Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Why can't I install Windows update Q329441 ?


  • Please log in to reply

#1
wyldkatt

wyldkatt

    Member

  • Member
  • PipPip
  • 39 posts
Hello All---

Well, I have a FEW issues besides that one...Like "no sound card" messages...set-up wizards for non-existent

hardware...system restore point not allowed....now can I say "HELP ME"?...please...

Had to use another computer to make this post, as IE closes Windows whenever I click "new topic"...

My replies may be sparadic because I'm not near this laptop all the time...so please have patience....My desktop

has XP/PRO OS...I think I have posts in "malware or HJT" forums...not sure...I know very little about any of this,

but thanks to those on these forums, I know alot more today; than I did a week ago...Kudos to all of you for that !!!!

I follow directions pretty good though....Is there anybody out there ????

Thanks in advance--

~wyldkatt~
Arizona, USA
  • 0

Advertisements


#2
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hi wyldkatt...

Do you have your XP installation cd? The first check I'll want to run may require that to complete.

I'll also need the make and model number of you machine if it's an OEM machine like Dell of HP, etc.

Get me this info and well see if we can figure out what's going on...or not going on as the case may be.

wannabe1
  • 0

#3
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hello there Wannabe1--
Well, I've got nothing but bad news...no XP cd....had the machine built at a computer store that's no longer
in business....so I guess it's a "no-name" machine....sorry for the slow responses, I'm using a laptop that I don't
have access to all the time...Wannabe1, look I'm 56 and on a fixed income due to disability, I can't afford to go
get another computer, so I'd really like to fix, maybe even upgrade, this one if possible...Thanks again for responding....please let me know what you would like me to do next....I can view this page on my desktop, but
IE closes whenever I click "new topic"......Odd ??
TY.................wyld
  • 0

#4
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Ok...first let's get around the browser issue. Download and install Firefox to use until we can get to the bottom of the IE problem. Then we should be able to communicate using that machine.

You already know about HiJackThis from your topic in malware. We're going to use it to generate another kind of report for me. Double-click on the HiJackThis.exe icon. On the first screen click on Open the Misc Tools Section...On the next screen, click on the Generate StartupList log button and post a copy of the log here. You need not check either of the boxes next to this button.
  • 0

#5
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
good day sir.......

here is the start up list log.....

StartupList report, 9/14/2007, 9:51:48 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CConnect\CConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
tgcmd = "C:\Program Files\Support.com\bin\tgcmd.exe" /server
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
LexStart =
AuthConsoleStart = C:\Program Files\Cox\Applications\app\cox.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Cox\Applications\app\AuthBHO.dll - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Download Program Files:

[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...42/wmsp9dmo.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://www.update.mi...b?1189017241173

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: c:\55d35fc77836baa7ee43869a6fe6|||b

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,949 bytes
Report generated in 0.381 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



patiently awaiting your analysis..........ty
  • 0

#6
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hi there wannabe---

I'm sorry I failed to mention that I installed Avast'...and upon its initial scan, it came up w/ this message:

File C:\Documents and Settings\Susan\DoctorWeb\Quarantine\Florida disclosu
res pg 1.eml is infected by Win32:Nimda [wrm]

thank you sir..................................wyld




for future references "Susan" is no longer w/ us...........

Edited by wyldkatt, 15 September 2007 - 06:26 PM.

  • 0

#7
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Ok...we got a plan. Don't know that it's a good plan, but it's a plan.

First, remove the google toolbar. You should be able to do that from Add or Remove programs in Control Panel.

Then I want to take a peek at a couple of registry settings.

Click Start, then Run, type regedit and click "Ok". Registry Editor should open.

In the left pane, expand (click +) HKEY_LOCAL_MACHINE, then SOFTWARE, then Microsoft, then Windows NT, then CurrentVersion, and click on Winlogon. In the right pane, scroll down to Shell. Is the value (under the Data column) Explorer.exe?

Collapse those keys (click -)

Then expand HKEY_CLASSES_ROOT and click on .exe The values in the right pane for this key should be as follows:

(Default) = exefile

Content Type = application/x-msdownload

Is this what you see there?

Collapse those keys.

Let me know what you find.
  • 0

#8
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hey wannabe--went thru everything, but there was no right pane...unable to scroll to shell...did I do something

wrong???
  • 0

#9
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
When you typed regedit in the open field of the Run box, did you have something open that looked like the image below?
regedit.png
  • 0

#10
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
yes...........
  • 0

Advertisements


#11
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Click the + next to HKEY_LOCAL_MACHINE to expand it...then do the same for SOFTWARE, etc....

You'll figure it out quickly.... :whistling:
  • 0

#12
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
i'm sorry wannabe--

am i not making myself clear?? I have no shell in the right pane!!!!!!
  • 0

#13
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Sorry...I completely misunderstood. :whistling:

Thats not good, wyldkatt. We could probably create the key and the strings that go with it, but I'm afraid there's more wrong with the machine that just that particular key.

You you know anyone that might have an XP disk you can borrow long enough to run a repair?
  • 0

#14
wyldkatt

wyldkatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
sorry wannabe, no..
  • 0

#15
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Well...then I guess we'll see what we can do with what we got.

Go back into Registry Editor and get to the Winlogon key as you did in post #7. Click on Winlogon to highlite it.

Right click in the right pane, point to "New", and choose "String Value". Name this string Shell Click in a clear area to set the name. Double click on Shell and type explorer.exe in the Value Data field...click "Ok".

Collapse those keys, close Registry Editor, and reboot to set the change in the registry.

Was the other key I asked about ok?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP