Malware on old Windows XP SP2 inhibts automatic upgrade to SP3?
Started by
Phom
, Jan 31 2013 08:03 AM
#16
Posted 11 February 2013 - 06:12 AM
#17
Posted 11 February 2013 - 10:05 AM
Black screen after a restart doesn't sound like a software problem. More like hardware. Are you seeing the PC maker's logo? Can you get into the BIOS/CMOS setup?
#18
Posted 11 February 2013 - 10:50 AM
I solved this. After unplugging the Laptop power supply chord the laptop restarted normally. I use safe mode now and did start combofix. It runs for some hours now. I will see tomorrow how combofix comes out, because I will leave my office in about 1h. I do not think that a hardware problem exists. It is an old IBM T40 that is quite robust and now it runs again ok.
#19
Posted 12 February 2013 - 01:34 AM
Over night the laptop stopped combofix with this message: Not enough virtual memory ... But I could not click ok, because the cursor did not react. So I had to turn off the computer. Automatic update is still not working.
Edited by Phom, 12 February 2013 - 02:39 AM.
#20
Posted 12 February 2013 - 11:07 AM
You might look in C:\Combofix\ and C:\qoobox.
See if there are any combofix.txt files. If you find any then copy and paste them.
Does DDS hang in safe Mode?
Try the Dial-a-fix again and see if it will fix the auto updates for you.
Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
See if there are any combofix.txt files. If you find any then copy and paste them.
Does DDS hang in safe Mode?
Try the Dial-a-fix again and see if it will fix the auto updates for you.
Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
#21
Posted 13 February 2013 - 03:08 AM
combofix.txt not found anywhere.
DDS froze even in safe mode
Dialfix did not solve the problem with windows update.
Farbar Service Scanner Version: 10-02-2013
Ran by Stefan (administrator) on 13-02-2013 at 10:05:17
Running from "C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2013-02-06 11:15] - [2008-04-14 07:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF
C:\WINDOWS\system32\netman.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\srsvc.dll
[2002-10-01 09:50] - [2008-04-14 07:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182
C:\WINDOWS\system32\Drivers\sr.sys
[2013-02-06 11:15] - [2008-04-14 07:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F
C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\wuauserv.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085
C:\WINDOWS\system32\qmgr.dll
[2013-02-06 11:19] - [2008-04-14 07:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1
C:\WINDOWS\system32\es.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0246272 ____A (Microsoft Corporation) 0F3EDAEE1EF97CF3DB2BE23A7289B78C
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D
C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0399360 ____A (Microsoft Corporation) E970C2296916BF4A2F958680016FE312
C:\WINDOWS\system32\services.exe
[2013-02-06 11:15] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4BB6A83640F1D1792AD21CE767B621C6
Extra List:
=======
aswTdi(14) DNE(13) Gpc(7) IPSec(5) irda(9) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(8) s24trans(10) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.
**** End of log ****
DDS froze even in safe mode
Dialfix did not solve the problem with windows update.
Farbar Service Scanner Version: 10-02-2013
Ran by Stefan (administrator) on 13-02-2013 at 10:05:17
Running from "C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2013-02-06 11:15] - [2008-04-14 07:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF
C:\WINDOWS\system32\netman.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\srsvc.dll
[2002-10-01 09:50] - [2008-04-14 07:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182
C:\WINDOWS\system32\Drivers\sr.sys
[2013-02-06 11:15] - [2008-04-14 07:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F
C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\wuauserv.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085
C:\WINDOWS\system32\qmgr.dll
[2013-02-06 11:19] - [2008-04-14 07:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1
C:\WINDOWS\system32\es.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0246272 ____A (Microsoft Corporation) 0F3EDAEE1EF97CF3DB2BE23A7289B78C
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D
C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0399360 ____A (Microsoft Corporation) E970C2296916BF4A2F958680016FE312
C:\WINDOWS\system32\services.exe
[2013-02-06 11:15] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4BB6A83640F1D1792AD21CE767B621C6
Extra List:
=======
aswTdi(14) DNE(13) Gpc(7) IPSec(5) irda(9) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(8) s24trans(10) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.
**** End of log ****
#22
Posted 13 February 2013 - 11:02 AM
Copy the next two line:
net start > \junk.txt
notepad \junk.txt
Start, Run, cmd, OK
right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter and notepad should open. Copy and paste the text into a Reply.
net start > \junk.txt
notepad \junk.txt
Start, Run, cmd, OK
right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter and notepad should open. Copy and paste the text into a Reply.
#23
Posted 13 February 2013 - 11:06 AM
Folgende Windows-Dienste sind gestartet:
Arbeitsstationsdienst
Ati HotKey Poller
Automatische Updates
avast! Antivirus
BITS
Cisco Systems, Inc. VPN Service
Client Service fr NetWare
COM+-Ereignissystem
Computerbrowser
CryptSvc
DCOM-Server-Prozessstart
Designs
DHCP-Client
DNS-Client
Druckwarteschlange
Ereignisprotokoll
Fehlerberichterstattungsdienst
Gatewaydienst auf Anwendungsebene
Geschtzter Speicher
HID Input Service
Hilfe und Support
IBM PM Service
Infrarotberwachung
IPSEC-Dienste
Kompatibilit„t fr schnelle Benutzerumschaltung
Konfigurationsfreie drahtlose Verbindung
Netzwerkverbindungen
NLA (Network Location Awareness)
NMSAccess
Plug & Play
QCONSVC
RAS-Verbindungsverwaltung
RegSrvc
Remote-Registrierung
Remoteprozeduraufruf (RPC)
Secondary Logon
Server
Shellhardwareerkennung
Sicherheitscenter
Sicherheitskontenverwaltung
Systemereignisbenachrichtigung
Systemwiederherstellungsdienst
Taskplaner
TCP/IP-NetBIOS-Hilfsprogramm
Telefonie
Terminaldienste
Verwaltung logischer Datentr„ger
Windows Audio
Windows-Bilderfassung (WIA)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
Windows-Verwaltungsinstrumentation
Windows-Zeitgeber
Xpoint Admin Server
šberwachung verteilter Verknpfungen (Client)
Der Befehl wurde erfolgreich ausgefhrt.
Arbeitsstationsdienst
Ati HotKey Poller
Automatische Updates
avast! Antivirus
BITS
Cisco Systems, Inc. VPN Service
Client Service fr NetWare
COM+-Ereignissystem
Computerbrowser
CryptSvc
DCOM-Server-Prozessstart
Designs
DHCP-Client
DNS-Client
Druckwarteschlange
Ereignisprotokoll
Fehlerberichterstattungsdienst
Gatewaydienst auf Anwendungsebene
Geschtzter Speicher
HID Input Service
Hilfe und Support
IBM PM Service
Infrarotberwachung
IPSEC-Dienste
Kompatibilit„t fr schnelle Benutzerumschaltung
Konfigurationsfreie drahtlose Verbindung
Netzwerkverbindungen
NLA (Network Location Awareness)
NMSAccess
Plug & Play
QCONSVC
RAS-Verbindungsverwaltung
RegSrvc
Remote-Registrierung
Remoteprozeduraufruf (RPC)
Secondary Logon
Server
Shellhardwareerkennung
Sicherheitscenter
Sicherheitskontenverwaltung
Systemereignisbenachrichtigung
Systemwiederherstellungsdienst
Taskplaner
TCP/IP-NetBIOS-Hilfsprogramm
Telefonie
Terminaldienste
Verwaltung logischer Datentr„ger
Windows Audio
Windows-Bilderfassung (WIA)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
Windows-Verwaltungsinstrumentation
Windows-Zeitgeber
Xpoint Admin Server
šberwachung verteilter Verknpfungen (Client)
Der Befehl wurde erfolgreich ausgefhrt.
