18:02:59 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-12-17 18:01:59 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-12-17 18:00:59 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-12-17 17:59:58 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-12-17 17:58:58 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-12-17 17:57:59 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-12-17 17:56:55 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-12-17 17:55:59 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2010-12-17 17:54:59 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll
2010-12-17 03:52:39 -------- d-----w- c:\windows\system32\CatRoot2
2010-12-17 03:37:54 -------- d-----w- c:\windows\system32\CatRoot2_20101216225222

==================== Find3M ====================

2010-11-08 05:32:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 05:32:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:18:34.79 ===============

mommalina
12-21-2010, 10:32 PM
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2010 11:44:35 PM
System Uptime: 12/21/2010 9:42:39 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 195 GiB total, 181.531 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X300 SE 128MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&F15FA5E&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 SE 128MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&F15FA5E&0&0108
Service: ati2mtag

==== System Restore Points ===================

RP164: 9/22/2010 5:10:32 PM - System Checkpoint
RP165: 9/23/2010 2:31:04 PM - Installed QuickTime
RP166: 9/28/2010 8:00:07 AM - System Checkpoint
RP167: 10/1/2010 10:59:05 AM - Software Distribution Service 3.0
RP168: 10/1/2010 11:04:41 AM - Software Distribution Service 3.0
RP169: 10/6/2010 9:49:34 AM - System Checkpoint
RP170: 10/8/2010 1:10:29 PM - System Checkpoint
RP171: 10/13/2010 11:01:40 AM - Removed Adobe Reader 9.3.4.
RP172: 10/13/2010 11:02:18 AM - Installed Adobe Reader 9.4.0.
RP173: 10/13/2010 11:06:10 AM - Removed Java(TM) 6 Update 20
RP174: 10/13/2010 11:06:41 AM - Installed Java(TM) 6 Update 22
RP175: 10/13/2010 11:40:55 AM - Software Distribution Service 3.0
RP176: 10/14/2010 3:33:38 PM - System Checkpoint
RP177: 10/22/2010 1:50:39 PM - System Checkpoint
RP178: 10/25/2010 8:42:39 AM - System Checkpoint
RP179: 10/26/2010 1:20:12 PM - System Checkpoint
RP180: 10/27/2010 4:27:19 PM - System Checkpoint
RP181: 10/29/2010 7:35:21 AM - System Checkpoint
RP182: 10/30/2010 9:00:25 PM - System Checkpoint
RP183: 11/1/2010 4:42:24 PM - System Checkpoint
RP184: 11/2/2010 5:55:54 PM - Installed Java(TM) 6 Update 15
RP185: 11/7/2010 11:47:22 AM - System Checkpoint
RP186: 11/8/2010 12:20:06 AM - Removed Java(TM) 6 Update 15
RP187: 11/8/2010 12:24:29 AM - Removed Java(TM) 6 Update 22
RP188: 11/8/2010 12:32:49 AM - Installed Java(TM) 6 Update 22
RP189: 11/9/2010 12:14:01 PM - System Checkpoint
RP190: 11/10/2010 2:07:08 PM - Software Distribution Service 3.0
RP191: 11/11/2010 2:14:39 PM - System Checkpoint
RP192: 11/13/2010 11:41:29 AM - System Checkpoint
RP193: 11/14/2010 1:26:58 PM - System Checkpoint
RP194: 11/15/2010 4:46:57 PM - System Checkpoint
RP195: 11/16/2010 5:18:40 PM - System Checkpoint
RP196: 11/18/2010 12:46:56 PM - System Checkpoint
RP197: 11/19/2010 1:31:43 PM - System Checkpoint
RP198: 11/23/2010 1:08:01 PM - System Checkpoint
RP199: 11/24/2010 4:21:40 PM - System Checkpoint
RP200: 11/27/2010 2:22:29 PM - System Checkpoint
RP201: 11/28/2010 5:22:09 PM - System Checkpoint
RP202: 11/30/2010 12:08:21 PM - System Checkpoint
RP203: 12/6/2010 6:03:56 PM - System Checkpoint
RP204: 12/9/2010 1:46:12 PM - System Checkpoint
RP205: 12/10/2010 2:30:16 PM - System Checkpoint
RP206: 12/11/2010 2:48:15 PM - System Checkpoint
RP207: 12/13/2010 12:17:34 AM - System Checkpoint
RP208: 12/15/2010 12:53:35 PM - System Checkpoint
RP209: 12/15/2010 1:09:35 PM - Software Distribution Service 3.0
RP210: 12/15/2010 1:13:06 PM - Software Distribution Service 3.0
RP211: 12/15/2010 1:41:45 PM - Software Distribution Service 3.0
RP212: 12/15/2010 1:46:13 PM - Software Distribution Service 3.0
RP213: 12/15/2010 3:43:06 PM - Software Distribution Service 3.0
RP214: 12/16/2010 9:41:19 PM - Software Distribution Service 3.0
RP215: 12/16/2010 10:28:17 PM - Software Distribution Service 3.0
RP216: 12/16/2010 10:37:30 PM - Installed Microsoft Fix it 50528
RP217: 12/16/2010 10:40:19 PM - Software Distribution Service 3.0
RP218: 12/16/2010 10:48:23 PM - Software Distribution Service 3.0
RP219: 12/16/2010 10:52:16 PM - Installed Microsoft Fix it 50528
RP220: 12/17/2010 12:02:41 AM - Software Distribution Service 3.0
RP221: 12/17/2010 2:00:16 PM - Software Distribution Service 3.0
RP222: 12/17/2010 2:02:20 PM - Software Distribution Service 3.0
RP223: 12/19/2010 7:58:36 PM - System Checkpoint
RP224: 12/19/2010 10:59:39 PM - Software Distribution Service 3.0
RP225: 12/19/2010 11:00:48 PM - Software Distribution Service 3.0
RP226: 12/19/2010 11:10:28 PM - Software Distribution Service 3.0
RP227: 12/19/2010 11:14:49 PM - Software Distribution Service 3.0
RP228: 12/20/2010 3:16:59 AM - Software Distribution Service 3.0
RP229: 12/21/2010 9:46:45 AM - System Checkpoint
RP230: 12/21/2010 9:59:48 PM - Software Distribution Service 3.0
RP231: 12/21/2010 10:04:44 PM - Software Distribution Service 3.0
RP232: 12/21/2010 10:13:01 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acronis*True*Image*Home
Ad Muncher v4.9 Build 32300
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Belarc Advisor 8.1
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dell CinePlayer
Diskeeper Professional Edition
EmailStripper 2.2
ESET NOD32 Antivirus
EULAlyzer 2.0
Everything 1.2.1.371
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.13)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PaltalkScene
PowerDVD
QuickTime
Revo Uninstaller 1.83
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
SUPERAntiSpyware Professional
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
Verizon Help and Support Tool
Vz In Home Agent
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
WinPatrol
Works Upgrade

==== Event Viewer Messages From Past Week ========

12/19/2010 11:11:43 PM, error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2010 11:11:43 PM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2010 10:10:06 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/17/2010 12:50:05 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
12/17/2010 1:22:31 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
12/16/2010 9:59:22 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================

mommalina
12-21-2010, 10:36 PM
A friend--bless her heart--helped me with this. Before doing
the DDS, we tried to install Windows Update Custom,
Microsoft Net Framework. It, too, would not install.

Over to you, Kenny. Thanks.

mommalina
12-21-2010, 11:11 PM
Kenny, my friend suggested we do a check disk. I
know you don't like our doing anything you do not
suggest while you try to diagnose a problem.

Should I do a check disk?

Thanks.

Dan18960
12-22-2010, 09:24 AM
Lina,

chkdsk will NOT correct a failed windows update issue.

chkdsk is for hardware corruption and this would be evident in your day to day usage of the computer not just one process.

Over to Kenny :focus:

Kenny94
12-22-2010, 10:55 AM
We need to repair some of windows' internal registration settings
Please download Dial-A-Fix from:
* Primary Dial-A-Fix (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)

* Secondary Dial-A-Fix (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)



Extract the zip file to your desktop.
Double click Dial-a-Fix.exe to start the program.
Press the green double checkmark box (Looks like this: http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/checkmark.png)
UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
http://img.photobucket.com/albums/v420/kdiamondkenny/toUncheck.png
When the window looks like this, press the GO button in the bottom of the window.
http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/mainWindow.png
Exit/Close Dial-A-Fix

mommalina
12-23-2010, 12:33 AM
My friend--bless her again--helped me run Dial-a-Fix.
We received the following three error messages, after
which Windows Updates again failed to install.

1321

1322

1323

Kenny94
12-23-2010, 09:47 AM
Appears when Dial-a-Fix tries to register the dll files that is need it. Even though they are present. Dial-a-Fix has repair permissions fix, but Lets run combofix to be sure malware is not holding on to these files.


Download ComboFix from below:

Combofix download (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


You can get help on disabling your protection programs here (http://www.bleepingcomputer.com/forums/topic114351.html)

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i28.photobucket.com/albums/c227/tetonbob/cfRC_screen_1.png


The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

http://i28.photobucket.com/albums/c227/tetonbob/cfRC_screen_2.png

Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

mommalina
12-23-2010, 10:31 PM
ComboFix 10-12-23.03 - Lina 12/23/2010 22:09:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1475 [GMT -5:00]
Running from: c:\documents and settings\Lina\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lina\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-17 18:22 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-17 18:22 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-17 18:22 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-17 18:22 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-17 18:22 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-17 18:20 . 2008-04-14 05:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-12-17 18:19 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-12-17 18:18 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-12-17 18:17 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-12-17 18:16 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-12-17 18:15 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-12-17 18:14 . 2008-04-14 05:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-12-17 18:13 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-12-17 18:12 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-12-17 18:11 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-12-17 18:10 . 2001-08-17 18:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-12-17 18:09 . 2001-08-17 19:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-12-17 18:08 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-12-17 18:07 . 2001-08-17 17:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-12-17 18:06 . 2008-04-14 05:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-12-17 18:06 . 2008-04-14 05:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-17 18:06 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-12-17 18:06 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-12-17 18:06 . 2008-04-14 05:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-12-17 18:06 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-12-17 18:06 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-12-17 18:06 . 2008-04-14 05:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-17 18:06 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-12-17 18:06 . 2008-04-14 05:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-12-17 18:06 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-12-17 18:06 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-17 18:04 . 2001-08-17 18:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-12-17 18:03 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-12-17 18:02 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-12-17 18:01 . 2001-08-18 03:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-12-17 18:00 . 2001-08-17 17:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-12-17 17:59 . 2001-08-18 03:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-12-17 17:58 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-12-17 17:57 . 2001-08-17 17:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-12-17 17:56 . 2008-04-14 05:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-12-17 17:55 . 2008-04-14 05:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-12-17 17:54 . 2008-04-14 10:41 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-20 23:09 . 2010-02-20 11:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-20 11:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 05:32 . 2010-11-08 05:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 05:32 . 2010-04-21 03:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-16 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-05 176216]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2010-11-15 534728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^Lina^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Lina\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]
2009-03-13 01:18 602624 ----a-w- c:\program files\Everything\Everything.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysInspector.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysRescue.exe"=
"c:\\Program Files\\EULAlyzer\\eulalyzer.exe"=
"c:\\Program Files\\Ad Muncher\\AdMunch.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\VS Revo Group\\Revo Uninstaller\\revouninstaller.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\BootSafe.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\10.0\\Roxio Central36\\Main\\Roxio_Central36.exe"=
"c:\\Program Files\\Microsoft Office\\PowerPoint Viewer\\PPTVIEW.EXE"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\Microsoft Works\\wksdb.exe"=
"c:\\Program Files\\Microsoft Works\\WksSb.exe"=
"c:\\Program Files\\Microsoft Works\\wksss.exe"=
"c:\\Program Files\\Microsoft Works\\MSWorks.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [5/14/2009 3:49 PM 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/20/2010 6:37 AM 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2/20/2010 6:37 AM 20952]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=19T4Q01V&id=menu_ie_report
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Lina\Application Data\Mozilla\Firefox\Profiles\oc11j8pd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Ad Muncher Browser Extensions: {3ED591BC-7CC7-495B-A526-B2431356EDC1} - c:\program files\Ad Muncher\FirefoxExtension_2.0
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 22:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Applicatio n)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
"Event"=dword:00000000
"InstallEvent"="1.9.0040.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Ad Muncher\AM32-32300.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
************************************************** ************************
.
Completion time: 2010-12-23 22:20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 03:20

Pre-Run: 195,318,693,888 bytes free
Post-Run: 195,320,872,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B9061745530F6C6B16CBA8114EABAE89

mommalina
12-23-2010, 10:44 PM
After posting Combo-fix (log above), I tried to install Windows
updates both with antivirus/spyware protection and without
it.

