Bugs eating background, background changed to blue with spyware warning ...

[evilfantasy]

You would actually need to uninstall the programs and then reinstall them from the websites.

HP\hpcoretech < Not sure what this is, a printer maybe?
HP Software Update
Dell Media Experience
Sonic Update Manager

[ComputerTired]

C:\WINDOWS\addit.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_163044

[evilfantasy]

How is everything now?

Run CCleaner.

----------

Final steps and free security programs.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
Using Winpatrol to protect your computer from malicious software

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
Using SpywareBlaster to protect your computer from Spyware and Malware

Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[ComputerTired]

I needed to update my Windows XP, and when I was updating it [ the Windows XP Service Pack 2 ], the installation/updating process lasted for 4 hours and finally, it stopped. However, it said that the Service Pack 2 could not be installed on my computer.

=(

I took some screen shots of the error message just in case you wanted to see them.

Also, I sent an error report to help Microsoft come up with a solution to the problem [ said they did not have a solution for it yet ].

When I checked my C drive, a lot of space was eaten up from the incomplete and failed installation.

I created a system restore point before I began the installation so I'm wondering would it be alright to just restore my computer to that point to regain the space that was taken away.

 

[evilfantasy]

A system restore should work.

Download this from Microsoft and run it on your computer
Filename = MGADiag2.exe
http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and then you can paste it in this thread.

[ComputerTired]

Which one should I do first?
The restore or the Microsoft download?

[evilfantasy]

Either one. The MGDiag will be a scan with info. about your PC.

[ComputerTired]

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {7BDBCAE4-F879-4461-AD0A-18831330171A}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_16E0B333-156-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 101 Not Activated
Microsoft Office Standard Edition 2003 - 101 Not Activated
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.1557]
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.1123]
File Mismatch: C:\WINDOWS\system32\oembios.bin[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.dat[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.sig[hr = 0x80070714]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7BDBCAE4-F879-4461-AD0A-18831330171A}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-354348320-3626668711-587776703</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Inspiron 5150                   </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A38</Version><SMBIOSVersion major="2" minor="3"/><Date>20041210******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>8D7B3F07018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell INSPIRON I5150</model></SBID><OEM/><BRT/></MachineData>     <Software><Office><Result>101</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>42BA952905EC862</Val><Hash>M0rx/A4ZJryB5D6Xfwq57CKExZ4=</Hash><Pid>70141-049-4039831-56200</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="101"/><App Id="18" Version="11" Result="101"/><App Id="1A" Version="11" Result="101"/><App Id="1B" Version="11" Result="101"/></Applications></Office></Software></GenuineResults> 

[evilfantasy]

WGA Data-->
Validation Status: Validation Control not Installed

You need to validate your Windows installation or the updates won't work.
.

• Go here using Internet Explorer.
  
• Click on "Validate Windows"
• Be patient while the ActiveX loads, do not click on any links.
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
• Enter your product key then click "continue"
• When it says "Validation Complete" click "Continue to return to your previous activity"
• Copy what it says and paste it here.

[ComputerTired]

Ran into a small teensy weensy problem.

When I click on the Validate Windows button, a message pops up that says "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

So, getting out of that window by pressing OK, the screen says there's an alternate method of the little Internet Info Bar doesn't appear at the top.

I waited, just in case the page felt like loading anyway for me to validate my windows...it didn't happen so, I waited some more. Unfortunately it didn't work so, I went to the alternate method.

When I clicked on the method to Open [ it said to either open it or run it ], I clicked on Run. Now, a window is on my screen that is supposed to run as an HTML application, but the screen is not doing anything. It's just blank.

I've waited for that screen as well and I'm still waiting. Maybe it will do something.

=)

Or maybe it won't....

=(

I'll still wait for it though.

Also, I see on the Microsoft Genuine Advantage Diagnostic Tool a resolve button. So, I have the option to resolve the information [ the Validation Control not Installed ] was in red, so I'm guessing it's referring to that.

Is it possible that I can resolve or validate my windows from there? I still have the scan thing open.

[evilfantasy]

You can try, I've never actually gone through the whole process so I'm not sure what to do next.

[ComputerTired]

I was not able to validate windows, unfortunately. I kept trying however, but to no success.

I tried to regain all of the GB's that the incomplete Windows update had ate, but when I went to my system restore, I saw that the point that I created before I ran the update was gone. It seems as if the Windows update had got rid of it. I saw that there were about 20 different Windows XP KB versions on the system restore calendar points.

I found the earliest one and restored my computer to that time.

Boy was it nerve-wracking !!

I really thought for a moment that my computer was a goner. The reboot lasted for a long time and there were points in the restore process that I had never seen before in relation to other system restores that I have done.

All in all, Windows started up [ a new startup message appeared but it just said that McAfee's components were becoming my default security program ] and when I checked my C drive pie to see if my space returned ....

 


..yea. It actually got worse, but at least I have my computer back in running condition.

 

[ComputerTired]

My McaFee firewall alert just appeared and said that the program Spooler SubSystem App has changed since it was last granted access to the internet.

It's giving me the path :

C:\WINDOWS\SYSTEM32\spoolsv.exe

McAfee is allowing it because it recognizes the application. I just looked on a website and it said that spoolsv.exe is sometimes identified as a virus ...

I think I'm just going to run Malwarebyte's to see what it says or another virus scan on my computer to see what's up.

[evilfantasy]

It's probably legitimate related to your printer.

spoolsv.exe is a Microsoft Windows system executable which handles the printing process. This program is important for the stable and secure running of your computer and should not be terminated.

I will give you the only information I have on this issue right now. This is copy/pasted so isn't specific to you but the information will be useful for contacting MS and getting validated. I'm not sure what else to do. Until you get validated and updated you will continue to have occasional problems. Windows is at SP3 now so you are two Service Packs behind so are open to all kinds of security issues.

Because the Validation Control is not installed, we need you to go to the Diagnostic Site: http://www.microsoft.com/genuine/diag/ and follow the instructions there. Then re-run the original MGADiag.exe.

I strongly suggest you pull out the license information and call 1-866-PCSAFETY (1-866-727-2338).  This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada.

If you have valid, licensed software, then you need to go to the Windows Genuine Forum, register and post the log.   http://forums.microsoft.com/Genuine/default.aspx?ForumGroupID=125&SiteID=25 If necessary, copy the original log or provide a link to this thread.

In the event you are a victim of piracy, help is available from this site: http://www.microsoft.com/piracy/

[ComputerTired]

Hey evilfantasy, just came by here to say THANKS A LOT for ALLLLL the help and time you put in on helping me fix this infection issue.

I'm glad that there are sites/forums where you can ask for help without having to ship out your computer and pay hundreds of bucks for pretty much the same assistance given online.

You're a lifesaver.

Thanks again.

p.s. - I still haven't given up on getting my computer validated. Cross your fingers!