[Sarous]

Making me more and more glad that my desktop is Win7. Never did let me rename it, but it deleted smooth enough.

[Advertisements]

Did it help with sfc?

[RKinner]

Did it help with sfc?

[Sarous]

No change. Same errors to delete and sfc.

[RKinner]

There is a registry entry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\FileRenameOperations

On mine it just has Default with no value. See if yours has something in it.

Run VEW and post its logs. Perhaps one of the errors will tell us what is going on.

[Sarous]

FileRenameOperations default/reg_sz/no value set

System & App Error Logs VEW:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 11/05/2012 11:07:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[RKinner]

rename c:\windows\logs\cbs\cbs.old to cbs.txt and then attach it to your next post.
I will look through that. Perhaps it will say something.

Going to have to quit for a while. Wife wants me to watch TV with her.

[Sarous]

1 of 2
Apologies, but it is the only way I can send you a 175mb file given the restrictions. I narrowly failed reaching the 1mb limit.

Inventory:
disk1.gsd.txt
disk2.gsd.txt (in following post)
disk1.exe.txt

Delete the .txt of the three files. Use the .exe to rejoin the two .gsd into a single compressed .7z file. Decompress the .7z into the original .txt file you requested.

Attached Files

•  disk1.gsd.txt   636.42KB   193 downloads
•  disk1.EXE.txt   96KB   172 downloads

[Sarous]

Part 2 of 2

Attached Files

•  disk2.gsd.txt   468.36KB   194 downloads

[RKinner]

Let's check this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile

We want it to be either blank or 0

Open a registry editor, such as Regedit.exe or Regedt32.exe.

Navigate to HKLM\SOFTWARE\Microsoft\Updates\

In the right navigation pane, double-click the UpdateExeVolatile key.

Configure the key with a value of 0

Close Registry Editor.

Then see if SFC /scannow will run.

[Sarous]

There does not appear to be a Registry value by that name. Even searched with the 'find' and couldn't find it. Should I create one?

[RKinner]

No. Just want to make sure that neither

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile

Note: This key might not exist if there are no pending EXE updates

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

Note: This key might not exist if there are no pending filename operations needed after the reboot

I think we need to try MBSA:

http://www.microsoft...ls.aspx?id=7558

You want the one that says:

MBSASetup-x86-EN.msi

Download, Save and Install it. Accept all of the defaults. Once you install it. Close all programs and Look in Start, Programs for Microsoft Baseline Security Analyzer. Scan a Computer. Start Scan. It should eventually tell you that something similar about the pending filename but it should have an option "show me how to correct this" See if that tells you anything.

[Sarous]

Security Update Scan Results

Score Issue Result
Security Updates
Cannot load security CAB file.

Score Issue Result
Windows Firewall
Windows Firewall tests cannot be done due to an error. (0x00000001)

Only two noteworthy errors. The link it supplied was less than helpful. http://technet.micro...y/cc184922.aspx

[RKinner]

Is your firewall working?

See if the steps suggested here help with the security cab error:

http://www.mombu.com...ors-610702.html

Perhaps we need to reset registry permissions. Spybot's tea timer messes with them and it may not have put them back.

Download SubInACL.exe

http://www.microsoft...&displaylang=en

By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\

Please allow it to do so.


Download and Save the attached file, reset2.zip, right click on it and Extract all and copy the reset2.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  "\Program Files\Windows Resource Kits\Tools"

reset2.cmd

[Sarous]

Windows Firewall claims it is working, yes. Completed resets. Baseline and sfc both have the same results as earlier.

Did a little research today on the nature of pre-installed Internet Explorers (and how you can't remove them), and it appears (to me, at least) that the problem exists in an unknown shared group of files between IE, Windows, and Windows Update. On this hunch, I attempted resetting Windows Update Components (omitting step 4, as instructed) http://support.microsoft.com/kb/971058

To my surprise, a number of the components it says to re-register were either missing or disabled:

Attached Thumbnails

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Edited by Sarous, 13 May 2012 - 12:31 PM.

[RKinner]

Are the files really missing? If so you can run OTL with a list of the missing or suspect files between /md5start and /md5stop as in the following example.

Copy the text in the code box:

/md5start
atl.dll
urlmon.dll
mshtml.dll
shdocvw.dll
browseui.dll
jscript.dll
vbscript.dll
scrrun.dll
msxml.dll
msxml3.dll
msxml6.dll
actxprxy.dll
softpub.dll
wintrust.dll
dssenh.dll
rsaenh.dll
gpkcsp.dll
sccbase.dll
slbcsp.dll
cryptdlg.dll
oleaut32.dll
ole32.dll
shell32.dll
initpki.dll
wuapi.dll
wuaueng.dll
wuaueng1.dll
wucltui.dll
wups.dll
wups2.dll
wuweb.dll
qmgr.dll
qmgrprxy.dll
wucltux.dll
muweb.dll
wuwebv.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)


The log will show you if there are other copies of each file in the list and also give their md5 value so we can see if they have been compromised.