Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG not running, unable to reinstall


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
These are back. I was hoping they had gone for good.

Error: (07/24/2013 11:56:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.


Generally "The keyset is not defined" indicates the presence of some non-alphanumeric character in the certificate store.

To see the certificate store:

In the search box, type in: mmc

when it finds it right click on mmc.exe and Run As Admin.

A new windows will come up. Click on File then Add/Remove Snapin then click on Certificates then on Add. Click on Computer Account then Next and Finish. OK. Click on the arrow in front of Certificates and it will open up. Click on the arrow in front of Third Party... then just click on Certificates that shows up under Third Party...

Right click on Certificates and Export List. Give it a name like: cert3 and note where it is putting it.
Back up to the left and click on the arrow in front of Untrusted Certificates, then just click on Certificates and repeat the export list but give it a different name like certu. Keep doing this until you have all of them. Then
Then find the file cert3.txt and double click on it. It should open in notepad. Copy and paste the text into a reply.
Repeat for the other cert files.



The other error:

Error: (07/24/2013 11:56:23 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


May be caused by one of your CD/DVD drives. In Device Manager, try right clicking on one of them and Disable then do the other. Then clear the events and reboot and run minitoolbox and see if you still get the alarm. Sometimes it helps to go into Device Manager and uninstall them then reboot so Windows can find them and reinstall them.

How is it running now?

I don't suppose MBAM would like to run now would it?

I'm going to send you a PM.
  • 0

Advertisements


#32
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Certs; Third party, Untrusted, Trusted, Trusted people & Intermediate. After disabling DVD-drives, the logs still show the error, so I went back to Device Manager and it shows Elby Clonedrive under DVD/CD-ROM drives, which I uninstalled when disabling the actual drives. It re-appeared after boot. MBAM still gives the same error. Tried uninstall and re-install.

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
AddTrust External CA Root AddTrust External CA Root 30.5.2020 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user USERTrust
America Online Root Certification Authority 1 America Online Root Certification Authority 1 19.11.2037 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate America Online Root Certification Authority 1
Baltimore CyberTrust Root Baltimore CyberTrust Root 13.5.2025 Server Authentication, Secure Email, Client Authentication, Code Signing Baltimore CyberTrust Root
Certum CA Certum CA 11.6.2027 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, OCSP Signing Certum
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 3.8.2028 Server Authentication, Client Authentication, Secure Email, Code Signing VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 2.8.2028 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign Class 3 Public Primary CA
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 8.1.2004 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign
DigiCert Assured ID Root CA DigiCert Assured ID Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
DigiCert Global Root CA DigiCert Global Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
DigiCert High Assurance EV Root CA DigiCert High Assurance EV Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
Entrust.net Certification Authority (2048) Entrust.net Certification Authority (2048) 24.7.2029 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user Entrust (2048)
Entrust.net Secure Server Certification Authority Entrust.net Secure Server Certification Authority 25.5.2019 Server Authentication, Client Authentication, Code Signing, Secure Email, IP security tunnel termination, IP security user, IP security IKE intermediate, Time Stamping, Encrypting File System Entrust
Equifax Secure Certificate Authority Equifax Secure Certificate Authority 22.8.2018 Secure Email, Server Authentication, Code Signing GeoTrust
GeoTrust Global CA GeoTrust Global CA 21.5.2022 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping GeoTrust Global CA
GlobalSign Root CA GlobalSign Root CA 28.1.2028 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, OCSP Signing, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate GlobalSign
Go Daddy Class 2 Certification Authority Go Daddy Class 2 Certification Authority 29.6.2034 Server Authentication, Client Authentication, Secure Email, Code Signing Go Daddy Class 2 Certification Authority
Go Daddy Root Certificate Authority - G2 Go Daddy Root Certificate Authority - G2 1.1.2038 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user Go Daddy Root Certificate Authority – G2
GTE CyberTrust Global Root GTE CyberTrust Global Root 14.8.2018 Secure Email, Client Authentication, Server Authentication, Code Signing GTE CyberTrust Global Root
http://www.valicert.com/ http://www.valicert.com/ 26.6.2019 Secure Email, Server Authentication Starfield Technologies
Microsoft Root Certificate Authority 2011 Microsoft Root Certificate Authority 2011 23.3.2036 <All> Microsoft Root Certificate Authority 2011
Sonera Class2 CA Sonera Class2 CA 6.4.2021 Server Authentication, Client Authentication, Secure Email, Code Signing Sonera Class2 CA
Starfield Class 2 Certification Authority Starfield Class 2 Certification Authority 29.6.2034 Server Authentication, Client Authentication, Secure Email, Code Signing Starfield Class 2 Certification Authority
Starfield Services Root Certificate Authority Starfield Services Root Certificate Authority 1.1.2030 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, OCSP Signing, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate Starfield Technologies Inc.
StartCom Certification Authority StartCom Certification Authority 17.9.2036 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user StartCom Certification Authority
TC TrustCenter Class 2 CA II TC TrustCenter Class 2 CA II 1.1.2026 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping TC TrustCenter Class 2 CA II
Thawte Premium Server CA Thawte Premium Server CA 1.1.2021 Server Authentication, Code Signing thawte
thawte Primary Root CA thawte Primary Root CA 17.7.2036 Server Authentication, Client Authentication, Secure Email, Code Signing thawte
UTN-USERFirst-Object UTN-USERFirst-Object 9.7.2019 Encrypting File System, Time Stamping, Code Signing USERTrust
VeriSign Class 3 Public Primary Certification Authority - G5 VeriSign Class 3 Public Primary Certification Authority - G5 17.7.2036 Server Authentication, Client Authentication, Secure Email, Code Signing VeriSign
VeriSign Trust Network VeriSign Trust Network 19.5.2018 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign
VeriSign Trust Network VeriSign Trust Network 2.8.2028 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign

--

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
addons.mozilla.org UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
DigiNotar Cyber CA GTE CyberTrust Global Root 20.9.2013 <All> Untrusted
DigiNotar Cyber CA GTE CyberTrust Global Root 4.10.2011 <All> Untrusted
DigiNotar Cyber CA GTE CyberTrust Global Root 27.9.2011 <All> Untrusted
DigiNotar PKIoverheid CA Organisatie - G2 Staat der Nederlanden Organisatie CA - G2 23.3.2020 <All> Untrusted
DigiNotar PKIoverheid CA Overheid Staat der Nederlanden Overheid CA 23.6.2010 <All> Untrusted
DigiNotar PKIoverheid CA Overheid en Bedrijven Staat der Nederlanden Overheid CA 27.7.2015 <All> Untrusted
DigiNotar Root CA DigiNotar Root CA 31.3.2025 <All> Untrusted
DigiNotar Root CA Entrust.net Secure Server Certification Authority 26.8.2013 Server Authentication, Client Authentication, Secure Email Untrusted
DigiNotar Root CA Entrust.net Secure Server Certification Authority 14.8.2013 Server Authentication, Client Authentication, Secure Email Untrusted
DigiNotar Root CA G2 DigiNotar Root CA G2 3.7.2029 <All> Untrusted
DigiNotar Services 1024 CA Entrust.net Secure Server Certification Authority 26.8.2013 Server Authentication, Client Authentication, Secure Email Untrusted
Digisign Server ID - (Enrich) Entrust.net Certification Authority (2048) 16.7.2015 Server Authentication, Client Authentication, Secure Email Untrusted
Digisign Server ID (Enrich) GTE CyberTrust Global Root 17.7.2012 <All> Untrusted
global trustee UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
login.live.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
login.skype.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
login.yahoo.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
login.yahoo.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
login.yahoo.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
mail.google.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent
Microsoft Corporation VeriSign Commercial Software Publishers CA 1.2.2002 <All> Fraudulent, NOT Microsoft
Microsoft Corporation VeriSign Commercial Software Publishers CA 31.1.2002 <All> Fraudulent, NOT Microsoft
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 26.2.2010 Code Signing, Key Pack Licenses, License Server Verification Untrusted SubCA
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 23.10.2016 Code Signing, Key Pack Licenses, License Server Verification Untrusted
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority 9.2.2017 <All> Untrusted SubCA
www.google.com UTN-USERFirst-Hardware 15.3.2014 Server Authentication, Client Authentication Fraudulent