Kenny94
12-24-2010, 05:51 PM
It's not malware related. Your CF log and the other logs are clean. I'm out of any ideals.


Follow these steps to uninstall Combofix and all of its files and components.

Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.
Make sure there's a space between Combofix and /
Then hit enter.

Anyone have any other suggestions?

allheart55 (Cindy)
12-24-2010, 06:19 PM
Lina and I ran a sfc /scannow using the XP disk. It says it repaired and/or replaced system files.
:eek: (The results showed integrity violations which were restored.) :eek:
I guess we could either try a repair install or restore with Acronis. The only problem with using
Acronis is I created the backup before we brought Lina the computer. We would need to back up
all her personal files and folders prior to recovering the image file.

mommalina
12-27-2010, 04:05 PM
Does anyone have any comments/suggestion regarding Cindy's post?


Lina and I ran a sfc /scannow using the XP disk. It says it repaired and/or replaced system files.
:eek: (The results showed integrity violations which were restored.) :eek:
I guess we could either try a repair install or restore with Acronis. The only problem with using
Acronis is I created the backup before we brought Lina the computer. We would need to back up
all her personal files and folders prior to recovering the image file.

Would a System Restore be advisable? We never
did try one.

My friend also wonders: Should we go into Safe Mode
and click on what she thinks reads something like Revert to last good
configuration?.

mommalina
12-27-2010, 04:15 PM
Any comments/suggestion regarding Cindy's post?


Lina and I ran a sfc /scannow using the XP disk. It says it repaired and/or replaced system files.
:eek: (The results showed integrity violations which were restored.) :eek:
I guess we could either try a repair install or restore with Acronis. The only problem with using
Acronis is I created the backup before we brought Lina the computer. We would need to back up
all her personal files and folders prior to recovering the image file.

Would a System Restore be advisable? We never did
try one.

My friend also wonders: Should we go into Safe Mode
and click on what she thinks reads something like
Revert to last good configuration?.

Cindy and Kenny, thanks very much for your help and
input.♥

If malware were the culprit, I was going to stop using
Facebook. That may have been easier than fixing the
update problem.

Guest11
12-27-2010, 08:48 PM
By all means try a System restore if you can get back to date prior to this issue.

mommalina
12-28-2010, 11:31 AM
By all means try a Sysetm restore if you can get back to date prior to this issue.

I find it difficult to believe, but System Restore was turned off!
:shocked: .. :smash:

Don't know if it was ever on, turned off by whatever caused
the Windows Update problem or by the programs Cindy and
Kenny helped me use to try to fix it .. :(

No failure; a lesson learned! Besides running scans and doing
updates, it would not hurt to periodically check that System
Restore is turned on!

Thanks to Cindy, I do have the original Acronis backup .. :hug:

Rich, Cindy: any thoughts about my friend's other
suggestion?


My friend also wonders: Should we go into Safe Mode
and click on what she thinks reads something like
Revert to last good configuration?

Thanks.

Guest11
12-28-2010, 02:38 PM
I don't think "Last Known Good Configuration" ever does anything of any value.

mommalina
12-28-2010, 03:10 PM
I don't think "Last Known Good Configuration" ever does anything of any value.

You are correct, Rich. Just did one and still can't install
Windows Updates. But, it was interesting. Nice tour, and
I learned a few things .. :smile:



[FONT=Comic Sans MS]I guess we could either try a repair install or restore with Acronis. The only problem with using
Acronis is I created the backup before we brought Lina the computer. We would need to back up
all her personal files and folders prior to recovering the image file.

Unless someone has another suggestion, can the gurus
help me determine which would be best:

- a wipe and load, or
- an Acronis restore?

Guest11
12-28-2010, 04:46 PM
Lina,
Will no Windows Updates install? (I don't feel like reading 58 posts here). If the answer is yes, the best way to do this would be to save whatever is new to a Usb flash drive or burn to cd or dvd and then use the Acronis image file Cindy made to restore back though there will be a lot of tweaking to do remember since day 1.

mommalina
12-28-2010, 07:00 PM
Lina,
Will no Windows Updates install? (I don't feel like reading 58 posts here). If the answer is yes, the best way to do this would be to save whatever is new to a Usb flash drive or burn to cd or dvd and then use the Acronis image file Cindy made to restore back though there will be a lot of tweaking to do remember since day 1.

Sorry to have troubled you, Rich, but thank you for your
reply .. :(

The 58 posts were step-by-step attempts to find out why
Windows Updates would not install and to try to fix the
problem.

Apparently, there's no such thing as a dumb question, but
don't ask too many of them when trying to resolve my
computer problems. Heaven forbid, someone may learn
something reading the posts or trying to help me .. :redface:

Guest11
12-28-2010, 08:12 PM
No offense Lina, just trying to save time and I can see why this all failed. Dan actually nailed it in his first post.
This was suggested which is the only fix I know of that works on this:http://support.microsoft.com/kb/943144
and you wanted it "dumbed down". There is no dumb down to it, that is the fix and surely it is over your head as Dan said and we cannot work miracles here,
you need to get someone in to do that for you. Either that of use the Acronis image file first backing up and saving your files and data.
The one other thing I see not tried is the XP repair actually might also fix it:
http://michaelstevenstech.com/XPrepairinstall.htm

TonyDi
12-28-2010, 08:38 PM
Unless I missed it, that article doesn't mention uninstalling any versions of Internet Explorer after ver 6 prior to doing the XP Repair. I assume one should uninstalle IE 7 (or 8) before attempting an XP Repair.

Guest11
12-28-2010, 09:14 PM
Unless I missed it, that article doesn't mention uninstalling any versions of Internet Explorer after ver 6 prior to doing the XP Repair. I assume one should uninstalle IE 7 (or 8) before attempting an XP Repair.
Actually that was written before Ie 7 and 8 existed but I did several recently and never removed them Tony. I do beplieve I had to reinstall them afterwards just as you have to do many updates as well.

June
12-28-2010, 09:59 PM
Actually Rich, a lot of us were way over our head reading this post. Another reason we need to get Paltalk back. Didn't you say there was a place on KH to click and ask for an online session for help. I never did find it. Will it still be on the new setup?

