Windows XP problems

Status
Not open for further replies.

cteman

Posts: 7   +0
This is my first time posting and I'm not even sure if this is the right site i need.
I'm at wits end messing with this computer. There seems to be several some what related issues going on. Firstly, I cannot download IE7. It almost completes and then stops downloading and says "access is denied". Secondly, I also cannot dwnload SP3. Same error message. Lastly , every day since April, automatic updates has been installing a security update "Security Update for Microsoft Windows XML Core Services 4.0 Service Pack 2 (KB936181). But after checking the control panel in added programs it never gets downloaded. I"ve tried at least 15 steps that the Microsoft support page suggested I try to no avail. I need help!

Mike
 
Please give us some information about the system you're using- Make, model, RAM.

Are you using IE6 Are you having any problem with it? Is there a particular reason why you want IE7?

Have you put the SP1, Sp2 and updates since on the system? If yes, did you know that you do not need SP3? And if you have an AMD system, SP3 will cause problems.

An update has 2 parts: the download and the installation. Some updates are known to be pesky and cause problems with either step.

So a bit more information, please.
 
I have a Dell Dimension 9100 2002. One GIG RAM. I'm having more and more problems with IE6 freezing up. The microsoft message suggests that i upgrade to IE7. And your right. I can download but it won't let me install. I have Zone Alarm Security Suite which is always running so i do not suspect spyware or viruses. I not looking to install SP3 but I just thought it curious
that i get the same error message.
 
I"ve tried at least 15 steps that the Microsoft support page suggested I try to no avail. I need help!

Does your list of "15 things" include this kb941729? Click here. (MS always has so many things to try. Try this one for your XML update problem and we'll go from there)
 
You do not suspect spyware or viruses ? Ho, ho that is a virtual impossibility these days - sorry. I cannot spend the time explaining why it is nearly impossible, but to give you a hint, do you suppose that every email you receive is virus-free, especially those from your friends that you trust, but who are themselves infested without even being aware of it?

Your symptoms certainly imply that there is a lot wrong with your PC at present, and that could quite easily be a virus. You should first of all do two vital things. (a) take a full backup of your PC as it is now, and store somewhere safe, like an extenal USB drive. (b) connect to a reputable anti-virus online check, such as homecall and see what it says. http://housecall.trendmicro.com/uk/
 
Bobbye

If yes, did you know that you do not need SP3? And if you have an AMD system, SP3 will cause problems.

I thought we had this discussion in another thread.

But for the details....The SP3/AMD issue was fixed last june and the problem source was traced back to HP who acknowledged it (see here). If you know otherwise could you please give me a link to something i can reference?
 
You do not suspect spyware or viruses ? Ho, ho that is a virtual impossibility these days - sorry. I cannot spend the time explaining why it is nearly impossible, but to give you a hint, do you suppose that every email you receive is virus-free, especially those from your friends that you trust, but who are themselves infested without even being aware of it?

Your symptoms certainly imply that there is a lot wrong with your PC at present, and that could quite easily be a virus. You should first of all do two vital things. (a) take a full backup of your PC as it is now, and store somewhere safe, like an extenal USB drive. (b) connect to a reputable anti-virus online check, such as homecall and see what it says. http://housecall.trendmicro.com/uk/

I don't want to minimize what malware can do (its affects and problems it can cause with MS updates) or the value of system backups for any and every reason!

But the OP is reporting problems with KBs that are widely known for giving people installation problems and causing other problems to occur! (like the XML KB continuous update)

So my first question is still (if they read this and still have the problem): Did they try the solution in the KB i suggested in my earlier post?
 
If you know otherwise could you please give me a link to something i can reference?

No, I don't. You delve very deeply into some of the technical aspects of problems- way over the head of the average users. The consensus still is-DON'T download and install SP3 IF you have gotten SP1, SP2 and the updates since. And be especially careful if you have an AMD processor.

If you want documentation for what I am saying, I'm sure you can find it by doing a Google search for SP3 problems. Why have a user put something on the system if it isn't needed and if it is known to cause multiple problems?

To LookingAround:
I sound kinda silly asking for a reference
Hassling me is not going to help the person who has the problem. A Google search using the search term SP3 problems brings up 2,150,000 ( and this is just in English). Here is the first page: http://tinyurl.com/5kyuxp
I am confident that you will find adequate documentation there.
 
No, I don't. You delve very deeply into some of the technical aspects of problems- way over the head of the average users. The consensus still is-DON'T download and install SP3 IF you have gotten SP1, SP2 and the updates since. And be especially careful if you have an AMD processor.

If you want documentation for what I am saying, I'm sure you can find it by doing a Google search for SP3 problems. Why have a user put something on the system if it isn't needed and if it is known to cause multiple problems?

ARRGGGGHHHHHHH! :confused:

But i will say you, "in essence" sound like another of the most frequently quoted, misquoted and parodied movie quotations in history.all of which came from ..... (OK. How many readers know what i;m about to reference) the 1948 film The Treasure of the Sierra Madre with Humphrey Bogart.

If you;d let me paraphrase
"References? We ain't got no References. We don't need no References. I don't have to show you any stinkin' references!' Someone said it out there. on that thing called the internet, so it must be true. Why, there's even a consensus"

I sound kinda silly asking for a reference on "just what is a consensus on the internet". Cause i assume that group includes anyone in cyberspace with accesss to a computer and a blog site who post what ever information and opinion they choose. Post it as internet gospel. (and they have that right even to continue to post when they've been off their meds awhile and their rants and claims can be REALLY outrageous. But if ever questioned to provide any meat to their story. That's the beauty of the internet circle. Cuz they don't have to. They just need reference that "consensus of people" that reference that other consensus..... and so on... and so forth... and internet legends are born
 
Mike, as to your problem:
1. There seems to be several some what related issues going on. Firstly, I cannot download IE7. It almost completes and then stops downloading and says "access is denied". Secondly, I also cannot dwnload SP3. Same error message. Lastly , every day since April, automatic updates has been installing a security update "Security Update for Microsoft Windows XML Core Services 4.0 Service Pack 2 (KB936181). But after checking the control panel in added programs it never gets downloaded. I"ve tried at least 15 steps that the Microsoft support page suggested I try to no avail. I need help!
2. I'm having more and more problems with IE6 freezing up. The microsoft message suggests that i upgrade to IE7
I have Zone Alarm Security Suite which is always running so i do not suspect spyware or viruses.

If you will bear with me, I'd like to approach like this:
Let's try and find the problem with IE6.
Automatic updates:
First, tune off the Automatic Updates until we stabilize the system.
Control Panel> Security Center> Automatic Updates> CHECK 'turn off'> Apply> OK

Event Viewer:
Note the time of the IE freeze on your computer clock, then:
Control Panel> Administrative Tools> Event Viewer> click on Apps first, to open the Application log> look for Error corresponding with time of freeze> right click on the Error> Properties> Click on the Copy icon, top right, below the down arrow> Paste here (Ctrl V)
Do the same with the System Log.

Notes: Ignore Warnings. IF they don't resolve, they will become Errors. Ignore Information Event- they are normal
You will be seeing recurring Errors. IF they have the same ID#, the same Source and the same Description, I only need a copy of one of them. You do not need to include the lines of code in the box below the Description area, but include all else.

Malware:
Rest assured that having the ZoneAlarm Security Suite on the system does not guarantee that you are malware free. Some malware is programmed to turn off firewalls and prevent updates for security programs. Because of that, Please run just this one malware program and attach the log:
Please download Malwarebytes' Anti-Malware from:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
(if necessary, you can run this in Safe Mode)
Save to the desktop. Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Run the scan with Malwarebytes again> When the scan is complete, click OK, then 'Show Results' to view the results. Be sure that everything is checked, and click 'Remove Selected'.
When completed, a log will open in Notepad. Attach the log here.

