A Little XP Wierdness
Published on August 21, 2011 By Daiwa In Personal Computing

Had a problem with installation of the first of the .net updates last month and after repeated failed attempts to get it to install, and after several other updates also failed subsequently, I decided to try MS's free tech support for security issues.  We got all the failed updates to install manually except for the two .net updates.  The first, the one that originally first failed, would hang at about 50% on the progress bar and just sit there.

When I attempted to do the update manually while in SafeMode, I got a message saying that the component/app for which the update was intended was not installed on my computer & it stopped right there (.net 2.0 is installed on my rig).

Long story short - In the course of troubleshooting, the tech wanted to check something in MSConfig.  I haven't had occasion to use it in a long time but I'm pretty certain I've run it on this desktop at some point since I bought it 3 years ago or so.  When we launched msconfig.exe from the run command, the process showed up in TaskManager but no UI appeared.  When the tech did some digging in the registry, she couldn't find whatever should have been there for msconfig.exe (I tried to get out of her what she was looking for & couldn't find but all she'd say is that there is a registry issue with msconfig).

There are two instances of files named msconfig.exe on my system, one in C:\\Windows\ServicePackFiles\i386 and one in C:\\Windows\pchealth\hlpcenter\binaries.  Running either results in the same behavior - a process running in TaskManager without a UI.

This brought the tech support to a halt since the msconfig.exe issue was not a 'security' issue and they couldn't troubleshoot the security issue any further without being able to check MSConfig.

Any of you have ideas on this before I go spending my next 4 rounds of golf on MS Consumer Support?

Thanks!

 


Comments (Page 1)
on Aug 21, 2011

Well, I have two suggestions. First, if the tech didn't do it, go to run, type in cmd.exe. In the resulting window type in sfc  /scannow. Hit enter and let it do it's thing.

 Be sure to put a space between sfc and the /.

If that don't fix it. Try this:

http://forums.wincustomize.com/410383

 

I believe there is a link to instructions for XP on the original article.

 

on Aug 21, 2011

Daiwa, I generally recommend doing chkdsk /f /r  again, using the elevated command prompt (cmd>right ckick>run as administrator). It will perform the sfc /scannow as part of it.

Takes more time, but is more inclusive and fixes any bad sectors. Your msconfig.exe might be sitting in or partially in such a sector.

It takes more time, but imo, it's worth it. 

on Aug 21, 2011

Thanks for the suggestions, guys.  I'll let you know the results.

As for the non-destructive XP re-install, what version of the OS gets reinstalled?  SP1?  Does it work with OEM versions?

THANKS!!

on Aug 21, 2011

You have to have SP1 uninstalled for 7 and Vista) or it will fail same for XP SP2 and 3... check the article, though... never tried it..

on Aug 21, 2011

http://home.ptd.net/~miles4/dotnetfx_cleanup_tool.zip

 

C:\WINDOWS\pchealth\helpctr\binaries
C:\WINDOWS\ServicePackFiles\i386

Both are 04/14/2008 00:12:27 169,984

Anything else it's malware or corrupted. My guess is it's the latter.

Look in Event Viewer.... it's talking to you

on Aug 21, 2011

Malware was the first thing I suspected. Should always do a Malwarebytes scan.. not perfect but really good....

Thanks for the help, yrag. .NET is the most troubling darned thing... have written about it...

http://blogs.msdn.com/b/astebner/archive/2005/04/08/406671.aspx

Aaron's blog... explains the tool, but care should be used with it as I understood from various articles I've read.

on Aug 21, 2011

CHKDSK appeared to report/fix no errors (there's a switch which sets the post-scan report to persist but I've forgotten it).

yrag -

Thanks for chiming in - I was hoping you'd see this.

Both my files are 04/13/2008 5:12:27 169,984

Malware?

Event Viewer has this entry for 3:00 am this morning, I'd guess from an attempt by Automatic Updates to install an update:

Product: Microsoft Office Outlook 2003 -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

That was in the Application section.  Don't see anything referencing MSConfig there or in the System section.  What should I be looking for?

Thanks for your kind help.

on Aug 21, 2011

msconfig going missing is usually a good sign your system has been compromised, of course they don't want you going into the startup tab and removing whatever it was that was installed.

Typically tho, when it happens, task manager vanishes too, so perhaps, I may barking up the wrong tree.

 

Hope you get it solved.

on Aug 21, 2011

I thought it might be your MMC snap-ins......we'll get back to that.

 

Run the tool I gave you and then run Windows update. If update won't run, install manually:

http://www.microsoft.com/download/en/details.aspx?id=96

http://www.microsoft.com/download/en/details.aspx?id=19

Than run update.

on Aug 21, 2011

In the middle of a full Malwarebytes scan on that rig as I type.

Interestingly, during the MWB scan, MS Security Essentials popped up an alert and removed this:

TrojanDownloader:Java/OpenStream.AY

file:C:\Documents and Settings\Daiwa\Application Data\Sun\Java\Deployment\cache\6.0\49\73190831-1cc1f558.

I'm thinking that was a false positive, but maybe not.

After MWB finishes running, I'll proceed with your recommendations, yrag.  Might be late this afternoon or evening before I report back as we're going to be visiting some friends for awhile this afternoon (& MWB might not be done till then anyway).

I really appreciate your help.

on Aug 22, 2011

Ran MWB on all four fixed drives & it flagged 2 registry items as 'PUM.Hijack.StartMenu':

  • HKCU\SOFTWARE\Microsoft\CurrentVersion\Explorer\Advanced\Start_ShowHelp
  • HKCU\SOFTWARE\Microsoft\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs

It also flagged atomic.exe (Atomic Clock - a really old app that I haven't used in years) on a backup drive (which at one time was my primary hard drive) as an 'Adware.Agent'.

All three were successfully removed.  MSConfig.exe still MIA after reboot.

Starting yrag's recommended procedure next.

on Aug 22, 2011

When the tech did some digging in the registry, she couldn't find whatever should have been there for msconfig.exe (I tried to get out of her what she was looking for & couldn't find but all she'd say is that there is a registry issue with msconfig).

 

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE

 

Path:: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

 

 

 

Note to self: Start reading original posts...........

 

on Aug 22, 2011

yrag -

I ran the cleanup tool but initially only for .NET 2.0, the update for which was the one that would hang and fail.

After rebooting, Windows update does not offer the previously offered update for 2.0 but offers '.NET Framework 3.5 Service Pack 1 and 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86'.

It also has this additional update in the on-deck circle: '.NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)'.

No other high priority updates are on offer (aside from IE8, which I don't plan to install on this rig).

I'm going to hold off on installing this one and stop here for now pending your further advice, in case I should go ahead & run the cleanup tool for all versions first.

Thanks again.

 

on Aug 22, 2011

You need to clean it all out, then install 1.0 and run update, then 2.0 and run update and so on......  

 

Anything Update doesn't offer can be found at: http://www.microsoft.com/download/en/details.aspx?id=96 (scroll to bottom of screen)

on Aug 22, 2011

Passed each other in the hall.

That reg key shows that app path here, exactly as you posted above.