I was able to follow the posts and I will personally call Lina and walk her thru registering the Wups2.dll file (which I think she tried but couldn't complete). If that doesn't work I will walk her through a repair. Lord knows I've done enough of those!

Guest11
12-28-2010, 10:55 PM
June we said that if we had sufficient notice we would open the Chatroom if anyone was available, there never was a place to click, but I also think in this case, Lina needs to find a service to fix this. There is only so much we can do online either way and sending one of you into the registry I think is beyond the scope of what we should be doing on a forum.

Dan18960
12-29-2010, 07:43 AM
June,

There comes a time when a fix is beyond the scope of the forum, paltalk, and/or the user. Rich, Tony, Adam, myself, and others would not be making a living IF all problems could be handled over the internet or a phone call.

I have handled numerous update failures recently and it is NOT one size fits all unfortunately. I have 6 PAGES of different processes from Microsoft tech support to get windows to update and I have gone through them and still had the failures. I had to resort to even additional measures.

Sometimes it just takes opening the purse/wallet to get a computer fixed. Of course, Lina is on XP and IF I were advising her "professionally" and her system would support a move to Windows 7, I would advise getting another hard drive and purchasing Windows 7 Home Premium (although I would go the added cost and get either Professional or Ultimate in reality), installing the new drive as the primary, formatting and installing Windows 7, and then connect the current XP drive as a slave/secondary drive for ready access to her previous data.

The cost of repairing her system (even at Rich's rate) would be more than the new hard drive and windows 7 purchase. I know Rich doesn't do it - but I setup my Windows 7 clients in a XP "experience" with desktop icons and similar Start Menu choices. I have found the learning curve to be greatly reduced in accepting the upgraded operating system.

mommalina
12-29-2010, 09:07 AM
Thank you, Dan! That's the kind of confirmation I wanted. I
had already mentioned to June that my computer would be
able to support Windows 7, and, if our efforts were for naught
to solve the Windows Update problem, I would go that route.

Just as June learned a lot setting up her grandchildren's
notebooks, with KH forum online help, both she and I have
been learning a lot as we try to resolve my Windows Update
problem.

Our late beloved Vivienne also learned a lot via KH forum
online help, trying to resolve her son's computer problems
at his business. With KH online help, she was able to decide
which of his paid tech's advice to follow as well as pass on
some KH suggestions to him.

Sorry, I did not think I was asking for or receiving any more
than June or Vivienne were. It's not like KH is inundated with
too many posts asking for technical help. My sincere apologies
if I crossed the line .. :(

For our own enjoyment, I think June and I will make a list of
some of the many things we have learned from each other as
we tried to emulate the KH mission of user helping user.
They may help someone on the forum someday.

Thanks again, Dan. Windows 7 will probably be it if we do not
succeed.

Guest11
12-29-2010, 09:10 AM
Before it is misunderstood let me clarify what I said about "sending one of you into the registry". I was not being dergoatory at all. When you make a call to Microsoft for tech support and they take you into the registry if necessary, they make you agree to not hold them responsible for irreparable damage to Windows by entering the registry (and record that) and that is what I was referring to.

Dan also makes an excellent point in that there is a time when we just have to stop and suggest professional help and rereading this thread has told me that we have gone about as far as we can with no success whatsoever. Personally I think the solution appeared in the first few posts and was not tried and that should work, however before attempting anything so serious, Lina really needs to back up anything important first anyway and to be safe with data, again that suggests having someone with professional experience on hand if she has issues doing this.

Look I have been writing for some time we are dealing with a version of Windows unique in one respect and that is XP will soon be a 10 year old OS and no version of Windows has ever been supported so long. Most of us have seen issues cropping up in XP that are not resolvable and we also know the level of research for XP has been none for some time. Sure there are Windows Updates but it is illogical to sit with our heads in the sand believing that programs that have to be updated to work with Windows 7.0, will easily be backwards compatible with Windows XP forever.

Lina, Dan's idea is excellent to add a hard drive and install Windows 7 and then access files and data from old drive for a time and of course I realize you are on a fixed income and this sounds incredible scary, but I would bet if you asked your tech savvy kids for help, they would drop the dishes to help you do so? Of course this is none of my business but your computer is sooo important to you and everyone knows it, why not do it right?

Dan18960
12-30-2010, 03:39 PM
Thank you, Dan! That's the kind of confirmation I wanted. I
had already mentioned to June that my computer would be
able to support Windows 7, and, if our efforts were for naught
to solve the Windows Update problem, I would go that route.

Just as June learned a lot setting up her grandchildren's
notebooks, with KH forum online help, both she and I have
been learning a lot as we try to resolve my Windows Update
problem.

Our late beloved Vivienne also learned a lot via KH forum
online help, trying to resolve her son's computer problems
at his business. With KH online help, she was able to decide
which of his paid tech's advice to follow as well as pass on
some KH suggestions to him.

Sorry, I did not think I was asking for or receiving any more
than June or Vivienne were. It's not like KH is inundated with
too many posts asking for technical help. My sincere apologies
if I crossed the line .. :(

For our own enjoyment, I think June and I will make a list of
some of the many things we have learned from each other as
we tried to emulate the KH mission of user helping user.
They may help someone on the forum someday.

Thanks again, Dan. Windows 7 will probably be it if we do not
succeed.

Lina,

I was not referring to your asking for help - I have been following this thread to see where I could think of something being overlooked but nothing I would expect a "reasonable" person to accomplish was not addressed. There is no "line" to cross - it just comes to a point when how far do we go with a "working" system to making it a non working system?

As Rich more eloquently presented is there is a time when a professional is the only alternative to solving a problem. I find that I see things that are overlooked in verbal (and in the case of the forum written) communication that doesn't come to mind to ask, sometimes not apparent, and/or just "feels" like a path to take. That is why I always tell my clients that I just guess luckier than most - and I have worked with very knowledgeable techs that were just seeing the tree instead of the forrest until we talked through what they were doing and seeing. Sometimes a light goes off and all of a sudden they "got it" without both of us even addressing where they have found the solution.

User helping User also denotes when to say we have reached a point where it is more prudent to contact a professional - the responses reached 6 "pages" before I suggested that it would be time to look at having your system repaired and I read all of those posts before I "threw in the towel" because you had been presented and attempted all that a reasonable person should be expected to do for a resolution and still the problem persists. That means reasonably you have gone above and beyond in your efforts to re-associate the Windows updates with the system. Could I fix the problem in 15 minutes - I have on several occasions and other times have taken me literally hours to get a system to do the updates. I told Rich about a month ago that I was FORCED to reformat and reload XP because it was just beyond technically correcting the system. Before that it has been years (yes yearS) since I had to do that.

I know you have been helped in the past with issues and they were successfully accomplished - this is just one of those times that it did not work out.

I am with Rich on the registry entry - Microsoft takes no responsibility even when they are the ones telling you to go there for changes.

I will give you a direct point that occurred today. I had walked (talked to them on the phone) a client through the basics of getting their video back on an XP system for an hour yesterday and they still didn't have video so I made an appointment to be there this morning. When I got there he said he had removed the last software they had loaded before they had the problem but there was still no video. I went in and even though they had followed the standard uninstall process, the software was STILL embedded in the system. It took me on-site an HOUR to fix the system. First I had to get the system to boot with some video (using the VGA method gave me that access), then I had to remove the remnants of the software, delete the video drivers that had gotten corrupted, remove the additional video components of the video card, and reinstall the video drivers all over again. There was just too many "gotchas" to successfully walk the client through to resolve the problem. My talking them through the processes yesterday would have provided a "reasonable" issue to be resolved but again once I looked at the system, examined what was causing the initial issue and then having to remove all the video drivers to fully repair the system - it just required me to be there to fix the computer. This goes back to seeing what the person I was helping did not relate not because they didn't know but because they didn't know how to show me the forrest and we were both looking at the tree.

Now would I talk another user through what I did - MAYBE, but more likely not. Because removing embedded remnants of software is not always the answer and removing video drivers is not always the solution, it just so happens in this case I "felt" it was the right path to follow. Again, I was in front of the machine, I was getting immediate feedback of my actions, and I was aware of my last action - something a person on the other end of the phone would be just doing what I said. I have asked many clients when they have a problem arise what was the LAST thing you did and the answer always comes back "I didn't do ANYTHING!" And I am not even in the position to take any action against them, I am only trying to find a place to start.

AND I think (IF it is setup "your" way) you will thoroughly enjoy Windows 7!

mommalina
12-30-2010, 06:05 PM
Lina,

I was not referring to your asking for help - I have been following this thread to see where I could think of something being overlooked but nothing I would expect a "reasonable" person to accomplish was not addressed. There is no "line" to cross - it just comes to a point when how far do we go with a "working" system to making it a non working system?

Dan, I knew you were not referring to my asking for
help. Your remarks were not those which offended me.

From you posts, I knew you had followed the thread
and checked it thoroughly. I was relieved and grateful
when you concurred that going to Window 7 would
be the best solution!

June and I are going to try a recovery disk. We may
even try the Acronis backup of the initial installation.
I'd have to copy all files under my user file to a USB
thumb drive or hard drive anyway before installing
Windows 7 (my son's suggestion). Nothing to lose,
and I'm sure we'll add a lot to what we have already
learned.

I'm deeply appreciative of everyone's efforts to help.
Thanks .. :hug:

Dan18960
12-31-2010, 07:44 AM
I'd have to copy all files under my user file to a USB
thumb drive or hard drive anyway before installing
Windows 7 (my son's suggestion). Nothing to lose,
and I'm sure we'll add a lot to what we have already
learned.



Lina,

To do the Acronis restore or the recovery would highly advise backing up your data - BUT with Windows 7 you should be using a new hard drive and then connecting back your old hard drive so none of your data would be lost.

There are some simple walk throughs when doing a second hard drive that need to be done BEFORE drivers, applications, and data moving is done though.

TonyDi
01-03-2011, 11:30 AM
Just for fun, please check to see if the update service is running.

Go to RUN
Type in MSCONFIG and hit the ENTER.
Click on the SERVICES tab.
Find AUTOMATIC UPDATES and check the status - see if it's running.

mommalina
01-03-2011, 12:10 PM
Tony, Automatic Updates is running.

But note, please: Computer set to Notify me but don't
automatically download or install them.

Just for fun, Do you think I should try checking
AUTOMATIC (RECOMMENDED)?

BTW, Windows Firewall was turned off; I turned it back
on. (I had disabled it along with all security before
trying different programs to resolve the update problem.)

Thanks, Tony :hug:

TonyDi
01-03-2011, 12:15 PM
If what you're doing isn't working, try something else.

I would check AUTOMATIC and then restart your computer. I don't know when it will check with MS for updates.

Rob-S
01-03-2011, 01:18 PM
Lina,
Odds are you need to do a clean install of XP, or as you mention install Win7, but for the heck of it check to see if these two items are set correctly....

The attached image shows the correct settings for the two 'Services' (outlined in RED) that are required for Automatic Updates to run properly.

To access the Services Console:

Click Start, Run, type --> services.msc

Click the 'Standard' Tab view.

mommalina
01-03-2011, 01:28 PM
If what you're doing isn't working, try something else.

I would check AUTOMATIC and then restart your computer. I don't know when it will check with MS for updates.

Partial success! .. :cheer2:

I checked AUTOMATIC, then clicked TURN OFF computer
(thru START). It warned me not to shut down the computer
until all updates were installed. I watched it do 12 updates
and turn itself off.

When I turned on the computer again (cold boot), the
Windows Update site showed :

- 12 updates successfully updated, and

- 2 more updates still pending (in EXPRESS)



Windows Internet Explorer 7 for Windows XP
Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2360131)


An effort to update the 2 proved unsuccessful.

I have IE-6 on the computer. We uninstalled IE-7 in an
effort to solve the updating problem.

Should I reinstall IE-7?

If so, I guess I should UNinstall IE-6 first?

TonyDi
01-03-2011, 01:44 PM
Go directly to IE 8 if you can. Leave IE 6 alone, it'll take care of itself during the update to IE 7 or 8.

mommalina
01-03-2011, 02:05 PM
Lina,
Odds are you need to do a clean install of XP, or as you mention install Win7, but for the heck of it check to see if these two items are set correctly....

The attached image shows the correct settings for the two 'Services' (outlined in RED) that are required for Automatic Updates to run properly.

To access the Services Console:

Click Start, Run, type --> services.msc

Click the 'Standard' Tab view.

Rob, they both state AUTOMATIC.

On the lefthand side, I notice:



If BITS is disabled, features such as Windows Update
will not work correctly.

(I now have Windows Updates configured to download and
update automatically.)