Doing the two above will give us some idea of what we're dealing with. Hopefully others will give you a chance to complete these without further confusion. We will go from there.
 
Sorry I took so long to get back. I tried the suggestion from LookinAround and it worked. With the constant update for the KB Security .Thank you LookinAround. ChicagoLand Rocks. And I tried the thing from gbHall with the TrendMicro and that didn't work. It found one piece of adware. BHO_MYWAY and that was it. Still can't install IE7. Bobbye, i'm going to try your suggestions next. I'll let you know in the next day or two. Thanks
Mike
 
Thanks for the update. You will need to have all the entries for My Way removed. Run HijackThis and either do it your self with the entries below, or post the log here:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZWYYYYYYYYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.8-2.cab

Uninstall My Web Search option from Add/Remove Programs
Follow the rest here:
http://www.pchell.com/support/mywebsearch.shtml

I suggest you wait to install IE7 until you're clean and stable. When clean, you will need to remove the old System Restore points. Do NOT use SR now.
 
Bobbye
Here is the log from hijack this. I'm not quite sure what I'm looking at.
 

Attachments

  • hijackthis_1.txt
    13.3 KB · Views: 5
You have evidence of a Smitfraud infection:
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - (no file)
File: vblhanf.dll
Status X
Description Smitfraud/AntiVermins

But you are also running some Real Time programs. These have to be stopped when leaning. See:
Temporarily Disable Real Time Monitoring Programs:
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
If you can, open ZoneAlarm and disable everything except the AV.

The following is of concern:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.224.189

IP 169.254.224.189> BLACKHOLE-1.IANA.ORG
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q259922

Have you intentionally set to use the BlackHole server?

Take this out of the trusted zone:
O15 - Trusted Zone: http://www.mapquest.com> take out of trusted
Internet Options> Security tab> Trusted sites> Sites> remove this entry.

You need to run Malwarebytes and SuperAntispyware. AFTER you run them and AFTER making the changes above, run HjackThis again. Attach all 3 logs when done.

See Step 4 and Step5 here for the programs: https://www.techspot.com/vb/post645589-1.html
 
Bobbye,
I have no idea what this Blackhole thing is or how to get rid of it. Here are the logs you needed. I really apprieciate this.
 
Okay, I had to ask because it appears it can be set up by the user. mbam shows you clean. Good. SAS shows a multitude of Tracking Cookies. Have SAS remove them and change the Cookie settings as follows:

For IE: Internet options> Privacy tab> Advanced> CHECK 'allow 1st party Cookies'> CHECK either Prompt or Block for 3rd party> CHECK 'always allow per session> OK> Apply> OK

For Firefox: I suggest you get the AdBlock Plus Extension. IT will block the 3rd party Cookies which you are getting from ads, partners and other junk on sites: https://addons.mozilla.org/en-US/firefox/addon/1865

Then get the Easy List filters here- I suggest (and I have) all three: http://easylist.adblockplus.org/
The two work together to prevent this trash from getting on the system.
Setting for Firefox: Tools>Options> Privacy> Cookies section> CHECK 'accept site Cookies'> UNCHECK 'accept third party Cookies'.

The problem I'm having with Black Hole server is: Blackhole DNS servers are DNS servers that return a "nonexistent address" answer to reverse DNS lookups for addresses reserved for private use. And the accepted IP ranges are:
* 10.0.0.0 - 10.255.255.255
* 172.16.0.0 - 172.31.255.255
* 192.168.0.0 - 192.168.255.255

However, you is showing IP 169.254.224.189 which is NOT in this range. I'm going to have to ask someone more experienced in networking about this. The Black Hole server is okay- but the IP is wrong and I don't know the significance of this. But I did a search for ,AutoConfigURL = 169.254.224.189 and the only site on Google is your message,

Per the HIjack This log, you have this loading at Startup: Try disabling it and see if that helps the system.
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

You have multiple automatic updating loading on boot. I strongly recommend you open each of the programs and disable the auto-update features:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
Have Hijack remove the entries by checking each. Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode
Go to All Programs and open each RealPlayer and Real Player and disable the auto update feature.
Go into the Registry Booster and temporarily disable the program.
For Java, go to Control Panel> Java> Update tab> uncheck 'check automatically for updates'> answer Yes> Apply> OK..

Then go to Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> UNCHECK everything except the ZoneAlarm processes. You have the Kodak and real estate starting on boot- neither should. You can manually start the program when wanted so uncheck> Apply> OK> Reboot into Normal mode.

Close the nag message after checking 'don't show this message again'. Stay in Selective Startup.
I will get back to you on Blackhole.
 
Bobbye,
You didn't mention anything more about the Smitfraud infection. Could there be
potential problems with that? Anyway, everthing you've done has been awsome.
I don't know how I can repay. I felt like I was losing my mind over this. I seems that all the Antispy and Malware programs that you turned me onto would be good things to keep for piece of mind(for the most part).

Cteman
 
Sorry, I got hung up on Blackhole and passed right over that! If you haven't rerun HijackThis yet, please add these to remove:
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - (no file)
O22 - SharedTaskScheduler: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - (no file)

The two files are for the Antivermins which are rogue anti-spyware applications that use aggressive and deceptive advertising to goad you into purchasing the commercial version of their products. These programs are known to be installed on your computer without permission along with malware and Trojans.

But usually there would be 04 entries also and you don't have any.
There is a SmitfraudFix, but it can have consequences. I want to check on this first before having you run it.

These programs I have taken you through are all ones recommended on this site in the malware cleaning. When we're finished,I have you remove the cleaning tools and the System Restore points, as they can be infected.

Hang tight until I get more on the possible SF.
 
Sorry for the delay- we were putting our heads together. Since the IP is going to auto-config, it should not have it set in that entry. Please reopen HijcakThis and scan, have it remove this
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.224.189
Please besure to turn off any Real Time monitoring programs before running Hijack again. Complete the other entries I left for you to fix.
Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot.
Attach the new log here.
 
I'm having some of the same problems.
I cannot download sp2, and I think I'm just going to have to Get the free CD. Maybe you should try that
 
'm having some of the same problems. I cannot download sp2, and I think I'm just going to have to Get the free CD. Maybe you should try that
Please start your own thread with your own problems. They are not the same and will just confuse the issue.
 
I heard that a lot of times, a computer (mostly ones a bit older or lower lines-in this case the one I'm trying to fix for someone) cannot process all of the info over the internet, or the connection can get seen as a virus, because the new software will have to go to the critical files and change the whole computer. We must remember that computers are kind of like people. Even if they are all manufactured the same, each one is a little bit different. If this weren't so, we would be able to fix almost all computer problems. Anyways, no on would knowingly inject a virus through a CD so the computer lets it through the high security clearance, so to speak. This is just a theory I heard, so don't bet your money on it. But since its a free CD, I think I'm going to go for it. The theory makes sense to me, and what harm can it do?
 
Sorry, I didn't mean to post this one, long story.

Also, I was just trying to help. These boards are put up for this, and i kind of feel offended by your closemindedness. I know the solution for the IE7 problem, as i had the same thing, but then, you wouldn't want to know this would you. Since "They are not the same, and it will just confuse the issue" I better not post it though.
 
Your issue:
'm having some of the same problems. I cannot download sp2,
is NOT the same, nor does getting the CD for SP2 address this person's problem. Downloading a new version of a browser is NOT the same as inability to download a Service pack. It appears you have a separate problem which is why I suggested you start a new thread.

All help is welcome. However, you indicated a different problem and advised getting a CD for SP2. This was NOT the issue for this user, nor did you state any resolution to
 
Bobbye,
Sorry it took me so long also. Here is the log. One other question I have is that
every now and then the mouse pointer darts to the edge of the screen and climbs
up to the left hand corner. No infection software picks anything up. I'm not certain
that it is an infection but it does not seem normal. Any suggestions?
Thanks
CTEMAN
 
Status
Not open for further replies.
Back