Bree26

Can't Install Windows Updates

Recommended Posts

Windows Updates are failing to install on my computer (running Windows XP). Troubleshooting so far had determined that it has to do with Background Intelligent Transfer Service not starting. My Events Log tells me that "BITS service terminated with service-specific error 2147942405 (0x80070005)" but the Microsoft website then tells me that "Windows does not recognize the service's error code." Real helpful. <_<

So I know that BITS won't start but I don't know why or what to do about it. I had a problem with spyware recently that I thought was taken care of, but now I'm wondering if this is an after effect. Any ideas on any of this?

Share this post


Link to post
Share on other sites

I first checked to see that BITS is running as a Local System and it is. In checking other services, I noticed that Human Interface Device was disabled and it won't start, either. It's error message is : Error 126: specified module could not be found. Before I try to go any further with the BITS troubelshooting, is this HID something I should be concerned about? I am a computer novice, so I need things explained in layman's terms as much as possible. Thank you! :)

Share this post


Link to post
Share on other sites

Remote Procedure Call (RPC) is not dependant on any other service. Most services are dependant upon it. Messenger has nothing to do with any issues except that it is a security problem.

Have you turned off any services at any time thinking that it will save you resources? Have you scanned for malware?

Share this post


Link to post
Share on other sites

I'm not aware of turning off any services to save resources, but we did have an issue with malware/spyware that was supposedly resolved a couple of weeks ago. All that shows up on an ewid scan now are some tracking cookies. I guess I'm not sure what to do now, since I have these three services that aren't functioning properly. Is there somewhere else I should post?

Share this post


Link to post
Share on other sites

I just spotted your HJT threads. With all of the malware you had your operating system may be corrupted. Is your computer a custom built or proprietary (Dell, HP/Compaq or etc.)? Depending on which type of computer it is you may need to do a repair install or reinstall of the OS.

Edited by TheTerrorist_75

Share this post


Link to post
Share on other sites

It's a Dell Dimension 8400 running Windows XP SP2.

Yeah, I know it was a real mess and I was nearly finished with diagnosing it...ran Rootkit Revealer as a last step and then never received a response to that log so I had no idea what any big problem might be. I figured some things in the system were messed up just by the way it has been running, even though scans show nothing malicious. I've also noticed failure audits here and there: Event ID 680, User:NT AUTHORITY\SYSTEM, Logon Attempt by: MICROSOFT-AUTHENTICATION-PACKAGE-V1-0 (on my logon account name), followed by: Event ID 529, Logon Failure: Unknown user name or bad password, User Name: (me), Domain: (our computer), Logon Type: 2, Logon Process: Advapi. Is someone trying to access our computer or am I misinterpreting this?

Edited by Bree26

Share this post


Link to post
Share on other sites

You are still infected. Advapi is the Netdevil worm that edits your registry. To reinstall WinXP on your computer is not something a novice should attempt. Your computer has a SATA drive that would need it's drivers reinstalled before XP can installed to the hard drive. This wouldn't be too bad if Dell installed a floppy drive on the computer. Sadly in most cases the buyer doesn't opt for this. I would contact Dell Support and have them guide you through doing a complete reinstall of XP. Once that is done download all Windows updates, install an antivirus program and come back here for tips on what additional programs should be installed to protect you. Please stay away from any sites that say you can make money online. These sweepstake, survey and other such sites are loaded with malware.

Install Windows XP on Dell Dimension 8400 (without floppy drive)

Share this post


Link to post
Share on other sites

OK...our anti-spyware program (Spyware Doctor) found this during it's morning scan:

Backdoor.Redghost HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System##DisableRegistryTools

This was not on yesterday's scan.

And, we did purchase a floppy drive with the system. We also have AVG Free Edition running, which has been clear of viruses for about a week now. Should I post another HJT log on the malware forum before I continue trying to repair my registry, etc.? This is getting worse instead of better, at this point. It has been a ballooning problem since May. :(

Edited by Bree26

Share this post


Link to post
Share on other sites
OK...our anti-spyware program (Spyware Doctor) found this during it's morning scan:

Backdoor.Redghost HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System##DisableRegistryTools

This was not on yesterday's scan.

And, we did purchase a floppy drive with the system. We also have AVG Free Edition running, which has been clear of viruses for about a week now. Should I post another HJT log on the malware forum before I continue trying to repair my registry, etc.? This is getting worse instead of better, at this point. It has been a ballooning problem since May. :(

You can try to post a new HJT log. I don't know if it's possible to repair your registry due to the corruption. I think your best bet is to reinstall WinXP and start fresh.

Share this post


Link to post
Share on other sites
You can try to post a new HJT log. I don't know if it's possible to repair your registry due to the corruption. I think your best bet is to reinstall WinXP and start fresh.

I will gladly do that if it means getting rid of this daily nuisance. I guess my question was if I needed to be sure I was clear of every and anything before I reinstall Windows XP. And, also, since we have a floppy drive, will reinstallation be less tricky (for lack of a better word)?

Share this post


Link to post
Share on other sites

You can try to post a new HJT log. I don't know if it's possible to repair your registry due to the corruption. I think your best bet is to reinstall WinXP and start fresh.

I will gladly do that if it means getting rid of this daily nuisance. I guess my question was if I needed to be sure I was clear of every and anything before I reinstall Windows XP. And, also, since we have a floppy drive, will reinstallation be less tricky (for lack of a better word)?

I would get in touch with Dell Support, the link is in my previous reply, and let them guide you on the reinstall. I don't know what disks they issued you or if you have a RAID setup with image. Have them guide you through a full format and reinstall to wipe everything clean. Remember you will need to reinstall all of the Windows Updates, motherboard drivers, anti-virus and other drivers and programs. Once done you should install a couple of programs we recommend here to help keep you protected from malware.

The biggest thing you can do to stay safe though is not visiting sites that state you can make money or obtain freebies. I would also change your email addresses if you have signed up for any of these money making schemes. Many of the emails they send contain malware. Also start deleting any forwarded emails that you receive without opening them. All these do is create spam lists and allow you to get flooded with bad emails. I have cleaned many computers belonging to my aunts and friends that got involved with this type of activity. Many times it was easier to reinstall the operating system.

Share this post


Link to post
Share on other sites

I fixed the BITS problem and installed all new Windows updates. The fix was to go into Documents and Settings\All Users\Application Data\Microsoft\Network, where there are two folders, Connections and Downloader. I cut and pasted the Downloader folder onto the desktop, went back into Services to BITS, clicked "started" and it worked. I owe the fix to a lady on a Microsoft forum, who had gotten the same error message I did (the only other one I'd come across in my internet search the past two days).

As far as any infections, I've run SpyBot and nothing popped up on that. I'm not sure what to do on that point now.

Share this post


Link to post
Share on other sites

Great news, Bree and thanks for posting the fix, so others can benefit.

Have you installed SpywareBlaster? I LOVE that program, it keeps cooties from entering the computer, kind of like a firewall for spyware--all you have to do is watch the update section here and update it when needed. AND it is VERY easy to install!

Liz

Edited by blim

Share this post


Link to post
Share on other sites
I fixed the BITS problem and installed all new Windows updates. The fix was to go into Documents and Settings\All Users\Application Data\Microsoft\Network, where there are two folders, Connections and Downloader. I cut and pasted the Downloader folder onto the desktop, went back into Services to BITS, clicked "started" and it worked. I owe the fix to a lady on a Microsoft forum, who had gotten the same error message I did (the only other one I'd come across in my internet search the past two days).

As far as any infections, I've run SpyBot and nothing popped up on that. I'm not sure what to do on that point now.

Run these;

http://www.kaspersky.com/virusscanner

http://housecall.trendmicro.com/

Post a new HijackThis log at the same section of the forum you previously did. Supply a link to this thread along with your HJT log. I still have a feeling that your registry is corrupted and that malware is still present on your computer.

Share this post


Link to post
Share on other sites
Great news, Bree and thanks for posting the fix, so others can benefit.

Have you installed SpywareBlaster? I LOVE that program, it keeps cooties from entering the computer, kind of like a firewall for spyware--all you have to do is watch the update section here and update it when needed. AND it is VERY easy to install!

Liz

No, I'm running Spyware Doctor, which seems to be pretty good so far.

Share this post


Link to post
Share on other sites
Run these;

http://www.kaspersky.com/virusscanner

http://housecall.trendmicro.com/

Post a new HijackThis log at the same section of the forum you previously did. Supply a link to this thread along with your HJT log. I still have a feeling that your registry is corrupted and that malware is still present on your computer.

Tried to run Kaspersky and it seems to get hung up on one particular fle: Dell\Media\ONDRVMED.ZIP after scanning only 117 files. It ran for 6 minutes alone on that and didn't do anything beyond that. I ran it in IE, as i requested, which would no cooperate for the Housecall scan. Kaspersky did say it found an infected object, nearly right off the bat: Trojan-Downloader.Win32.Adload.bo and it rewrites HKLM\Software\Microsoft\DownloadManager. Which could possibly explain my difficulties the past two days?

The Housecall scan is verrrry sloooooow; telling me it will take 2 1/4 hrs., which is a world record for scanning my computer. We'll see what it has to say.

Edited by Bree26

Share this post


Link to post
Share on other sites

Run these;

http://www.kaspersky.com/virusscanner

http://housecall.trendmicro.com/

Post a new HijackThis log at the same section of the forum you previously did. Supply a link to this thread along with your HJT log. I still have a feeling that your registry is corrupted and that malware is still present on your computer.

After several attempts, Kaspersky completed a full scan. It did find a trojan downloader: Win32.Adload.bo.

Housecall is being very difficult. I'll try again but I'm not sure it's going to cooperate. The last attempt said it would take 5 hours; that seems a little long to me!

That's not long if you have a large hard drive with lots of files. Let it run.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...