Not a valid Win32 Application

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   File::
   c:\programdata\ezsidmv.dat
   
   Folder::
   c:\program files\SQ916D
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Thanks DragonMaster Jay. Here's the log:

ComboFix 10-01-21.01 - Griffin 21/01/2010 15:40:22.3.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.2814.1752 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
Command switches used :: c:\users\Griffin\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SQ916D
c:\program files\SQ916D\skin\AVI_Logo.bmp
c:\program files\SQ916D\skin\Delete1.bmp
c:\program files\SQ916D\skin\Delete2.bmp
c:\program files\SQ916D\skin\Delete3.bmp
c:\program files\SQ916D\skin\Delete4.bmp
c:\program files\SQ916D\skin\DeleteAll1.bmp
c:\program files\SQ916D\skin\DeleteAll2.bmp
c:\program files\SQ916D\skin\DeleteAll3.bmp
c:\program files\SQ916D\skin\DeleteAll4.bmp
c:\program files\SQ916D\skin\Exit1.bmp
c:\program files\SQ916D\skin\Exit2.bmp
c:\program files\SQ916D\skin\Exit3.bmp
c:\program files\SQ916D\skin\Exit4.bmp
c:\program files\SQ916D\skin\ImageFrame1.bmp
c:\program files\SQ916D\skin\ImageFrame2.bmp
c:\program files\SQ916D\skin\ImageFrame3.bmp
c:\program files\SQ916D\skin\Main.bmp
c:\program files\SQ916D\skin\Minimize1.bmp
c:\program files\SQ916D\skin\Minimize2.bmp
c:\program files\SQ916D\skin\Minimize3.bmp
c:\program files\SQ916D\skin\Minimize4.bmp
c:\program files\SQ916D\skin\NextPage1.bmp
c:\program files\SQ916D\skin\NextPage2.bmp
c:\program files\SQ916D\skin\NextPage3.bmp
c:\program files\SQ916D\skin\NextPage4.bmp
c:\program files\SQ916D\skin\PreviousPage1.bmp
c:\program files\SQ916D\skin\PreviousPage2.bmp
c:\program files\SQ916D\skin\PreviousPage3.bmp
c:\program files\SQ916D\skin\PreviousPage4.bmp
c:\program files\SQ916D\skin\Progress1.bmp
c:\program files\SQ916D\skin\Progress2.bmp
c:\program files\SQ916D\skin\Save1.bmp
c:\program files\SQ916D\skin\Save2.bmp
c:\program files\SQ916D\skin\Save3.bmp
c:\program files\SQ916D\skin\Save4.bmp
c:\program files\SQ916D\skin\SelectAll1.bmp
c:\program files\SQ916D\skin\SelectAll2.bmp
c:\program files\SQ916D\skin\SelectAll3.bmp
c:\program files\SQ916D\skin\SelectAll4.bmp
c:\program files\SQ916D\skin\Setup.ini
c:\program files\SQ916D\SQ916D.exe
c:\program files\SQ916D\TransTWAIN.exe
c:\programdata\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Griffin\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 01:33 . 2010-01-21 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 03:43 . 2010-01-20 03:43 -------- d-----w- c:\program files\ESET
2010-01-19 23:46 . 2010-01-21 22:52 -------- d-----w- c:\users\Griffin\AppData\Roaming\skypePM
2010-01-19 23:43 . 2010-01-21 23:38 -------- d-----w- c:\users\Griffin\AppData\Roaming\Skype
2010-01-19 23:43 . 2010-01-21 01:34 -------- d-----r- c:\program files\Skype
2010-01-19 23:42 . 2010-01-21 01:33 -------- d-----w- c:\programdata\Skype
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:49 . 2009-06-30 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-21 15:53:30
ComboFix-quarantined-files.txt 2010-01-21 23:53
ComboFix2.txt 2010-01-21 23:10
ComboFix3.txt 2010-01-19 17:31

Pre-Run: 62,689,001,472 bytes free
Post-Run: 62,650,490,880 bytes free

- - End Of File - - 4A6D678F494E03A3123E5763E5F925CF

Now, try any scan again (online or MBAM), and let me know if it finishes successfully.