--

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
AddTrust External CA Root AddTrust External CA Root 30.5.2020 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user USERTrust
America Online Root Certification Authority 1 America Online Root Certification Authority 1 19.11.2037 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate America Online Root Certification Authority 1
Baltimore CyberTrust Root Baltimore CyberTrust Root 13.5.2025 Server Authentication, Secure Email, Client Authentication, Code Signing Baltimore CyberTrust Root
Certum CA Certum CA 11.6.2027 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, OCSP Signing Certum
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 3.8.2028 Server Authentication, Client Authentication, Secure Email, Code Signing VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 2.8.2028 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign Class 3 Public Primary CA
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 8.1.2004 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign
Copyright © 1997 Microsoft Corp. Copyright © 1997 Microsoft Corp. 31.12.1999 Time Stamping Microsoft Timestamp Root
DigiCert Assured ID Root CA DigiCert Assured ID Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
DigiCert Global Root CA DigiCert Global Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
DigiCert High Assurance EV Root CA DigiCert High Assurance EV Root CA 10.11.2031 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping DigiCert
Entrust.net Certification Authority (2048) Entrust.net Certification Authority (2048) 24.7.2029 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user Entrust (2048)
Entrust.net Secure Server Certification Authority Entrust.net Secure Server Certification Authority 25.5.2019 Server Authentication, Client Authentication, Code Signing, Secure Email, IP security tunnel termination, IP security user, IP security IKE intermediate, Time Stamping, Encrypting File System Entrust
Equifax Secure Certificate Authority Equifax Secure Certificate Authority 22.8.2018 Secure Email, Server Authentication, Code Signing GeoTrust
Generic Root Trust CA Generic Root Trust CA 1.1.2040 <All> Generic Root Trust CA
GeoTrust Global CA GeoTrust Global CA 21.5.2022 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping GeoTrust Global CA
GlobalSign Root CA GlobalSign Root CA 28.1.2028 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, OCSP Signing, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate GlobalSign
Go Daddy Class 2 Certification Authority Go Daddy Class 2 Certification Authority 29.6.2034 Server Authentication, Client Authentication, Secure Email, Code Signing Go Daddy Class 2 Certification Authority
Go Daddy Root Certificate Authority - G2 Go Daddy Root Certificate Authority - G2 1.1.2038 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user Go Daddy Root Certificate Authority – G2
GTE CyberTrust Global Root GTE CyberTrust Global Root 14.8.2018 Secure Email, Client Authentication, Server Authentication, Code Signing GTE CyberTrust Global Root
http://www.valicert.com/ http://www.valicert.com/ 26.6.2019 Secure Email, Server Authentication Starfield Technologies
Microsoft Authenticode™ Root Authority Microsoft Authenticode™ Root Authority 1.1.2000 Secure Email, Code Signing Microsoft Authenticode™ Root
Microsoft Root Authority Microsoft Root Authority 31.12.2020 <All> Microsoft Root Authority
Microsoft Root Certificate Authority Microsoft Root Certificate Authority 10.5.2021 <All> Microsoft Root Certificate Authority
Microsoft Root Certificate Authority 2011 Microsoft Root Certificate Authority 2011 23.3.2036 <All> Microsoft Root Certificate Authority 2011
NO LIABILITY ACCEPTED, ©97 VeriSign, Inc. NO LIABILITY ACCEPTED, ©97 VeriSign, Inc. 8.1.2004 Time Stamping VeriSign Time Stamping CA
Sonera Class2 CA Sonera Class2 CA 6.4.2021 Server Authentication, Client Authentication, Secure Email, Code Signing Sonera Class2 CA
Starfield Class 2 Certification Authority Starfield Class 2 Certification Authority 29.6.2034 Server Authentication, Client Authentication, Secure Email, Code Signing Starfield Class 2 Certification Authority
Starfield Services Root Certificate Authority Starfield Services Root Certificate Authority 1.1.2030 Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping, OCSP Signing, Encrypting File System, IP security tunnel termination, IP security user, IP security IKE intermediate Starfield Technologies Inc.
StartCom Certification Authority StartCom Certification Authority 17.9.2036 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user StartCom Certification Authority
TC TrustCenter Class 2 CA II TC TrustCenter Class 2 CA II 1.1.2026 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping TC TrustCenter Class 2 CA II
Thawte Premium Server CA Thawte Premium Server CA 1.1.2021 Server Authentication, Code Signing thawte
thawte Primary Root CA thawte Primary Root CA 17.7.2036 Server Authentication, Client Authentication, Secure Email, Code Signing thawte
Thawte Timestamping CA Thawte Timestamping CA 1.1.2021 Time Stamping Thawte Timestamping CA
UTN-USERFirst-Object UTN-USERFirst-Object 9.7.2019 Encrypting File System, Time Stamping, Code Signing USERTrust
VeriSign Class 3 Public Primary Certification Authority - G5 VeriSign Class 3 Public Primary Certification Authority - G5 17.7.2036 Server Authentication, Client Authentication, Secure Email, Code Signing VeriSign
VeriSign Trust Network VeriSign Trust Network 19.5.2018 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign
VeriSign Trust Network VeriSign Trust Network 2.8.2028 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign

--

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
Ghost Ghost 10.5.2110 Encrypting File System <None>

--

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
Microsoft Windows Hardware Compatibility Microsoft Root Authority 31.12.2002 Code Signing, Windows Hardware Driver Verification <None>
Root Agency Root Agency 1.1.2040 <All> <None>
www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.©97 VeriSign Class 3 Public Primary Certification Authority 25.10.2016 Server Authentication, Client Authentication, 2.16.840.1.113730.4.1, 2.16.840.1.113733.1.8.1 <None>

Minitoolbox:

MiniToolBox by Farbar Version: 13-07-2013
Ran by Ghost (administrator) on 30-07-2013 at 13:03:01
Running from "C:\Users\Ghost\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/30/2013 00:56:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:56:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:56:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:56:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:56:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:56:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab> with error: The keyset is not defined.
.

Error: (07/30/2013 00:42:39 PM) (Source: MsiInstaller) (User: PC-Ghost)
Description: Product: Microsoft Office Shared MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/30/2013 00:41:56 PM) (Source: MsiInstaller) (User: PC-Ghost)
Description: Product: Microsoft Office Professional Plus 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/30/2013 00:41:49 PM) (Source: MsiInstaller) (User: PC-Ghost)
Description: Product: Microsoft Office Shared MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (07/30/2013 01:02:52 PM) (Source: Service Control Manager) (User: )
Description: The Google Päivitä-palvelu (gupdate) service failed to start due to the following error:
%%1053

Error: (07/30/2013 01:02:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Päivitä-palvelu (gupdate) service to connect.

Error: (07/30/2013 01:02:38 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:52 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:49 PM) (Source: DCOM) (User: )
Description: {8D9A64F2-357D-40C9-97CD-69FA7E64A518}

Error: (07/30/2013 01:00:45 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:27 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:21 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:18 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (07/30/2013 01:00:17 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


Microsoft Office Sessions:
=========================
Error: (07/30/2013 00:56:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:56:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:56:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:56:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:56:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:56:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windows...hrootstl.cabThe keyset is not defined.

Error: (07/30/2013 00:42:39 PM) (Source: MsiInstaller)(User: PC-Ghost)
Description: Product: Microsoft Office Shared MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2013 00:41:56 PM) (Source: MsiInstaller)(User: PC-Ghost)
Description: Product: Microsoft Office Professional Plus 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2013 00:41:49 PM) (Source: MsiInstaller)(User: PC-Ghost)
Description: Product: Microsoft Office Shared MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
Date: 2013-07-19 00:00:07.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-18 22:43:45.111
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-18 22:43:45.002
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:26.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:26.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:24.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:24.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Don't see much in the certs. You can go back in and delete any of them that have expired.

I would also uninstall Google Päivitä-palvelu (gupdate) or at least Disable the service since it's broken.

You might try the free REVO uninstaller on your Elby Clonedrive.

http://www.revounins...e_download.html The free version is near the bottom of the left column.



Let's see if you can download the latest installer:

http://www.microsoft...ls.aspx?id=8483

Make sure you get the right language.
  • 0

#34
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
REVO shows 11 results none of which are Clonedrive. I ran it though, and selected Disabled from the # of drives list and it disappeared from the Device Manager list. Odd that it doesn't show up as uninstallable though.

Microsoft Installer fails with 'Class not registered' error (0x80040154).
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I think the installer was an older version so my mistake. It was the newest they had but I see I have 5.0 so assume you do too.

If you open a Cmd.exe by right clicking and run as admin then type:

msiexec

Do you get this window

?

Try the following:

Step 1: Check the Windows Installer Service.


1. Click Start Orb, in the start search box, type Services and press Enter.
2. Scroll down and find the Windows Installer. Double-click “Windows Installer” in the Services list.
3. On the General tab, make sure the service is started under “Service status”.
4. If the service is not already running, under Service status, click Start, and then click OK.

Step 2: Unregister and re-register the Windows Installer

1. Click Start Orb, in the start search box, type MSIEXEC /UNREGISTER, and then click OK .

2. Click Start Orb, in the start search box, type MSIEXEC /REGSERVER, and then click OK . After you run this command, the operation is complete.

3. Now, try your installation again.





Step 3: Clean any pending installations

Check the following registry key and clean any entries in the key that you find:

Go to the Start Orb, type in Regedit and select enter.
If you get the User Account Control dialog box that states, Do you want to allow the following program to make changes to the is computer?, Click yes.



Modifying REGISTRY settings incorrectly can cause serious problems that may prevent your computer from booting properly. Microsoft cannot guarantee that any problems resulting from the configuring of REGISTRY settings can be solved. Modifications of these settings are at your own risk.



Scroll to: HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Installer\InProgress



Check the following registry key and clean any entries in the key that you find:

HKEY_LOCAL_MACHINE \System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations



Step 4: Check the permissions

Verify the System has Full Control on the following keys:

HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Installer


Clear the alarms in System and Applications as before.

Next, restart your computer. Run the Minitoolbox to show the alarms and copy and paste them here.
  • 0

#36
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I got that same Windows Installer window. The installer wouldn't work even after steps 1 and 2. There were no pending installations but there were file rename operations which I cleared. As far as I could tell, the system had Full Control over the keys in ...\CurrentVersion\Installer.

MiniToolBox by Farbar Version: 13-07-2013
Ran by Ghost (administrator) on 05-08-2013 at 18:20:52
Running from "C:\Users\Ghost\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-07-19 00:00:07.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-19 00:00:07.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-18 22:43:45.111
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-18 22:43:45.002
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:26.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:26.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:24.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-05 16:57:24.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Have we tried Windows Repair all-in-one?

http://www.tweaking....all_in_one.html

Download, Save and right click and Run As ADmin then press Start. Reboot when done.
  • 0

#38
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I think we did. Tried again, and it gives Invalid picture error when trying to start. Both Portable and Installer version.
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
OK. Startup Process Monitor and then try to run it. Then go into Process Monitor and Files, uncheck Capture Events. Go ahead and Save the whole log as CSV and then upload it to one of the free server websites like http://www.filedropper.com/ and then give me the link.
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
From the first ProcMon log:

"C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\REALTEK 11n USB Wireless LAN Software.ico"
"C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\_PDFFile.ico"
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\_SC_Acrobat.ico"

and this Registry entry "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters" have "ACCESS DENIED" errors.

Can you take ownership of the files and give Administrators Full Control?

http://technet.micro...y/cc753659.aspx

and then try to take ownership of the registry entry:
http://www.howtogeek...y-in-windows-7/

The xml file I asked you for is KB2530548. It appears to be stuck. Can you uninstall it?

http://windows.micro...emove-an-update
  • 0

Advertisements


#41
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Everything else ok, except for KB2530548 which wasn't listed and so I couldn't uninstall it.
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
OK. Do you still get the bad image error when you try Windows All In One? What exactly does the error say. Can you take a Screen shot of the error?

Can you run Process Monitor then try to do sfc /scannow and save the log and upload it to dropbox again and send me the link.
  • 0

#43
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
That's literally all it says, screenshot attached. Link in your inbox.

EDIT: Forgot to attach

Attached Thumbnails

  • tweaking_error.jpg

Edited by klmk, 06 August 2013 - 01:06 AM.

  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Search for CMD and right click on cmd.exe and Run As Admin then type:

set

Does it have two entries like these:

TEMP=C:\Users\Ron\AppData\Local\Temp
TMP=C:\Users\Ron\AppData\Local\Temp

Go to the folder and verify that System, Administrators and Your login have Full Control.

Going to bed now. Will look at the log tomorrow.
  • 0

#45
klmk

klmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When clicking the Security tab in the Properties window for the directory, it says the permissions are incorrectly ordered and that that may cause some entries to be ineffective. In the 'Group or user names' box it has System, my login, Admins and Users in that order. All others have everything apart from Special permissions checked while Users has Read & execute, List folder contents and Read.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP