Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Infection Solved - But Now Windows Updates Are Failing


  • This topic is locked This topic is locked

#1
adifrank

adifrank

    Member

  • Member
  • PipPipPip
  • 202 posts
Hi everyone.
Rorschach112, a security warrior from the Spybot Search & Destroy Forums sent me over to this forum with a problem he feels you guys will be able to help me solve. My computer was infected with some malware and for the past few days Rorschach112 has been working with me to get rid of it. Now my system is clean and my computer is running normally, except for one thing:

Since running into this malware problem, Windows updates are failing to download and install. The auto updates icon appears near the clock at the bottom right corner > I click it > select all updates and click install. The update window disappears. No success message or error message. Then after a while, the icon shows up again and the exact same updates are listed to be installed again... strange. So I opened the update history page in windows update section of their website and saw that since the date of the malware problem - all updates have failed to install.

The updates I am trying to download and install are:

Security Update for Windows XP K3941693
Security Update for Windows XP K3945553
Security Update for Windows XP K3948590


Rorschach112 suggested the following:

Download Dial-a-Fix to your desktop and unzip it to it's own folder
Run it
Under WU/WUAU, check the box beside "Fix Windows Update", then click Go
Reboot your PC and see if Windows Update works now


I did as he suggested. I got some error messages and after reboot, updates still failed.

I posted the Dial-a-Fix log and that's when he referred me over to here. Below I've copy/pasted the log file. Whad'ya think?

Here is the Dial-a-Fix log:

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 7.0.5730.13
MPC: 55274-640
CPU: Intel® Pentium® 4 CPU 2.40GHz (~2390MHz)
BIOS: 2/13/2005
Memory (approx): 1021MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\Dog Machine\My Documents\DOWNLOADS\dial a fix\Dial-a-fix-v0.60.0.24
---

5/4/2008 9:30:39 PM -- Dial-a-fix : [v0.60.0.24] -- started
9:30:39 PM | Policy scan started
9:30:39 PM | Policy scan ended - no restrictive policies were found
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
9:31:08 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
9:31:08 PM | Registered: C:\WINDOWS\system32\msxml.dll
9:31:09 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
9:31:09 PM | Registered: C:\WINDOWS\system32\msxml2.dll
9:32:15 PM | Error during unregistration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Unspecified error
(-2147467259)
9:32:29 PM | Error during registration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Access is denied.
(-2147024891)
9:32:29 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
9:32:29 PM | Registered: C:\WINDOWS\system32\msxml4.dll
9:32:30 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
9:32:30 PM | Registered: C:\WINDOWS\system32\qmgr.dll
9:32:30 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
9:32:30 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
9:32:30 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
9:32:30 PM | Registered: C:\WINDOWS\system32\muweb.dll
9:32:30 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:32:30 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:32:31 PM | Registered: C:\WINDOWS\system32\wuapi.dll
9:32:31 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
9:32:33 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
9:32:33 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wucltui.dll
9:32:33 PM | Unregistered: C:\WINDOWS\system32\wups.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wups.dll
9:32:33 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wups2.dll
9:32:33 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\wuweb.dll
9:32:33 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
9:33:00 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
9:33:04 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
9:33:04 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
9:33:05 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
9:33:05 PM | Registered: C:\WINDOWS\system32\cryptui.dll
9:33:05 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
9:33:05 PM | Registered: C:\WINDOWS\system32\cryptext.dll
9:33:05 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
9:33:05 PM | Registered: C:\WINDOWS\system32\dssenh.dll
9:33:06 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
9:33:06 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
9:33:06 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
9:34:21 PM | Registered: C:\WINDOWS\system32\initpki.dll
9:34:23 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
9:34:24 PM | Registered: C:\WINDOWS\system32\licdll.dll
9:34:24 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
9:34:24 PM | Registered: C:\WINDOWS\system32\mssign32.dll
9:34:24 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
9:34:24 PM | Registered: C:\WINDOWS\system32\mssip32.dll
9:34:25 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
9:34:25 PM | Registered: C:\WINDOWS\system32\scardssp.dll
9:34:25 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
9:34:25 PM | Registered: C:\WINDOWS\system32\sccbase.dll
9:34:25 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
9:34:30 PM | Registered: C:\WINDOWS\system32\scecli.dll
9:34:30 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
9:34:31 PM | Registered: C:\WINDOWS\system32\softpub.dll
9:34:31 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
9:34:31 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
9:34:31 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
9:34:31 PM | Registered: C:\WINDOWS\system32\regwizc.dll
9:34:31 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
9:34:31 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
9:34:31 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:34:31 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:34:31 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
9:34:32 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: Programming cores/runtimes ---
9:34:32 PM | Registered: C:\WINDOWS\system32\atl.dll
9:34:32 PM | Registered: C:\WINDOWS\system32\corpol.dll
9:34:32 PM | Registered: C:\WINDOWS\system32\jscript.dll
9:34:32 PM | Registered: C:\WINDOWS\system32\dispex.dll
9:34:37 PM | Error during registration of C:\WINDOWS\system32\scrrun.dll - version: 5.6.0.8820. The error returned is: Unspecified error
(-2147467259)
9:34:37 PM | Registered: C:\WINDOWS\system32\scrobj.dll
9:34:38 PM | Registered: C:\WINDOWS\system32\vbscript.dll
9:34:38 PM | Registered: C:\WINDOWS\system32\wshext.dll
  • 0

Advertisements


#2
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
The only hits I found via Google pointed to a registry permission problem with HKEY_LOCAL_MACHINE\SOFTWARE\ODBC.

Start regedit, navigate to that key then right click on it and select Permissions. Make sure Administrators had Full and Read access. You could try adding your userid with full control as well, see if that makes a difference when you run Dial-A-Fix.
  • 0

#3
adifrank

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
I really barely have any understanding of what goes on with registry stuff, but when opening regedit, the permission aspect of it seemed fairly straight forward.

This is what I did:

1. I navigated to: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC in regedit
2. right clicked the folder ODBC anck selected permissions...
3. A Permissions window opened up for ODBC
4. In the window are listed the following:

Administrators
Full Control (Allow)
Read (Allow)
Special Permissions (None Selected)

CREATOR OWNER
Full Control (None Selected)
Read (None Selected)
Special Permissions (Allow)

Power Users
Full Control (Allow)
Read (Allow)
Special Permissions (Allow)

SYSTEM
Full Control (Allow)
Read (Allow)
Special Permissions (None Selected)

Administrators
Full Control (None Selected)
Read (Allow)
Special Permissions (None Selected)


- - - - - - -

Do you see anything I should change?
  • 0

#4
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Unfortunately, no. That's pretty much how mine are set, except for Power Users, mine has Full Control (None selected).

I'll ask some of the other techs here to take a look at this thread and see if they have any ideas.
  • 0

#5
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
If you have, or can borrow an xp CD with the same version that is installed on your computer, please click Start > Run. In the text line type sfc /scannow and click Enter (please note the space in the command). Let the process run to the end at which the dialog box will just disappear.
  • 0

#6
adifrank

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
Okay Ztruker, thanks.
Hello Skeptic, thanks for joining.
I have a cd with xp.
Did you mean that I should have the cd in the cd-rom drive when I type sfc /scannow?
  • 0

#7
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
You can type the command and start the process without the disk but you will certainly be asked to insert it into the drive latter on.

Basically, in this process, the computer compares present system files to what they were when the operating system was installed. When it finds missing or corrupt files it replaces them with copies of the original files found on the disk.
  • 0

#8
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Another suggestion is to check to make sure Windows is still activated, as updates won't install if not.

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
If that doesn't help, post the last 30 lines of the C:\Windows\WindowsUpdate.log. That might give us an idea of what the problem is.
  • 0

#9
happyrock

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
this is my complete checklist to get updates working...


TRY THIS...
click on start...run..type in ...cmd...press enter or click on OK...in the dos box type in ipconfig /flushdns then press enter..
be sure you put a space between ipconfig and the /
type in exit
reboot

no joy...
try this..
TCP/IP stack repair options for use with Windows XP with SP2.

For these commands click on Start.... Run..... type in...CMD ....click OK..to open a command prompt box

Reset WINSOCK entries to installation defaults...type in ... netsh winsock reset catalog .... press ...enter

Reset TCP/IP stack to installation defaults...type in...... netsh int ip reset reset.log ... press ...enter

no joy...

click on Start.... Run..... type in..services.msc ....click OK..

Automatic Updates ...Windows XP update won't function without this service. If you use Windows Update

server, you must have this service set to automatic. This does not mean that Automatic Updates are

turned on. This is just the base service. ...set it to Automatic

Background Intelligent Transfer ...Enables data transfer from HTTP1.1 servers. Windows Update website

may refuse to function if this is disabled...set it to Automatic

Cryptographic Services Used to check certifications of Windows drivers. If you have this service

disabled, you will end up getting frustrating amounts of uncertified driver warnings and Windows Update

may refuse to launch. set to it Automatic

reboot

no joy...
try this...
OPEN NOTEPAD...copy and paste the text between the lines ...
click on file...then...save as.. on the left side click on desktop...then in the file name box type in updates fix.bat then in the box below that save as type..all files...then click save...you should see a new icon on your desktop ...double click it to run it..then try updating windows again



===================COPY BETWEEN THE LINES=========

regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
regsvr32 /s wucltui.dll



======================================
  • 0

#10
adifrank

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
sorry it took me long to answer....

i ran Microsoft MGA Diagnostics and it looks as though it has recognized my product key as invalid.

here are the results:

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-W4RBJ-BWTGB-VH2CB
Windows Product Key Hash: SoqDYGaoZGkI2Qa3crWnhFQv/sg=
Windows Product ID: 55274-640-2545084-23173
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {62C1A915-5FBF-4C84-A196-506C38346DE8}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.1
Signed By: N/A, hr = 0x80096010
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: Yes
Version: 1.7.69.1
WgaTray.exe Signed By: N/A, hr = 0x80096010
WgaLogon.dll Signed By: N/A, hr = 0x80096010

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80096010
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Attached File  other_data.txt   1.48KB   83 downloads
  • 0

Advertisements


#11
PILL5B3RRY

PILL5B3RRY

    Member

  • Member
  • PipPipPip
  • 197 posts
OK.

Using Dial-a-Fix, click on Flush Software Distribution.

A window will pop up. Please select NO. This will delete all your Update History and delete all of the downloaded updates. This WILL NOT uninstall the updates you currently have, it will just delete the updates that are downloaded and ready to install.

After you have done this and Dial-A-Fix is ready to use again, please click on the little hammer at the bottom. Here I want you to click on Reinstall Automatic Updates Service. This will obviously Reinstall the Automatic Updates Service.

Finally, when you have done this and Dial-A-Fix is ready to use again, select everything in the Fix Windows Update Section, the third Section.

When you have done all this, Reboot and go to Microsoft Updates. Let it find updates an install them.

Please write back and tell us how it went.

Best Regards,

PILL5B3RRY

Edited by PILL5B3RRY, 18 May 2008 - 09:53 AM.

  • 0

#12
adifrank

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
Hi. Thanks very MUCH for getting back to me on this...

I carefully followed your instructions. After reboot and checking the Windows update page, it seemed to download a few updates... then the auto-update appeared on the bottom right of the screen (near the clock). It asked if to download and install some updates, so I ticked them all and clicked "go ahead". The download/install process went on about 10 minutes, then the auto-update icon dissappeared. No success or failure message. I checked the Windows update page again and clicked on "Review Your Update History". The only update it listed in my update history is:
Windows Genuine Advantage Validation Tool (KB892130) - Sunday, May 18, 2008 - Success.

No other update listed there. Not sure what that means.... am I happy?

By the way - - - for some strange reason (wasn't like this before). The geekstogo.com forum pages suddenly got very very wide. Before everything fit nicely in my screen. Now, I have to scroll left and right to get to things... no idea why this happened.

Cheers. :)
  • 0

#13
PILL5B3RRY

PILL5B3RRY

    Member

  • Member
  • PipPipPip
  • 197 posts
Maybe your resolution has changed, or your Browser Text Size has increased.

For now you should be happy because I believe that is the only update that is out now. The other ones were probably old, corrupted installations.

About that Geekstogo.com problem, have you tried it in a different browser. If you don't have one, then can you please tell me what Web Browser you are using.

Please and Thanks,

PILL5B3RRY
  • 0

#14
happyrock

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
after you got Windows Genuine Advantage Validation Tool...you will now have to go back and check for updates again..
the wide screen problem is on the G2G end ..not yours...does this once in awhile...then will straighten itself out..
  • 0

#15
adifrank

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
ugh...

I got this message:
This copy of Windows did not pass genuine validation.

What now? email microsoft? :)

(wide screen back to normal now) :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP