Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A right mess


  • Please log in to reply
14 replies to this topic

#1 aeonise

aeonise

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 30 July 2009 - 11:32 PM

After noticing redirects (for example, clicking a search result from google or yahoo would end up at a completely unrelated site) using both Firefox and IE on my father's pc, I learned that the AV on the computer is a copy of Norton AV from at least six years ago that doesn't seem to update at all. I uninstalled it, ran a Norton removal tool, and loaded Avast in its place. The boot scan turned up 4 infections (which were deleted) and a false positive. After that, I let it update its definitions and ran a complete scan overnight, which found another few things and deleted them. Today, I opened the main user interface to schedule regular scans only to be greeted with a warning that C:\Windows\system32\ws2_32.dll is infected with a trojan called "Win32:Patched-KW [Trj]". That particular dll is in operating memory, so I can't clean, delete, or quarantine it, nor even copy a clean version over it. In addition to help with that, any suggestions on other tools to run (I'm about to install MalwareBytes and will add anything it finds), or anything else that needs doing to clean up this mess would be appreciated. Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 31 July 2009 - 12:02 AM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.




Please run malwarebytes and run a Full Scan and then post back the log.
Computer Pro

#3 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 31 July 2009 - 10:34 AM

Well, it doesn't look like running anything on that computer is possible at the moment. I installed MB and rebooted, only to get a blue screen during the boot up. Two reboots got the same thing. It occurs after the bios screen and after the WinXP logo and moving bar screen, right before it should go to the logon screen. The message given is this:
Stop:  c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000139 (0x00000000 0x00000000).
The system has been shut down.
While I can access the BIOS and potentially boot from a CD or other storage, Windows Recovery Console does not appear to be installed on this system. I'm currently trying to find out if he has the original system disc and where it is.

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 31 July 2009 - 06:24 PM

Ok, let us know if you find it
Computer Pro

#5 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 31 July 2009 - 09:18 PM

No dice on this either. Turns out the wonderful folks at Dell didn't bother shipping the disc with my dad's comp. To stop my father's panic over a non-booting computer, I repaired via a disc from an almost identical system (a mistake from my young and stupid days), which gives me something that runs, albeit with a great many errors, probably due to a few hardware differences in the systems. While I think I could manage running MB and such, I doubt the system is sufficiently stable to make that a good idea. Instead, I'm planning to wait for the disc Dell put in the mail today (3-5 workdays) and repair again from that before doing anything further. I'll update this thread again, or start a new one if needed, at that time. Thanks for the attempted help, anyway.

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 31 July 2009 - 09:27 PM

You can go ahead and post back in this thread once you have done the repairing.
Computer Pro

#7 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 07 August 2009 - 06:05 PM

Okay, got the system disc Wednesday, and I've spent most of my spare time yesterday and today getting drivers and system-dependant software reinstalled, running several scans with Avast, MBAM, and a the online scanners from Trend Micro and Kaspersky, and generally just trying to make sure the computer's in working order. The latest MBAM scan log is below, and it looks like everything is clean, but it alerted me to another problem in that the PC needs XP SP3 installed again. That led to finding out that both the automatic updates and Windows Defender say they can't get their updates, and going to update.windows.com for them screws up when it tries to scan for what the PC needs. *sigh* One thing after another. At least it looks like we're virus free now.
Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 5.1.2600 Service Pack 2

8/7/2009 10:53:09 AM
mbam-log-2009-08-07 (10-53-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 428283
Time elapsed: 1 hour(s), 43 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 07 August 2009 - 06:31 PM

Could you please post the original Malwarebytes log, as well as Kaspersky log?
Computer Pro

#9 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 07 August 2009 - 07:44 PM

I don't have a MBAM log from before the repair since I was rebooting from installing MBAM when it went BSOD during boot the first time, and I hadn't run anything except Avast's scan at that point. Here is MBAM's log from just after the repair:
Malwarebytes' Anti-Malware 1.39

Database version: 2548

Windows 5.1.2600 Service Pack 2



8/6/2009 11:04:18 AM

mbam-log-2009-08-06 (11-04-18).txt



Scan type: Full Scan (C:\|)

Objects scanned: 449887

Time elapsed: 1 hour(s), 43 minute(s), 13 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 13



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



Folders Infected:

(No malicious items detected)



Files Infected:

c:\WINDOWS\aazalirt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\iddqdops.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\jikglond.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\jiklagka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\jungertab.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\klopnidret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\ronitfst.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\salrtybek.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\seeukluba.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\skaaanret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\tobmygers.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\tobykke.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

c:\WINDOWS\zibaglertz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
I'm not sure where Kaspersky's online scanner puts logs, and I didn't save that one since both it and the MBAM scans came up clean. =/ Also, here's Avast's alerts list:
7/30/2009 7:42:16 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\windows\system32\WS2_32.dll" file.  

7/30/2009 8:01:17 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 8:11:10 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\SYSTEM32\WS2_32.DLL" file.  

7/30/2009 8:11:17 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\SYSTEM32\WS2_32.DLL" file.  

7/30/2009 8:11:21 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\SYSTEM32\WS2_32.DLL" file.  

7/30/2009 8:11:22 PM	SYSTEM	1900	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\SYSTEM32\WS2_32.DLL" file.  

7/30/2009 8:14:34 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\windows\system32\WS2_32.dll" file.  

7/30/2009 8:15:08 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 8:17:36 PM	TRENTON	3228	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 8:49:57 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\windows\system32\WS2_32.dll" file.  

7/30/2009 8:50:43 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 9:00:44 PM	TRENTON	2104	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 9:01:07 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\SYSTEM32\WS2_32.DLL" file.  

7/30/2009 9:22:18 PM	TRENTON	2276	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 11:26:40 PM	TRENTON	2428	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 11:39:37 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\windows\system32\WS2_32.dll" file.  

7/30/2009 11:39:58 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 11:44:21 PM	SYSTEM	1908	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 11:46:53 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\windows\system32\WS2_32.dll" file.  

7/30/2009 11:47:31 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\WS2_32.dll" file.  

7/30/2009 11:49:16 PM	TRENTON	2140	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 11:50:52 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\ws2_32.dll" file.  

7/30/2009 11:51:13 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\dllcache\ws2_32.dll" file.  

7/30/2009 11:51:27 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\OLD13.tmp" file.  

7/30/2009 11:51:36 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "c:\windows\system32\ws2_32.dll" file.  

7/30/2009 11:51:53 PM	SYSTEM	1912	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\ws2_32.dll" file.  

7/30/2009 11:52:11 PM	TRENTON	1272	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\ws2_32.dll" file.  

7/30/2009 11:52:21 PM	TRENTON	2424	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\WINDOWS\system32\ws2_32.dll" file.

8/6/2009 4:17:07 AM	TRENTON	2444	Sign of "JS:Obfuscated-CU [Trj]" has been found in "C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\Z1H9DVML\iopa[1].htm" file.  

8/6/2009 6:25:19 PM	TRENTON	2444	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1203\A0137795.dll" file.  

8/6/2009 9:29:32 PM	TRENTON	2444	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1203\A0137796.dll" file.  

8/6/2009 9:29:52 PM	TRENTON	2444	Sign of "Win32:Patched-KW [Trj]" has been found in "C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1204\A0138898.dll" file.  

8/6/2009 9:45:46 PM	TRENTON	2444	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\877.tmp" file.
Most of that is just repeating mentions of the infected .dll, and the things it found after the repair have all been deleted.

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 07 August 2009 - 08:15 PM

Please run ATF and SAS:
Credits to Boopme

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Edition

Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:02 PM

Posted 07 August 2009 - 08:49 PM

Hope fully you can update and rerun Mbam your version is outdated

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


NOted
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 08 August 2009 - 10:17 AM

Okay, I went through the ATF and Super process before seeing the note on MBAM (does it not auto-update?), so here's the super log first:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2009 at 11:05 PM

Application Version : 4.27.1002

Core Rules Database Version : 4040
Trace Rules Database Version: 1980

Scan type	   : Complete Scan
Total Scan Time : 02:01:23

Memory items scanned	  : 253
Memory threats detected   : 0
Registry items scanned	: 6794
Registry threats detected : 2
File items scanned		: 37594
File threats detected	 : 17

Trojan.SpyFalcon
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{89aef01d-d237-49c7-84dc-4e1904c1fd31}

Spyware.SecurityToolbar
	HKLM\Software\Microsoft\Internet Explorer\Toolbar#{736b5468-bdad-41be-92d0-22ae2ddf7bcb}

Browser Hijacker.Favorites
	C:\Documents and Settings\Administrator\Favorites\Pharmacy\Howard's Rexall Product Page 12.url
	C:\Documents and Settings\Administrator\Favorites\Pharmacy

Trojan.Security Toolbar
	C:\Program Files\Security Toolbar\Uninstall.bat
	C:\Program Files\Security Toolbar

Trojan.Media-Codec
	C:\Program Files\Media-Codec

Malware.Installer-Pkg/Gen
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
	C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Unknown Origin
	C:\WINDOWS\SYSTEM32\OT.ICO
	C:\WINDOWS\SYSTEM32\TS.ICO
Not as virus-free as I'd thought, I suppose. All items were moved to quarantine. Here's the MBAM log after updating:
Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 2

8/8/2009 10:10:18 AM
mbam-log-2009-08-08 (10-10-18).txt

Scan type: Quick Scan
Objects scanned: 123426
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Just as an aside, would there be any problems running ATF every week or so?

Edited by aeonise, 08 August 2009 - 10:18 AM.


#13 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 08 August 2009 - 10:53 AM

No, there would not be any problem with that. All it does it cleans out junk files. So it would be actually good to run every week.

I also notice that you are running Service Pack 2 of Windows XP. Running an outdated Service Pack exposes your PC to multiple threats and also makes it so that malware can circulate a lot faster through the security holes. I suggest that you run Windows Update and install all of the updates that it suggests. Running Windows Update patches your computer from known vulnerabilities.

After you have done that, how are things running now?
Computer Pro

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:02 PM

Posted 08 August 2009 - 12:08 PM

I suggest that you run Windows Update and install all of the updates that it suggests.


I would only suggest installing all critical updates and using discretion for the optional or suggested ones.
Chewy

No. Try not. Do... or do not. There is no try.

#15 aeonise

aeonise
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 08 August 2009 - 12:18 PM

I mentioned in post #7 that I'd noticed the repair put the computer back down to SP2, but Automatic Updates and Windows Defender won't update now (downloaded and installed definitions for the latter manually for now), and update.microsoft.com (I said .windows.com by mistake up there) just spits out an error when I follow the instrustions to have it install SP3. I'm downloading the standalone installer right now and will try running it when it's done. I'll post again after I've done that.

EDIT:
I'd sent an email to Microsoft regarding the error their site was giving me when I tried to update, and the reply came in just a bit ago. During the steps they suggested, I found that two services (Background Intelligent Transfer Service and Automatic Updates) aren't running and give an error when I try to start them:
Could not start the (Service Name) service on Local Computer.
Error 1083:  The executable program that this service is configured to run in does not implement the service.
Looks like a virus or the repair broke something. If anyone has a suggestion that doesn't involve sending Microsoft the mountain of info they request to help any further, I'm all ears.

EDIT EDIT:
Alright, the standalone installer did its thing, the system shows SP3 now, and both Automatic Updates and Windows Defender are connecting and updating fine. Getting, installing, and rebooting for all of the past few years' updates took quite a while, but it looks to be done. Is there anything else I should run or anything important from the logs above?

Edited by aeonise, 08 August 2009 - 09:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users