kerux Posted August 22, 2012 Author ID:588645 Share Posted August 22, 2012 This is all there is in the ComboFix.txt file:ComboFix 12-08-20.02 - Teri 08/21/2012 7:33:45.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2708 [GMT -5:00]Running from: C:\Users\Teri\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\Install.exeInfected copy of C:\Windows\SysWow64\userinit.exe was found and disinfected Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe ((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))2012-08-21 13:11:56 . 2012-08-21 13:11:56 -------- d-----w- C:\Users\Default\AppData\Local\temp2012-08-20 17:46:10 . 2012-08-20 17:46:28 -------- d-----w- C:\Program Files (x86)\ERUNT2012-08-17 19:35:01 . 2012-08-17 19:35:01 -------- d-----w- C:\Windows\CheckSur2012-08-17 02:16:51 . 2012-08-17 02:16:51 -------- d-----w- C:\Users\Teri\AppData\Roaming\Avira2012-08-17 02:10:56 . 2012-07-18 23:05:10 98848 ----a-w- C:\Windows\system32\drivers\avgntflt.sys2012-08-17 02:10:56 . 2012-07-18 23:05:10 27760 ----a-w- C:\Windows\system32\drivers\avkmgr.sys2012-08-17 02:10:56 . 2012-07-18 23:05:10 132832 ----a-w- C:\Windows\system32\drivers\avipbb.sys2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\ProgramData\Avira2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\Program Files (x86)\Avira2012-08-17 00:27:50 . 2012-08-17 00:36:24 -------- d-----w- C:\Users\Teri\AppData\Roaming\WinPatrol2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\ProgramData\InstallMate2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\Program Files (x86)\BillP Studios2012-08-16 18:10:40 . 2012-08-16 18:10:40 -------- d-----w- C:\Program Files (x86)\Belarc2012-08-15 18:14:17 . 2012-08-15 18:14:17 181064 ----a-w- C:\Windows\PSEXESVC.EXE2012-08-15 18:10:11 . 2012-08-15 18:08:43 381816 ----a-w- C:\Windows\system32\PsExec.exe2012-08-15 04:49:58 . 2012-08-15 04:49:58 -------- d-----w- C:\Program Files\HitmanPro2012-08-15 04:45:27 . 2012-08-15 04:55:35 -------- d-----w- C:\ProgramData\HitmanPro.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2012-08-15 04:56:29 . 2012-06-14 17:07:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-15 04:56:29 . 2012-06-14 17:07:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-02 22:19:46 . 2012-07-13 01:47:42 38424 ----a-w- C:\Windows\system32\wups.dll2012-06-02 22:19:43 . 2012-07-13 01:47:52 2428952 ----a-w- C:\Windows\system32\wuaueng.dll2012-06-02 22:19:42 . 2012-07-13 01:47:53 57880 ----a-w- C:\Windows\system32\wuauclt.exe2012-06-02 22:19:42 . 2012-07-13 01:47:53 44056 ----a-w- C:\Windows\system32\wups2.dll2012-06-02 22:19:23 . 2012-07-13 01:47:42 701976 ----a-w- C:\Windows\system32\wuapi.dll2012-06-02 22:15:31 . 2012-07-13 01:47:53 2622464 ----a-w- C:\Windows\system32\wucltux.dll2012-06-02 22:15:08 . 2012-07-13 01:47:42 99840 ----a-w- C:\Windows\system32\wudriver.dll2012-06-02 20:19:42 . 2012-07-13 01:47:33 186752 ----a-w- C:\Windows\system32\wuwebv.dll2012-06-02 20:15:12 . 2012-07-13 01:47:33 36864 ----a-w- C:\Windows\system32\wuapp.exe((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "C:\Program Files (x86)\Runescape\tbRun1.dll" [2011-01-28 00:14:15 3911776][HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2009-09-11 05:41:42 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 23:39:50 574296] Link to post Share on other sites More sharing options...
