Win 7 x64 problems

I'm having all kinds of issues with my system. Here's a list of the problems I'm having, and I've gone through everything to make sure I'm not infected with something including rootkit scanners.

1. I can't install some programs. I recieve a 1935 error with Hresult 0x80070002. Same error and hresult with different programs, even though assembly numbers are different. Programs like OpenOffice, Razer's program for the black widow ultimate keyboard(the driver did install), and others. The programs will install and are usable as long as I don't close the error popup. This is possibly due to permissions conflicts as I've had other programs I was able to find individual workarounds for. It's seems to be something of an issue with MSI

2. I cannot run sfc with any switches, I keep recieving the message windows resource protection could not perform the requested operation. Yes I run this from an elevated command prompt.

3. I intermittently get a BSOD with error 0x93(I think) which I think might just be a heat issue but possibly related. The memory dumps are not happening so no files to check :yum

4. When I check the event viewer I get a repeating 136/137 warning/error combination every few seconds constantly and it never stops.

5. IE9 installation fails, possibly connected to item 1 above. No reasons given in troubleshooting info and guides that I've gone through don't work.

6. Attempted repairs from the install disk have no effect.

I'm absolutely certain I'm not infected, unless it's with something totally new and unknown.

I'm out of ideas on what else to do out side of formatting and starting all over, something I'd dreadfully hate to do as I have a couple of 15-20 gig programs I'd have to replace :yum



Sys Info
Win 7 x64 Pro OEM
ASUS M4A77TD Mobo
AMD Phenom x4 925
8G Adata XPG DDR3 1600
1Tb WD1001FALS HD
SAPPHIRE 100282-3SR Radeon HD 5850 (Cypress Pro) video card

 

On Microsoft forum,a suggestion is that the net framework is damaged, and reinstalling might help, At this link , also, permissions are directed- I am in XP,at the moment, so I cannot check it out.
http://answers.microsoft.com/en-us/...80070002/66d7e00c-3b3f-48bb-8c62-f28b565887d5

 

can you try the following commands from an elevated command prompt:

msiexec.exe /unregister
msiexec.exe /regserver

also, can you save your error event logs, and upload them here? application security and setup at least.

 

I ran both commands. Apparently they worked as I didn't recieve any error messages. As far as the logs go where do I find the actual files themselves. I can't seem to find a way to locate them through the event viewer.

 

ok cool

How to View Event Logs
To open Event Viewer, follow these steps:

Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
In the console tree, click Event Viewer.

The Application, Security, and System logs are displayed in the Event Viewer window.

To archive a log, follow these steps:

Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
In the console tree, expand Event Viewer, and then right-click the log in which you want to archive, and then click Save Log File As.
Specify a file name and location where you want to save the file. In the Save as type box, click the format that you want, and then click Save.

The log file is saved in the format that you specified.


source: http://support.microsoft.com/kb/308427

 

First a note regarding Event viewer logs: My preference for the Event viewer logs type is the default one (*.evt/evtx), it can then be zipped and attached and the file can be filtered and scanned using Event viewer on a helpers PC. Sometimes an evt file is too big to zip and attach, in those cases, it might be an idea to use the filter by date option and save it as monthly archives or, say the last 3 months worth of data.

Can you create a new User with admin rights and test the installs and SFC, etc. from there?

Driverview will allow you to see all currently loaded drivers so you can check for outdated or problematic drivers.

I think the .NET framework being at fault is something of a red herring, OOO doesn't require .NET to install or run.

 

SFX didn't work, will try creating another admin account.

I zipped the viewer logs but for some reason I can't upload them to the forums. File is small enough but it keeps failing after a few minutes.

 

Ok, here's something wierd, I went to make another admin account to see if the stuff would work there. There's an ASP.Net account that I don't remember making, anyone know what that is or what could have put it there?

It's set for standard account and pass protected. Don't have any idea how it got there though.

Nothing worked on the new Admin account.

 

Ok, here we go, got the files uploaded. I wasn't thinking when I read the file sizes.
Application, Software, and Security are in the first file, with System in the second.

 

Ok, tiger ^^,

I see the System log is full of 2 related errors, repeating every 5 seconds! This is an error I've no working knowledge of. As it makes reference to NTFS and data, ensure you have verified copies of all vital or valued data backed up away from the computer

It really means nothing to me, a quick search indicates it may be .NET/Hyper-V/Windows Backup related. If you can research this to find the trigger software/Scheduled task for it on your PC, then we may be able to find a fix.

 

Can we try the following:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=914FBC5B-1FBA-4BAE-A7C3-D2C47C6FCFFC

Read that some people were able to resolve this issue with this, i'm kind of doubtful and am still looking for the root cause.

 

Please do as thisisu just suggested



More entries from the system log that may be related to the problems indicated:

Several like this.

Multiples of this.

Several of these, could this be the temp file from above?

3 of these + corresponding complaints about improper shutdowns.

Setup logs next:

A fail from Windows Update, "MSSecurityClient_Setup_KB981889_Install"



Then the Security log:

2 auditing failures here.


The Applications log is full of Event ID 1001 entries mostly based on Event Name: WindowsWcpOtherFailure3 that may have 'useful' files related to them in C:\ProgramData\Microsoft\Windows\WER\ReportQueue\

Overall, I think it may be more helpful, if you can't find the (Scheduled task?) trigger for the earlier System errors, if you could try to work through the logs to find the date these problems began appearing. Then filter the logs to the day before through to say, a week after they began. Save the filtered logs and zip and upload them please.

 

http://discussions.virtualdr.com/archive/index.php/t-248850.html

I'm not finding much info on this error..

the system errors, some are saying are related to the fs_rec.sys driver.
Can you see if this file is in your c:\windows\system32\drivers folder?

When was it last modified?

 

This i'm pretty sure is related to .NET Framework
It's really nothing to worry about, definitely not malicious
and we can remove it, or disable you from seeing it from your login screen if you'd like by using a command such as :

net user "asp.net" /active:no



you may want to just type: net user
to see what windows is listing as users of the computer

 

A couple more questions:
What backup software are you using? If none, have you ever had any installed?
Have you ever resized a partition on this system?

 

Yes it's there, modified 7/13/2009. Which was a coupe months after I finished this build.

Backup software, to be honest I haven't used anything other than the defaults from the imbedded windows tools and from certain programs like Spybot. I haven't tried repartitioning since the initial installation. Although I've been thinking about it.

And as far as windows back ups go, I only have whatever was turned on by default.

 

Still searching the logs. Going month to month till I find anything. the 136/137 combos only go back to 6/13/11 but there's 77k events listed in that log, so they might go back further than that just overloaded the log.

That readyness tool installed one hotfix, gonna see if that worked.

 

Ok, here's something I found while trying to search out the logs.

The error 0x80070002 is what I get when I try to install those programs I was talking about. And I believe the 0x80070003 is associated.

 

Hmm, I think at least one folder in that error list is sometimes used by malware. If malware is involved, it's likely to try to protect itself by blocking scans and access, that could explain the errors.

Even if it isn't malware, most of those folders contain your data - have you got everything of value backed up away from the computer?

 

Actually I think it's something I did or didn't undo back when I started having installation issue. So, here's my plan to fix this.

1. Create a new partition.
2. Fresh install of windows 7.
3. Install all update
4. Install all updated drivers.
5. Copy necessary/wanted files/folders. The ones I know are safe.
6. Reinstall programs that may have been compromised.
7. Format the original partition
8. Remove the original partition
9 Expand the current partition to the original settings.

This will work ultimately, and will probably be easier than trying to track down the stuff I screwed up originally.

While it is totally possible I might have an infection from something, none of the scans can find it or anything remotely close to an infection.

To be honest though I really think it's something I did/didn't undo back in january and now it's coming to a boil.

As far as the BSOD, it's either my graphics card heat or software, or whatever I did has this thing really messed up.

I can't remember which program I was trying to install back in january that caused me to have to do an ownership/security workaround to certain files/folders, but I think whatever I did is blocking stuff now because I forgot to undo the privilege changes I made.

Idk if there's an easy mode way to just revert those setting back to default. If there is that might cure my issue. I'll wait on removing the old install for a day or 2 just to see if anyone comes up with anything.

 

Based on what I'm seeing here, I'd strongly advise going carefully through all the steps in the Malware Removal guide to ensure that you're not going to be in for any nasty surprises during your proposed fix.

If you get any errors during the process, make notes of them and mention them in your new post in the Malware forum when you attach the needed logs. Hopefully, after the logs have been checked, there will be no need for further action but if there is, you'll be in good hands. Better safe than sorry, eh?

Is your data backed up and verified away from the PC yet?

 

No, I don't have any externals to store to.

Here's what I have so far.

New partition is up with fresh install.

Fresh security software

Everything was great for about 4 or 5 days, but then I noticed updates aren't installing in the new install. I can see the lists but the updater gets stuck when attempting to download them. I was good at first when the first set of updates popped up but now it just won't download them at all.

Also trying to connect to a networked printer won't download the drivers from update either.

This started before I tried transferring anything from the corrupted partition.