It finished. I did a full scan, and it said there was nothing detected. I tried to download another anti-virus that was recommended from here. It downloaded, but when I tried to run it, it said that it was not a valid Win32 Application.

Here is the MBAM scan log.

Malwarebytes' Anti-Malware 1.44
Database version: 3611
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

21/01/2010 6:37:13 PM
mbam-log-2010-01-21 (18-37-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278179
Time elapsed: 1 hour(s), 21 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Now, try to run the installer in Safe Mode with Networking and see if it runs.

I am thinking this is a deeper issue.

Just tried to re-start in safe mode with networking. I walked away after I hit start, so I didn't actually see how far it got before the computer shut down. I'm going to try it again, right away, and get back right after that.

I finally got the file downloaded in safe mode, after many system crashes. Sometimes it would let me get into windows, sometimes not. Then twice it would not let me connect to the net. Anyways, still, in safe mode, I got the notification that avira_antivir_personal__en.exe is a not a valid win32 application.

to beat that, when I tried to post this in safe mode, I was almost finished typing, and my system crashed. I almost chucked this computer out my front window.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

Please remove any e-mail address in the RootRepeal report (if present).

==

Please download Rooter and Save it to your desktop

1. Double click it to start the tool.
   
2. Click Scan.
   
3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
   

==

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • hȋdden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • hȋdden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The
  log will be saved automatically in the same folder Sysprot.exe was
  extracted to. Open the text file and copy/paste the log here.
  

==

Post any or all logs you get from these programs.

I ran Root Repair. It gave me a huge long list, and while still running, the screen went blank, and the hard drive light stayed on full bright. I had to unplug the machine to get it to reset. This was after 20 mins of dark screen.

Will try the other two first, then root repair again.

Ok. Let me know how it goes. If it is what I think it is, we have a dragon on our hands.

A Dragon? I must have the right guy helping me.

I got a Sysprot report. Here it is


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
No hȋdden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

When I tried to run Rooter, it scanned for about 2 seconds, then I got a popup that said :

Malaware Finder has stopped working correctly. Windows will close the program and notify you if a solution is available."

when I clicked close program, Rooter closed. I tried it two more times with the exact same result.

That is when I went to sysprot Antirrotkit

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post the log.

20:31:38:870 1420 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
20:31:38:870 1420 ================================================================================
20:31:38:870 1420 SystemInfo:

20:31:38:870 1420 OS Version: 6.0.6001 ServicePack: 1.0
20:31:38:870 1420 Product type: Workstation
20:31:38:870 1420 ComputerName: GRIFFIN-PC
20:31:38:870 1420 UserName: Griffin
20:31:38:870 1420 Windows directory: C:\Windows
20:31:38:870 1420 Processor architecture: Intel x86
20:31:38:870 1420 Number of processors: 2
20:31:38:870 1420 Page size: 0x1000
20:31:38:870 1420 Boot type: Normal boot
20:31:38:870 1420 ================================================================================
20:31:38:886 1420 UnloadDriverW: NtUnloadDriver error 2
20:31:38:886 1420 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:31:38:901 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
20:31:58:214 1420 UtilityInit: KLMD drop and load success
20:31:58:214 1420 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
20:31:58:214 1420 UtilityInit: KLMD open success
20:31:58:214 1420 UtilityInit: Initialize success
20:31:58:214 1420
20:31:58:214 1420 Scanning Services ...
20:31:58:214 1420 CreateRegParser: Registry parser init started
20:31:58:214 1420 CreateRegParser: DisableWow64Redirection error
20:31:58:214 1420 wfopen_ex: Trying to open file C:\Windows\system32\config\system
20:31:58:214 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
20:31:58:214 1420 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:58:214 1420 wfopen_ex: Trying to KLMD file open
20:31:58:214 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
20:31:58:214 1420 wfopen_ex: File opened ok (Flags 2)
20:31:58:230 1420 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 22F2B98
20:31:58:230 1420 wfopen_ex: Trying to open file C:\Windows\system32\config\software
20:31:58:230 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
20:31:58:230 1420 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:58:230 1420 wfopen_ex: Trying to KLMD file open
20:31:58:230 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
20:31:58:230 1420 wfopen_ex: File opened ok (Flags 2)
20:31:58:230 1420 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 22F2BC0
20:31:58:230 1420 CreateRegParser: EnableWow64Redirection error
20:31:58:230 1420 CreateRegParser: RegParser init completed
20:31:59:212 1420 GetAdvancedServicesInfo: Raw services enum returned 442 services
20:31:59:212 1420 fclose_ex: Trying to close file C:\Windows\system32\config\system
20:31:59:228 1420 fclose_ex: Trying to close file C:\Windows\system32\config\software
20:31:59:228 1420
20:31:59:228 1420 Scanning Kernel memory ...
20:31:59:228 1420 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:31:59:228 1420 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8628B798
20:31:59:228 1420 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
20:31:59:228 1420
20:31:59:228 1420 DetectCureTDL3: DEVICE_OBJECT: 8528B478
20:31:59:228 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8528B478
20:31:59:228 1420 DetectCureTDL3: DEVICE_OBJECT: 84F5E820
20:31:59:228 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F5E820
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x84F5E820[0x38]
20:31:59:228 1420 DetectCureTDL3: DRIVER_OBJECT: 87C107D0
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x87C107D0[0xA8]
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x87BA4C30[0x1E]
20:31:59:228 1420 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
20:31:59:228 1420 DetectCureTDL3: IrpHandler (0) addr: 99A64B40
20:31:59:228 1420 DetectCureTDL3: IrpHandler (1) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (2) addr: 99A64BB8
20:31:59:228 1420 DetectCureTDL3: IrpHandler (3) addr: 99A64C30
20:31:59:228 1420 DetectCureTDL3: IrpHandler (4) addr: 99A64C30
20:31:59:228 1420 DetectCureTDL3: IrpHandler (5) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (6) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (7) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (8) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (9) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (10) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (11) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (12) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (13) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (14) addr: 99A64828
20:31:59:228 1420 DetectCureTDL3: IrpHandler (15) addr: 99A594AA
20:31:59:228 1420 DetectCureTDL3: IrpHandler (16) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (17) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (18) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (19) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (20) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (21) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (22) addr: 99A62F9A
20:31:59:228 1420 DetectCureTDL3: IrpHandler (23) addr: 99A607A2
20:31:59:228 1420 DetectCureTDL3: IrpHandler (24) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (25) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (26) addr: 8206CFE3
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x99A5BA44[0x400]
20:31:59:228 1420 TDL3_StartIoHookDetect: CheckParameters: 4, 99A5F000, 0
20:31:59:228 1420 TDL3_FileDetect: Processing driver: USBSTOR
20:31:59:228 1420 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:59:228 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:59:244 1420 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:31:59:244 1420
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 8638EAC8
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8638EAC8
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 85CD1A60
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85CD1A60
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 856E3828
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 856E3828
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x856E3828[0x38]
20:31:59:244 1420 DetectCureTDL3: DRIVER_OBJECT: 8540B268
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x8540B268[0xA8]
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x853CF8D8[0x20]
20:31:59:244 1420 DetectCureTDL3: DRIVER_OBJECT name: \Driver\ahcix86s, Driver Name: ahcix86s
20:31:59:244 1420 DetectCureTDL3: IrpHandler (0) addr: 89B7A60A
20:31:59:244 1420 DetectCureTDL3: IrpHandler (1) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (2) addr: 89B7A565
20:31:59:244 1420 DetectCureTDL3: IrpHandler (3) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (4) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (5) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (6) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (7) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (8) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (9) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (10) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (11) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (12) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (13) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (14) addr: 89B7A6CB
20:31:59:244 1420 DetectCureTDL3: IrpHandler (15) addr: 89B49EE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (16) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (17) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (18) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (19) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (20) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (21) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (22) addr: 89B4F98F
20:31:59:244 1420 DetectCureTDL3: IrpHandler (23) addr: 89B7A8FE
20:31:59:244 1420 DetectCureTDL3: IrpHandler (24) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (25) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (26) addr: 8206CFE3
20:31:59:244 1420 TDL3_FileDetect: Processing driver: ahcix86s
20:31:59:244 1420 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\ahcix86s.sys
20:31:59:244 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\ahcix86s.sys
20:31:59:259 1420 TDL3_FileDetect: C:\Windows\system32\DRIVERS\ahcix86s.sys - Verdict: Clean
20:31:59:259 1420
20:31:59:259 1420 Completed
20:31:59:259 1420
20:31:59:259 1420 Results:
20:31:59:259 1420 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420
20:31:59:259 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
20:31:59:259 1420 UtilityDeinit: KLMD(ARK) unloaded successfully

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

==

Now let's see if that error happens again.

Tried to run it twice.

Both times it got to 77% complete, and it said :

"windows resource protection could not perform the requested operation"

Sounds like a reinstall to me. Seems like system damage.

I never did get the original Vista Disk with this computer, and I can't locate the backup I made when I bought it new. I tried to do a restore back to new before I came here.

Have any vista disks laying around that you aren't using?

I don't. Lol.

However, if you do not have an install disc or repair disc, then we have to do it manually.

Are you ready?

As ready as I'll ever be

Ok.

Please get an uninstall list from HijackThis by doing the following:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Acer Arcade Deluxe
Acer Arcade Deluxe
Acer Crystal Eye webcam Ver:1.1.57.409
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Agatha Christie Death on the Nile
Alice Greenfingers
AMD USB Audio Driver Filter
AVG Free 8.5
Azada
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Catalyst Control Center - Branding
Chicken Invaders 3
Chuzzle
CyberLink PowerDirector
CyberLink PowerDirector
Diner Dash Flo on the Go
Downloader
ESET Online Scanner v3
Flip Words 2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 17
Jewel Quest Solitaire
Kick N Rush
Launch Manager
Lexmark 730 Series
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Media Maker 8
Orion
PhotoNow!
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scrapbook Flair
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype web features
Skype 4.1
Snap 'n Share
SpongeBob SquarePants Typing
Synaptics Pointing Device Driver
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Zuma Deluxe

Let's start with Windows Installer 4.5.

Go to this page: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5a58b56f-60b6-4412-95b9-54d056d6f9f4

Download the following:
Windows6.0-KB942288-v2-x86.msu

Then, install it. Tell me what it says, if error.

===

Install this update for Windows Vista: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4758433b-11dd-49fc-9529-f8d7a914e1bf

Tell me what it says, if error.

===

Install this update: http://www.microsoft.com/downloads/details.aspx?FamilyId=DF72A9B0-564E-4326-894E-05CBA709CB39&displaylang=en

Tell me what it says, if error.

===

Have you tried to install any service packs recently?

What service pack do you have? 1 or 2?

When I downloaded Windows6.0-KB942288-v2-x86.msu, it asked if I wanted to do it with Windows update standalone installer. I said yes, and it said I needed an update installed, so I did it. I had to restart the computer, then I downloaded it again, with windows update standalone installer. While it was doing that, it said "the update does not apply to my system"

Ok. Tell me what the others do, and tell me about your service packs, please.

Looks like I have SP1, but for some reson I thought I downloaded SP2.

I have been opening the updates from Microsoft, and it doesn't look like anything is happening. Should I be saving them?

That should be fine.

Ok. Now, go ahead and forget the rest.

Now, uninstall Service Pack 1, then tell me what happens.

Follow this tutorial: http://support.microsoft.com/kb/948537

There are a number of SP1 updates. Am I deleting all the .NET framework 3.5 SP1 updates? Or all updates that have SP1 after them.

Go ahead and uninstall all updates for Windows Vista with SP1.

Warning: do not browse the internet while doing this, because malware can exploit the security holes after uninstalling the updates.

I got rid of two SP1 updates, but I could not delete the third.

KB953595 date 03/03/09

I was told to restart, so I did, and will try again to delete this last SP1 update. I will get back to you shortly.

Nope. Doesn't give me the option to remove that update.

Ok. Are you able to remove Service Pack 1?

I could not remove all three parts of SP1. I tried all methods on the site, and could only get two of them off

Go to Start and right click on Computer and select Properties.

Tell me what it says the version of Vista is.

It will say either Windows Vista Home Premium, or will specifically say it has a service pack.

Vista Home Premium
Service Pack 1

AMD Athalon X2 Dual core QL-62 2GHz

Hey. You are running the 1st service pack. There is another one available.

By the looks of this thread: http://social.technet.microsoft.com/Forums/en/itprovistasp/thread/164871b2-46b3-4866-830f-9bf392dc5ad1

tons of people once had trouble. This issue can get resolved by installing Service Pack 2.

Please go to the Windows Update Application. Install any updates. When offered the update for Service Pack 2, please install it.

If you are not offered a SP2, let me know. Then, it would need downloading and installing manually.

Right away. I was having problems with one update, I can't remember which one. Whenever I installed it, My computer crashed, and I had to restore to an earlier date. I ended up doing 40 updates, one by one, and restarting between each, but got all the updates except that one installed. I haven't installed any updates since we started this exercise, so I have 7 to install. Will report back when they are all installed.

OK. So I downloaded all the updates, one by one, with a restart after each. no problems. I saw a link on the update page about other free microsoft software updates. When I clicked on it, it gave me an update to SP2.
After I had the other updates done, and all restarts, I went for the SP2 update. It sat at 0% complete for 1/2 hour, so I canceled the update. I restarted the computer to try again, and I noticed that it took a LOOOOOONG time to shutdown. It sat at the "Windows is shutting down" page for almost 3 minutes, then shut off. When it restarted, it tried, then shutdown. I ended up having to do a restore to an earlier point to get it to startup. Apparently that point was just before I tried to install SP2.

I will once again restart and try SP2 again and get back shortly.

Now its not giving me the option to update SP2. I downloaded it, but got the same result as usual when I tried to run it

I was hoping it would not come to this, but please remove all updates for Windows Vista.

All of them. If some won't remove, I have a way to force remove them. They gotta come off.

Then, we will try to install the service pack.

I fought with Windows Vista to try to remove the Service Pack 2 beta, and install the released service pack. It was tough, but I got it. I know we can do this.

Uninstalling as we speak. 30 down, 90 to go.

Yeah. Like I said I was hoping it would not come to this.

Is it just the windows updates, or the MS office updates as well?

So far I have one silverlight, and one of three SP1 updates that won't uninstall. I'll update you when I'm done everything I can.

Just Updates for Windows Vista.

Good.

I have 35 left to go, and I have found 3 more that don't give me the option to delete

I had about 25 updates left to uninstall, and the computer shut down in the middle of uninstalling one. Now it won't start up. I'm going to let it sit, off for about 15 minutes, because it's hot as hell, and I think it may need a rest. as I said, I'll try it again in about 15 mins.

Had to do a system restore to get the computer to start. That means I have to uninstall all 120 updates again.

Hold the phone.

I am investigating this further.

All windows updates are gone, except for the 5 it would not give me the option of deleting

kb935509
KB937287
KB938371
KB955430
.NET Framework SP1 KB953595