kerux Posted August 22, 2012 Author ID:588647 Share Posted August 22, 2012 FSS.txtFarbar Service Scanner Version: 06-08-2012Ran by Teri (administrator) on 22-08-2012 at 10:03:41Running from "C:\Users\Teri\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================Action Center:============Windows Update:============BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy: ============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is OK.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".Windows Defender Disabled Policy: ==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys[2011-04-01 19:48] - [2010-11-20 04:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38CC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys[2011-04-01 19:48] - [2010-11-20 08:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688DC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 22, 2012 ID:588686 Share Posted August 22, 2012 (edited) Step 1Download and Save McAfee Stinger to your Desktophttp://www.mcafee.co...ls/stinger.aspxClose all browsers before starting. Disable your antivirus program and anti-malware,if any.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOn Windows 7 & Vista systems, Right Click and select Run as Administrator.On XP, double-click to start it.The GUI interface will look like thisThe C drive is the default for scanning.Press the Preferences button. In the top right-block "On virus detection", click RenameIn the bottom block "Heuristic network check for suspicious files" select HighClick the Scan Now button.When done, use the File menu and select Save report to fileStinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.RE-Enable your anti-virus program.Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.It is not intended as virus protection.Windows servicesThis will be a batch-fix .Press the Windows-key on keyboard.In the box, type notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.@Echo offnet stop dcomlaunchnet stop nsinet stop dhcpnet stop rpcssnet stop winmgmtnet stop wscsvc net stop bits net stop wuauservnet stop sdrsvcnet stop vssnet stop eventlogsc config dcomlaunch start= autosc config nsi start= autosc config dhcp start= autosc config rpcss start= autosc config winmgmt start= autosc config wscsvc start= delayed-autosc config bits start= delayed-autosc config wuauserv start= delayed-autosc config sdrsvc start= manualsc config vss start= autosc config eventlog start= autonet start dcomlaunchnet start nsinet start dhcpnet start rpcssnet start winmgmtnet start wscsvc net start bits net start wuauservnet start sdrsvcnet start vssnet start eventlogshutdown -r -t 1del %0Select File -> Save AS.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Right click Fix.bat on your desktop, and choose .Press Yes if prompted by User Account Control.This procedure will do its tasks and then it will Restart Windows.Step 3MSRT from Microsoft.Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Centerhttp://www.microsoft...&displaylang=enAfter a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.logThe file may be opened and viewed with Notepad or similar text editor.Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830If no infections were found, you will see in your logResults Summary:----------------No infection found. Edited August 22, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
kerux Posted August 22, 2012 Author ID:588814 Share Posted August 22, 2012 McAfee® Labs Stinger Version 10.2.0.746 built on Aug 22 2012Copyright © 2012 McAfee, Inc. All Rights Reserved.Virus data file v100.0000 created on Aug 22 2012.Ready to scan for 4866 viruses, trojans and variants.Scan initiated on Wed Aug 22 14:49:55 2012Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 Number of clean files: 23151 Link to post Share on other sites More sharing options...
kerux Posted August 22, 2012 Author ID:588909 Share Posted August 22, 2012 (edited) Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Wed Aug 22 15:17:31 2012<div>Extended Scan Results</div><div>----------------</div><div>->Scan ERROR: resource process://pid:392 (code 0x00000005 (5))</div><div>->Scan ERROR: resource process://pid:3632 (code 0x0000012B (299))</div><div>->Scan ERROR: resource process://pid:4752 (code 0x0000012B (299))</div><div>->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))</div><div>->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))</div><div>No infection found as part of the extended scan</div><div> </div><div>Results Summary:</div><div>----------------</div>No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 22 18:14:39 2012Return code: 0 (0x0) Edited August 23, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589037 Share Posted August 23, 2012 Stinger detected nothing and MS Malicious Removal tool found nothing. Good results !Close any open work-files/documents/programs.Do a visit to Windows Update using Internet Explorer only http://windowsupdate.microsoft.comDo a scan for updates.Accept just Critical or Important updates. Deecline (un-check) any recommended or optional items.Let me know the results. If there is a update failure, I need the fail-exception code(s). Link to post Share on other sites More sharing options...
kerux Posted August 23, 2012 Author ID:589152 Share Posted August 23, 2012 Opened Windows Update thru Internet Explorer. Tried to update...code 80246008 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589155 Share Posted August 23, 2012 <sighhh>Download >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into your reply. Link to post Share on other sites More sharing options...
kerux Posted August 23, 2012 Author ID:589252 Share Posted August 23, 2012 Farbar Service Scanner Version: 06-08-2012Ran by Teri (administrator) on 23-08-2012 at 15:07:30Running from "C:\Users\Teri\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================Action Center:============Windows Update:============BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy: ============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is OK.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".Windows Defender Disabled Policy: ==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys[2011-04-01 19:48] - [2010-11-20 04:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38CC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys[2011-04-01 19:48] - [2010-11-20 08:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688DC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2012 ID:589454 Share Posted August 24, 2012 Download & SAVE 2 files to the DESKTOPDownload this reg-file http://download.bleepingcomputer.com/win-services/7/BITS.regDownload this reg-file http://download.bleepingcomputer.com/win-services/7/EventSystem.reggo to Start, type inREGEDIT and press Enter-keyfrom main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in bits.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.from main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in EventSystem.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.Close/Exit Regedit.Now, Logoff and Restart Windows.Now try Windows Update again, and advise of result. Link to post Share on other sites More sharing options...
kerux Posted August 25, 2012 Author ID:589776 Share Posted August 25, 2012 Files merged...update failed/ code 80246008 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 25, 2012 ID:589798 Share Posted August 25, 2012 Close and exit any open work documents or program windows you opened.1a. Open Internet Explorer (only!) to http://support.microsoft.com/kb/910336 [ignore the title & Symptoms].1b. Dismiss/close the "automated troubleshooter" pop-up! - then...1c. Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT and then AGGRESSIVE modes. [1]2. Reboot & then run a manual check for updates at Windows Update, etc., etc...When you reach Windows Update, do a Custom scan for updates. Take (accept) the ones marked Critical or Important.Decline any that are marked as "optional".Have infinite patience while it scans and does it's work.When it prompts you to Restart Windows, please do that. Allow it to restart.IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description (if you see it).Please have good patience, this is not very complicated. Ask me if you have questions.~~~~~~~~~~~~~~~[1] Running the Fixit in aggressive mode will result in your history of installed MS updates to be "empty" when viewed online at Windows Updates.What is actually installed on your system will not be affected. Link to post Share on other sites More sharing options...
kerux Posted August 25, 2012 Author ID:590014 Share Posted August 25, 2012 Fix-it 50202 failed to run in IE both on default and aggressive. Message: "Service 'Background Intelligent Transfer Service' (BITS) failed to start. Verify that you have sufficient priviledges to start system services. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 25, 2012 ID:590020 Share Posted August 25, 2012 Close all open browsers at this point. You must restart IE in elevated mode with administrator-rights.Start Internet Explorer (fresh) by pressing Start >> type in Internet Explorer >> Right-Click and select Run As Administrator.Using Internet Explorer browser only, go to this MS webpage and RUN the automated FIX-IThttp://support.microsoft.com/kb/971058Then when done, Logoff and Restart the system.Then retry Windows Update one more time. Link to post Share on other sites More sharing options...
kerux Posted August 27, 2012 Author ID:590464 Share Posted August 27, 2012 Started IE with admin rights. Ran Fix-it and it found error(s), but failed to fix them. Says Windows Update components fix failed. Update is still giving code 80246008 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590492 Share Posted August 27, 2012 Please advise me if you are logged in with an administrator-rights Windows account ?Did you write down what the Fix-It "errors" were ?Be aware that if we (me & you) don't figure this out (the failing windows update) & since malware can be ruled out, I will be referring to the Microsoft Answers forum.Windows servicesThis will be a batch-fix .Press the Windows-key on keyboard.In the box, type notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.@Echo offsc config dcomlaunch start= autosc config nsi start= autosc config dhcp start= autosc config rpcss start= autosc config winmgmt start= autosc config wscsvc start= delayed-autosc config bits start= delayed-autosc config wuauserv start= delayed-autosc config sdrsvc start= manualsc config vss start= autosc config eventlog start= autosc start bitssc start wuauservshutdown -r -t 1del %0Select File -> Save AS.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Right click Fix.bat on your desktop, and choose .Press Yes if prompted by User Account Control.This procedure will do its tasks and then it will Restart Windows. Be sure you are logged in with an administrator-rights account Visual check on services using MSCONFIGCheck for missing or disabled Windows services, by doing the following, and post detailed results when done !!From Start button, (or Win-key +R) and in the searcht-box type in MSCONFIG and press OK or Enter.On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIGYou should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)IF it does not, then you click on Normal startup.Click on Services tab. To get it's display of services.Keep a written list of any changes from my list of services below. That way you and I have a reference document.Look at the bottom line Hide all Microsoft servicesIF and only IF its is checkmarked, then un-check it.the list of servies may be shown in non-alphabetical order, so ....Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.You can toggle as needed to get the desired order.IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !Then using the scroll-bar scroll down the listLook for Background Intelligent Transfer Service. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Base Filtering Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Cryptographic Services. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.When done, press the Apply button, and the OK button.You're likely to be prompted to Restart Windows, do so.If not prompted, you do a Logoff and Restart of Windows.Then report back here with details.If any of the services are not shown, just let me know which. Link to post Share on other sites More sharing options...
kerux Posted August 27, 2012 Author ID:590504 Share Posted August 27, 2012 In answer to your first 2 questions. Yes, I have admin rights in windows. The fix-it error was on the "troubleshooting complete" page...in an "issues found" box...simply said "Repair Windows Update Components - Not Fixed". Report below:Windows UpdatePublisher details Issues found Repair Windows Update componentsRepair Windows Update components Repairing Windows Update components frequently resolves common Windows Update errorsNot fixed Windows Update components must be repairedSucceeded Issues checked Repair default Windows Update locationsRepair default Windows Update locations Change Windows Update locations to Windows default settingsChecked Issues foundDetection details 6Repair Windows Update componentsNot fixed Repairing Windows Update components frequently resolves common Windows Update errors Windows Update components must be repairedSucceeded One or more Windows Update components are configured incorrectly Issues checkedDetection details 6Repair default Windows Update locationsChecked Change Windows Update locations to Windows default settings Default Windows Update data locations have changedNot Run The location where Windows Update stores data has changed and must be repaired Detection details Collection information Computer Name: TERI-PC Windows Version:6.1 Architecture:amd64 Time:Monday, August 27, 2012 10:59:26 AM Publisher details Windows Update Resolve problems that prevent you from updating Windows. Package Version:4.0.2.20110211 Publisher:Microsoft Corporation Link to post Share on other sites More sharing options...
kerux Posted August 27, 2012 Author ID:590507 Share Posted August 27, 2012 Every service on your list is in msconfig and checked. The only variation is that "Base Filtering Agent" is listed as "Base Filtering Engine". Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590524 Share Posted August 27, 2012 Do another check please:Check on some key Windows services by using the services management console ( services.msc).The following services must NOT be *Disabled* in the Startup type.Automatic Updates Background Intelligent Transfer Service(BITS) Cryptographic Services Remote Procedure Call (RPC) You use Start button > and type into the search boxservices.mscamd press OK.They need to show a startup type of Manual or Automatic.Here are the services & their Startup types:Background Intelligent Transfer Service(BITS) . . . Automatic Cryptographic Services . . . . . . . . . . . . . . .AutomaticRemote Procedure Call (RPC). . . . . . . . . . . . .AutomaticWindows Update . . . . . . . . . . . . . . . . . . .AutomaticThe Status column should show Started for each of these services.Tell me how yours are showing. Link to post Share on other sites More sharing options...
kerux Posted August 27, 2012 Author ID:590549 Share Posted August 27, 2012 In services.msc in the "Services (local) box:I see no "Automatic Updates", there is however "Windows Update" that is started (Automatic)Background Intelligent Transfer Service(BITS) - set on Automatic but shows no statusCryptographic Services - started (Automatic)Remote Procedure Call (RPC) - started (Automatic) Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590576 Share Posted August 27, 2012 (edited) Go back into services.mscLocate Background Intelligent Transfer Service(BITS) and click the line once with your mouse (so that it is Selected)Then on the Upper left of the window, click on the line Start the servicewait for it to respond, and hopefully show the service as started.Please advise.IF and only if BITS does not start, I need for you to check (in services.msc) onCOM+ Event System service and tell me if it show as Started.IF not, then same way as above, start that service.Please advise with detail. Edited August 27, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
kerux Posted August 28, 2012 Author ID:590665 Share Posted August 28, 2012 In Services.msc I tried to start BITS and got this message: "Windows could not start Background Intelligence Transfer Service on local computer. Error 1068"COM + Event system was not started...tried to start...got this message: "The COM+Event system service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs" Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 28, 2012 ID:590774 Share Posted August 28, 2012 (edited) Please run the Windows' System File Checker utility:Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.Type into the command=prompt window sfc /scannowThen tap EnterYou should see on-screen status messages similar to these:..Beginning the system scan. This process will take some time...Beginning verification phase of system scan...Verification % complete.Once the scan has completed you will receive an onscreen message resembling one of the following:..found no integrity violations..found corruption but repaired it..found corruption that it could not repairPlease advise on the result. SUR toolSee these references on the System Update Readiness Tool and run the SURHave plenty of patience while it runs.http://windows.micro...-Readiness-Tool Edited August 28, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
kerux Posted August 29, 2012 Author ID:591119 Share Posted August 29, 2012 System File Checker found no integrity violations. Will run SUR ASAP Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 30, 2012 ID:591450 Share Posted August 30, 2012 Any progress ? Link to post Share on other sites More sharing options...
Recommended Posts