You still suggest change BITS from AUTOMATIC to
MANUAL?

If so, how do I do it? Click START THE SERVICE??

mommalina
01-03-2011, 02:20 PM
Go directly to IE 8 if you can. Leave IE 6 alone, it'll take care of itself during the update to IE 7 or 8.

I think initially IE-7 was installed because of a conflict
between IE-8 and XP Pro SP3. Don't know if it has
been resolved.

I'll try installing IE-7 since that worked okay earlier.

Rob-S
01-03-2011, 03:38 PM
Rob, they both state AUTOMATIC.

On the lefthand side, I notice:



(I now have Windows Updates configured to download and
update automatically.)

You still suggest change BITS from AUTOMATIC to
MANUAL?

If so, how do I do it? Click START THE SERVICE??

Lina,
I should have mentioned that both can be set to Automatic too. Your settings are ok..no need to change them. :smile:

Rob-S
01-03-2011, 03:45 PM
If what you're doing isn't working, try something else.

I would check AUTOMATIC and then restart your computer. I don't know when it will check with MS for updates.


Partial success! .. :cheer2:

I checked AUTOMATIC, then clicked TURN OFF computer
(thru START). It warned me not to shut down the computer
until all updates were installed. I watched it do 12 updates
and turn itself off.

When I turned on the computer again (cold boot), the
Windows Update site showed :

- 12 updates successfully updated, and

- 2 more updates still pending (in EXPRESS)

Tony,
Good catch!!

Lina,
I agree with Tony...skip IE7..install IE8.

Guest11
01-03-2011, 04:36 PM
By all means download IE8.0. That could be a major part of the problem why they didn't work.

mommalina
01-03-2011, 05:15 PM
Lina,
Odds are you need to do a clean install of XP, or as you mention install Win7, but for the heck of it check to see if these two items are set correctly....

The attached image shows the correct settings for the two 'Services' (outlined in RED) that are required for Automatic Updates to run properly.

To access the Services Console:

Click Start, Run, type --> services.msc

Click the 'Standard' Tab view.

Will check this later if update problems persist, Rob. Remind
me please, if I forget. Thanks.

mommalina
01-03-2011, 06:30 PM
Go directly to IE 8 if you can. Leave IE 6 alone, it'll take care of itself during the update to IE 7 or 8.

I did successfully install IE 8! :cheer2:


:sorry: ........ I did leave IE 6 alone but tried unsuccessfuly to
update to IE 7. (Your last few words resonated with me, not
your first sentence. )

Microsoft did not ask for Windows Genuine Verification while
installing IE 8, only while trying to install IE 7.

Can I safely ignore the warning below which appeared
while trying to install IE 7? It's sitting on my desktop as an
Internet Explorer Virtual PC ReadMe.



This image will expire on January 10, 2011. At that time the Operating System will no longer boot, and you will be locked out of the VHD. Please ensure you back up any relevant data before January 10, 2011.

In order to make the VPC download smaller, the paging file has been turned off. To improve system performance, it is recommended that you turn it back on.

The Admin password is Password1

The image was and is up to date as of 10/09/10.

This image will not pass Windows Genuine Verification. If you need to install an application that requires it, download it on a genuine PC, and then copy it to the VPC.

Nod 32 icon is green again, but OSI tells me that I'm
missing Windows Update KB971961.

I have to figure out how to install the Active X on the
Windows Update site before it will display correctly.
I may, with June's help, be able to do it tonight.

Thanks for the added input, and special thanks to
Tony aka Kelly .. :hug:

mommalina
01-03-2011, 06:59 PM
Nod 32 icon is green again, but OSI tells me that I'm
missing Windows Update KB971961.


Correction: Both Nod 32 and OSI now indicate that
I'm missing an update.

TonyDi
01-03-2011, 07:00 PM
What's up with the VHD? I assume that's a Virtual Hard Drive. Lina, do you know where this came from?

TonyDi
01-03-2011, 07:04 PM
Reading the MSKB article, this may be related to your IE7.
http://support.microsoft.com/kb/971961

However, you are now on IE 8 - correct?
Are you also running SP-3?
Have you restarted your computer since installing IE 8?

Guest11
01-03-2011, 07:56 PM
This is really puzzling and I certainly would not ignore it. Possibly it feels as if your OS is being looked at as a virtual OS but whatever it is as long as it is viewed as not genuine, you will lose Windows on January 10th so I think it's time to get off the pot and either reinstall XP or move forward. I would not be doing anything else myself.





I did successfully install IE 8! :cheer2:


:sorry: ........ I did leave IE 6 alone but tried unsuccessfuly to
update to IE 7. (Your last few words resonated with me, not
your first sentence. )

Microsoft did not ask for Windows Genuine Verification while
installing IE 8, only while trying to install IE 7.

Can I safely ignore the warning below which appeared
while trying to install IE 7? It's sitting on my desktop as an
Internet Explorer Virtual PC ReadMe.



Nod 32 icon is green again, but OSI tells me that I'm
missing Windows Update KB971961.

I have to figure out how to install the Active X on the
Windows Update site before it will display correctly.
I may, with June's help, be able to do it tonight.

Thanks for the added input, and special thanks to
Tony aka Kelly .. :hug:

Rob-S
01-04-2011, 09:56 AM
I did leave IE 6 alone but tried unsuccessfuly to update to IE 7.

Microsoft did not ask for Windows Genuine Verification while
installing IE 8, only while trying to install IE 7.

Can I safely ignore the warning below which appeared
while trying to install IE 7? It's sitting on my desktop as an
Internet Explorer Virtual PC ReadMe.


This image will expire on January 10, 2011. At that time the Operating System will no longer boot, and you will be locked out of the VHD. Please ensure you back up any relevant data before January 10, 2011.

In order to make the VPC download smaller, the paging file has been turned off. To improve system performance, it is recommended that you turn it back on.

The Admin password is Password1

The image was and is up to date as of 10/09/10.

This image will not pass Windows Genuine Verification. If you need to install an application that requires it, download it on a genuine PC, and then copy it to the VPC.

Nod 32 icon is green again, but OSI tells me that I'm
missing Windows Update KB971961.

Lina,
The VPC message is odd indeed, and will more than likely continue to cause problems even if your OS doesnt 'expire' on Jan 11, 2011. That said, I would not ignore the warning message...you may end up losing all you personal data!!!
This is one of those times where the 'damage' to the OS is beyond what we can help with, especially with the possiblity that you will be locked out of your pc in a few days.

Dan and Rich are spot on....forget about trying to save your current XP install..its time to do a clean install of XP.
And by all means, backup and/or copy all your important data ASAP!!!

mommalina
01-04-2011, 10:43 AM
What's up with the VHD? I assume that's a Virtual Hard Drive. Lina, do you know where this came from?

Something that came up when trying to install E-7. Instructions were
very confusing (for me, that is).

mommalina
01-04-2011, 10:54 AM
Reading the MSKB article, this may be related to your IE7.
http://support.microsoft.com/kb/971961

However, you are now on IE 8 - correct?
Are you also running SP-3?
Have you restarted your computer since installing IE 8?

Yes, I am on IE 8. (Verified by IE > Help > About
Internet Explorer.)

Yes, I am running SP-3. (Verified by Control Panel >
System Properties.)

Yes, I have restarted computer several times since
installing IE 8.

Everything seems to be working normally, except for
knowing how to install the Active X for IE so I can
check the history on the Windows Update site.

mommalina
01-04-2011, 11:18 AM
I will copy my sensitive date and mail the rest to an online
mail box, if I can't find someone to back it all up.

I don't know when I can get someone to do a clean install.

What is the worst that can happen on January 11? Does
the possibility exist that I would not be able to get into
my computer to do a clean install before then?

Guest11
01-04-2011, 01:03 PM
I will copy my sensitive date and mail the rest to an online
mail box, if I can't find someone to back it all up.

That is what you need to do.



What is the worst that can happen on January 11?

The worst is you are locked out and everything there is lost.



Does the possibility exist that I would not be able to get into
my computer to do a clean install before then?

Not with current conditions that possibility does not exist with everything we currently know.

mommalina
01-04-2011, 02:13 PM
What is the worst that can happen on January 11?

The worst is you are locked out and everything there is lost.




Not with current conditions that possibility does not exist with everything we currently know.

Tonight my daughter Dori will try to help me back up my
personal files.

Just to be sure I'm reading you right, Rich:

I should be able to do a new install of XP Pro after
January 11 if I can't get it done before then?

In other words, I'd be locked out of everything on the computer
but could still reload it with my current licensed XP Pro disc?

Rob-S
01-04-2011, 03:29 PM
Just to be sure I'm reading you right, Rich:

I should be able to do a new install of XP Pro after
January 11 if I can't get it done before then?

In other words, I'd be locked out of everything on the computer
but could still reload it with my current licensed XP Pro disc?

Lina,
Yes you will be able to reload(do a 'clean install') even if the 'lock out' occurs.

As for backing up your files, I don't know what your backup plan is, but if need be you
can use the built-in NT Backup Utility that comes with XP.
Copying your personal files, favorites, email, etc into the My Documents folder makes
the backup process relatively easy since you'd be backing up that one folder.
You can however, select the option to choose which folders to back up.

You're using XP Home, so if you decide to use NT Backup, you'll need to install it form the XP CD as follows:

Insert the XP CD and navigate to the VALUEADD\MSFT\NTBACKUP folder.

Double-click the Ntbackup.msi file to start the wizard that installs Backup utility.
When the wizard is complete, click Finish. Remove XP CD.

NtBackup is now installed on your PC in the Programs\Accessories\System Tools folder as 'Backup'.
Alternately you can launch NT Backup Utility as follows: click 'Start', click 'Run', type --> ntbackup

The NT Backup wizard runs...select 'Backup files and settings', click next,
then select 'My Documents and Settings' (or 'Let Me Choose what to backup',
in which case you need to select the folders from the 'Items to Backup' dialog box.)
When finished, click next.

You then need to select the location(click browse...you can select Desktop for now) to save the backup file,
and enter a name for the file. Click Finish and the backup will be created.

Now you need to either burn the backup file to a CD or DVD, or copy it to a Flash drive, etc.

Guest11
01-04-2011, 06:46 PM
Yes and Yes.
Tonight my daughter Dori will try to help me back up my
personal files.

Just to be sure I'm reading you right, Rich:

I should be able to do a new install of XP Pro after
January 11 if I can't get it done before then?

In other words, I'd be locked out of everything on the computer
but could still reload it with my current licensed XP Pro disc?

Rob-S
01-05-2011, 01:27 PM
Lina,
Btw if your using Outlook Express, you can save your email account and address book as follows:
Open OE, click Tools, Accounts, highlight your account, click Export button.
For Address book, click Address book icon, click File, select Export, select WAB.

mommalina
01-05-2011, 02:07 PM
Lina,
Btw if your using Outlook Express, you can save your email account and address book as follows:
Open OE, click Tools, Accounts, highlight your account, click Export button.
For Address book, click Address book icon, click File, select Export, select WAB.

Will try them again. Didn't work for my daughter and me last night. We
did successfully transfer some personal files to CDs, but could not do all
of them.

I sent everyone in my address book a test email via Undisclosed Recipients,
updated the addresses, highlighted all the names in the address book,
pasted them in the body of a new message email, and sent it to my junk
email account. I can retrieve the email and enter the information manually
if further attempts fail.

Thanks, Rob. ♥

Rob-S
01-07-2011, 01:04 PM
Lina,
This may be a bit of good news for you....albeit temporary.... :twitch:

Now I'm not sure if this applies to your particular situation, since we
have no idea how the Virtaul PC issue happened to your PC,

but according to updated info from Microsoft, the 'lockout date' for
the VHD images is Feb 1, 2011, not Jan 10, 2011 as was indicated.

Hopefully this is the case, and will at least give you a bit of breathing room... :smile:

mommalina
01-07-2011, 06:58 PM
Lina,
This may be a bit of good news for you....albeit temporary.... :twitch:

Now I'm not sure if this applies to your particular situation, since we
have no idea how the Virtaul PC issue happened to your PC,

but according to updated info from Microsoft, the 'lockout date' for
the VHD images is Feb 1, 2011, not Jan 10, 2011 as was indicated.

Hopefully this is the case, and will at least give you a bit of breathing room... :smile:

Thank you, Rob! I sure could use that breathing room. It will give
June and I a chance to try a recovery disk when she and I have
some time.

Apartment two floors up sprung a break in the pipe leading to a
washing machine. Owner had turned on the washer and gone out
for a while. When he got back his carpets were floating away.
I have wet carpets in every room, a hole in my ceiling, two very
noisy fans and a noisy dehumidifier going full blast .. :drama:

Boy, do I appreciate being hard of hearing! :smile:

Sure puts things into perspective!

mommalina
02-01-2011, 10:50 AM
Lina,
This may be a bit of good news for you....albeit temporary.... :twitch:

Now I'm not sure if this applies to your particular situation, since we
have no idea how the Virtaul PC issue happened to your PC,

but according to updated info from Microsoft, the 'lockout date' for
the VHD images is Feb 1, 2011, not Jan 10, 2011 as was indicated.

Hopefully this is the case, and will at least give you a bit of breathing room... :smile:

Rob, do you know if the 'lockout date" has again been
extended?

It's Feb 1, 10:40 a.m., and I have not yet been locked out. I'm
keeping my fingers, eyes, arms, and legs crossed .. :)

Everything seems to be working great. I have OE, my address
book, and important files backed up. Still waiting.

It has all not been for naught. I've learned a lot, whether or
not I get locked out. From the bottom of my heart, I thank all
who did not give up on me and tried to help .. :hug:.. :hug:

Rob-S
02-01-2011, 11:12 AM
Lina,
Again, I'm not sure if this applies to your situation, but the expiration date for VHD images is now May 18, 2011. :noidea:


Rob, do you know if the 'lockout date" has again been
extended?

It's Feb 1, 10:40 a.m., and I have not yet been locked out. I'm
keeping my fingers, eyes, arms, and legs crossed .. :)

Everything seems to be working great. I have OE, my address
book, and important files backed up. Still waiting.

It has all not been for naught. I've learned a lot, whether or
not I get locked out. From the bottom of my heart, I thank all
who did not give up on me and tried to help .. :hug:.. :hug:

mommalina
02-01-2011, 11:17 AM
Lina,
Again, I'm not sure if this applies to your situation, but the expiration date for VHD images is now May 18, 2011. :noidea:

Well, then, I'm just going to hang in there. No sense
having a nervous breakdown before it happens. It
may never happen! I'll be prepared if it does .. :)

Thanks again, Rob. Please keep me posted if you see
more on the expiration for VHD images.

mommalina
02-01-2011, 11:28 AM
For the gurus and anyone interested, here's what Rob and
I are referring to:

Internet Explorer Application Compatibility VPC Image
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=21eabb90-958f-4b64-b5f1-73d0a413c8ef&displaylang=en#Instructions

Somehow, when upgrading from IE-7 to IE-8, I must have
clicked on something to trigger a notice that I'd be locked
out.

All above my head.

jcampi
02-01-2011, 04:23 PM
You would be so much happier with Windows 7. In fact, if you migrated to it, you will end up being mad at yourself for not moving to it long ago.

mommalina
02-01-2011, 04:58 PM
You would be so much happier with Windows 7. In fact, if you migrated to it, you will end up being mad at yourself for not moving to it long ago.

John, I explored that by obtaining a Windows
Upgrade 7 Advisor Report from here:
http://www.microsoft.com/windows/windows-7/get/upgrade-advisor.aspx

My current computer's hardware would not support
several things, including my printer. So, any wipe
and load will be with the WindowsXP Pro SP3 disk
I have for this computer.

My next computer will have Windows 7 or the
latest then.

Thanks for your input, John.

Guest11
02-02-2011, 01:47 PM
Not a problem as this will not be an upgrade but a clean install so leave off Diskeeper and Acronis 11. The rest don't matter as you won't be using them anyway. No problem installing Windows 7 then.





Rich and Cindy, I thought the forum had had it with my litany
and so I did not post what was in the Windows Upgrade 7 Advisor
Report that caused me to conclude I could not upgrade to
W7.

I could not copy it, but I typed it out. Here it is:

mommalina
02-02-2011, 02:30 PM
Not a problem as this will not be an upgrade but a clean install so leave off Diskeeper and Acronis 11. The rest don't matter as you won't be using them anyway. No problem installing Windows 7 then.

Which Version of Windows 7 should I install?

Where's the best place to buy it?

I assume I would want a disk, and not just a
download?

Guest11
02-02-2011, 03:16 PM
I am not aware you can download it legally Lina....
I think for your purposes Windows 7 Home Premium is fine....
http://www.newegg.com/Product/Product.aspx?Item=N82E16832116754
It seems there are many with this price and I don't see any under $99.99.

mommalina
02-02-2011, 03:35 PM
I am not aware you can download it legally Lina....
I think for your purposes Windows 7 Home Premium is fine....
http://www.newegg.com/Product/Product.aspx?Item=N82E16832116754
It seems there are many with this price and I don't see any under $99.99.

Rich, that's for 64-bit. I think I have 32-bit?

And (scroll back up), I think Windows Upgrade 7 Advisor
Report indicated:



Note: All information for 64-bit Windows 7 is the same as above except for following addition:

2.0 GB of RAM - Your PC memory does not support the 3 GB requirement for running Windows XP Mode on Windows 7; you might experience poor performance.

mommalina
02-02-2011, 04:21 PM
I know Lina. Your hardware can do either and at this point, I think it makes sense to go to 64 bit as sooner or later that's where the whole platform will be.

But my computer has 2 GB of RAM, and Upgrade Advisor said:


2.0 GB of RAM - Your PC memory does not support the 3 GB requirement for running Windows XP Mode on Windows 7; you might experience poor performance.

I'm confused .. :confused:

allheart55 (Cindy)
02-02-2011, 04:36 PM
Lina,

You can disregard that, you won't be running XP mode.

mommalina
02-02-2011, 04:43 PM
Lina,

You can disregard that, you won't be running XP mode.

:sleep: .. :doh:

Thanks, Cindy.

Guest11
02-02-2011, 06:03 PM
Yeah I don't know where "XP mode" came from here anyway!

allheart55 (Cindy)
02-02-2011, 06:19 PM
Yeah I don't know where "XP mode" came from here anyway!

It came from the results of the Windows 7 Upgrade Advisor Rich. :)

Guest11
02-02-2011, 06:26 PM
Thanks for that as much as I always suggest folks use it, I never have!
It came from the results of the Windows 7 Upgrade Advisor Rich. :)

allheart55 (Cindy)
02-02-2011, 07:43 PM
Rich, I have set it up before for a client but I have never really used it myself.

Lina, We will probably want to add another gig of RAM anyway for Windows 7.
I have a matching stick for you...