#24
Posted 13 February 2013 - 11:55 AM
It looks like it should work. How do you know it's not working? Do you have a firewall that could be blocking it?
Can you use IE and go to windowsupdate.microsoft.com ?
Can you use IE and go to windowsupdate.microsoft.com ?
#25
Posted 14 February 2013 - 01:31 AM
That is what I have done: Go to systsm - security - windows update
Used: look for new updates
IE opens
First checks for recent download software- ok
Opened nes window with two options- automatic scan or maual section
I used scan, but the same occurs with manual selection.
The system starts, a running scanning bar occurs.
After 1 -2 minutes a error page opens saying something like: An error occurred.
That is all. So automatic updates and firewall are enabled. In the firewall I added an exemption for windows update, but the behavior is the same.
Used: look for new updates
IE opens
First checks for recent download software- ok
Opened nes window with two options- automatic scan or maual section
I used scan, but the same occurs with manual selection.
The system starts, a running scanning bar occurs.
After 1 -2 minutes a error page opens saying something like: An error occurred.
That is all. So automatic updates and firewall are enabled. In the firewall I added an exemption for windows update, but the behavior is the same.
#26
Posted 14 February 2013 - 10:20 AM
Sometimes it helps to put *.microsoft.com in the Trusted Sites (uncheck the HTTPS box when you do)
What exactly does the error say?
What exactly does the error say?
#27
Posted 15 February 2013 - 01:24 AM
The error occurs also with the firewall turned off and also with the exception you mentioned
IT says (in german!) First a white cross in red circle, then:
Die gewünschte Seite kann nicht angezeigt werden, da auf der Website ein Problem aufgetreten ist. Mit den folgenden Optionen kann das Problem möglicherweise behoben werden.
Optionen zur Selbsthilfe:
Häufig gestellte Fragen
Lösungen suchen
Windows Update-Newsgroup
Optionen für technischen Support:
Microsoft-Onlinesupportunterstützung (für Windows Update-Probleme kostenlos)
Ca. translation. The selected website cannot be displayed, because there are problems on the website. With the following options the problems might be solved: Then different support options follow.
The website says, the problem is on the website, not the computer.
IT says (in german!) First a white cross in red circle, then:
Die gewünschte Seite kann nicht angezeigt werden, da auf der Website ein Problem aufgetreten ist. Mit den folgenden Optionen kann das Problem möglicherweise behoben werden.
Optionen zur Selbsthilfe:
Häufig gestellte Fragen
Lösungen suchen
Windows Update-Newsgroup
Optionen für technischen Support:
Microsoft-Onlinesupportunterstützung (für Windows Update-Probleme kostenlos)
Ca. translation. The selected website cannot be displayed, because there are problems on the website. With the following options the problems might be solved: Then different support options follow.
The website says, the problem is on the website, not the computer.
#28
Posted 15 February 2013 - 01:47 AM
No need to translate. I lived in Germany for 11 years and was married to a German lady for 20.
Have we tried resetting the permissions yet?
http://www.tweaking....ermissions.html
Have we tried resetting the permissions yet?
http://www.tweaking....ermissions.html
#29
Posted 18 February 2013 - 04:14 AM
I did run tweaking software, but this resulted in no change of the windows update behavior.
#30
Posted 18 February 2013 - 11:58 AM
Start, Run, proxycfg -d , OK
(SPACE before =d )
If that doesn't help then:
Open IE, Tools, Internet Options Advanced and hit the Reset, OK. Then close IE and reopen and try it again.
Can you find a c:\windows\windowsupdate.log ?
Attach it to a Reply.
(SPACE before =d )
If that doesn't help then:
Open IE, Tools, Internet Options Advanced and hit the Reset, OK. Then close IE and reopen and try it again.
Can you find a c:\windows\windowsupdate.log ?
Attach it to a Reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users