There are some programs I couldn't load due to error messages from Windows
installer. I attempted to update my installer to v3 but I keep getting a
message "unable to load", any ideas?
--
Terry in Help
There are some programs I couldn't load due to error messages from Windows
installer. I attempted to update my installer to v3 but I keep getting a
message "unable to load", any ideas?
--
Terry in Help
Operating system?
What you actually have tried?
Any information at all would be nice.
I have XP Meida but the trouble started after Norton remoted into my
computer to fix viruses. Now I can't install anything because I get error
messages on anything I try to install referring to the windows installer. I
went to Microsoft to get a new version and it won't install, just stops and
saids it failed.
haloterry wrote:
> Thats it, pretty much, here is what I got:
> KB942288-v3 setup could not backup registry key
> HKCR\{000C101D-0000-0000-C000-000000000046}\DllVersion to file
> C:\windows\$NtUninstallKB942288-v3$\reg00046. 5:Access is denied.
> Thats it.
The above registry needs to have it's Permissions changed.
KB942288-v3 refers to the files being installed by Windows Installer 4.5.
This location is where Windows Installer writes to the registry
regardless of Version:
HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}
So, open the Registry editor. [ Start > Run > type in
regedit
Click OK or press Enter ]
Click the plus sign next to HKEY_CLASSES_ROOT
Scroll all the way down to CLSID
Click the plus sign next to that.
Scroll down to 000C101D-0000-0000-C000-000000000046
Right click 000C101D-0000-0000-C000-000000000046 and choose Permissions
Under Group or user names click on Administrators to highlight it and
then check to see if Permissions for Administrators shows
Full Control and Read.
Same for System.
Now click the Advanced button under Permissions for Administrators and
System.
Both Admin and Sys have 2 entries, one is inherited from
CLSID and one applies to the subkeys under
000C101D-0000-0000-C000-000000000046.
Is that what you're seeing, Terry ?
Please use the Export function before changing any Permissions here.
*Right* click 000C101D-0000-0000-C000-000000000046, click Export.
Name it Installer.reg and Save it to the Desktop for now.
Now scroll all the way up back to CLSID, right click it and choose
Permissions. SYSTEM and Administrators should show these Permissions:
Full Control
Read
For Advanced, under Applies to, it should show This key and subkeys and
NOT be inherited.
Close the registry editor.
We'll go over what you find prior to recommending any editing of
Permissions.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
I have a similar problem, strange thing is that you can delete the key in
safe mode but you still get the error message when installing the installer.
perhaps the access is being trapped before the register.
haloterry wrote:
> All that you asked me to check, was as you wrote. Only difference in entries
> was under Permissions for Administrators and system, there were two entries
> but labled "classes_root\clsid" and the other was "parentobject". Other than
> that, everything else was normal.
To be totally clear on this, for
HKEY_CLASSES_ROOT\CLSID
the Permissions are inherited from here and are both Full and Read for
Administrators and System
For Advanced Perms, Administrators and System AND your User account
name, show Full Control and Read.
HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}
Groups or user names: Administrators and System
Clicking Advanced perms shows:
2 listings of Administrators with the 2 entries you cited
2 listings of System with the 2 entries you cited, both with Full Control
We need to check the Security setting of the location for the backup
files of the update. See if this folder is present:
C:\windows\$NtUninstallKB942288-v3$ < ---- this folder
If it is, right click it and click Properties
Click the Security tab
Administrators and System should show all the boxes checked except for
Special Permissions
Then right click
C:\windows\$NtUninstallKB942288-v3$\reg00004 <-- this *file*
Check the settings by following the above steps, too.
If the settings are different, please change them.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
I have several computers that have recently been infected with XP Antivirus 2008. I've been able to remove the virus, howerver, it appears that it modifies the permissions on the registry key you reference:
HKEY_CLASES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion
If I right-click the key and try to display the permissions, I get access denied. I believe this is what's preventing installer from installing. I've tried renaming the key, deleting/creating a new one, importing, exporting to no avail. Any suggestions would be greatly appreciated. All machines are XP Pro - service pack 2 or 3.
HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046} has two
Permissions for both Administrator and SYSTEM.
Both have Inherited perms for CLASSES_ROOT\CLSID with Full Control and
all of the Permissions boxes checked.
They also have Full Control for Parent Object, with Full Control and all
of the Permissions boxes checked.
Does that clear up any confusion ?
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
bert_agt wrote:
> blarney1234@aim.com;3928875 Wrote:
>
>>I have several computers that have recently been infected with XP
>>Antivirus 2008. I've been able to remove the virus, howerver, it
>>appears that it modifies the permissions on the registry key you
>>reference:
>>HKEY_CLASES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion
>>If I right-click the key and try to display the permissions, I get
>>access denied. I believe this is what's preventing installer from
>>installing. I've tried renaming the key, deleting/creating a new one,
>>importing, exporting to no avail. Any suggestions would be greatly
>>appreciated. All machines are XP Pro - service pack 2 or 3.
>
>
> I too am having this exact issue. Likewise, any suggestions greatly
> appreciated.
>
>
Hi MowGreen,
Permissions are set correctly on the HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046} registry entry. I am unable to access the permissions of the DllVersion subkey. Clicking on it just results in a message "Access is denied....." and likewise trying to change/view permissions is as futile... nothing is displayed in the permissions list yet it is set to inherit permissions from parent, and I cannot explicitly add any permissions. When clicking 'Apply' again same "Access is denied" error message.
I have tried exporting the entire key into a registry file and re-importing it. I can export it succesfully but importing it results in access denied - only on the DllVersion sub key.
I have also deleted the {000C101D-0000-0000-C000-000000000046} from the registry and then re-imported using the reg file mentioned above. Same result. {000C101D-0000-0000-C000-000000000046} is restored, {000C101D-0000-0000-C000-000000000046}\DllVersion is not. Access is denied.
I have upgraded to Windows Installer v4.5 for XP SP3, still no joy.
I have checked that RPC and the Windows Installer services are set to run as LocalSystem. They both are.
Have used regmon and see the access denied message when the Windows Installer service is called when a setup program is called (either installing or uninstalling windows installer based programs).
Have disabled all non-MSFT services and startup entries, rebooted, still no joy.
It would appear the "XP Antispyware 2008" malware has left its mark on Windows and the only solution is to reformat and reload all software on.
Sorry for the rant, a tad frustrated :)
Any assistance appreciated.
Bert
First let me say, thanks for all the help you are giving me. I can see a few
people are having this problem....
Now, even afte showing all hidden files, per the instructions you sent me
to, there is no "C:\windows\$NtUninstallKB942288-v3$" in my Windows
directory. I conducted a search, looking in hidden and system files.
Anything else to try?
haloterry wrote:
> First let me say, thanks for all the help you are giving me. I can see a few
> people are having this problem....
> Now, even afte showing all hidden files, per the instructions you sent me
> to, there is no "C:\windows\$NtUninstallKB942288-v3$" in my Windows
> directory. I conducted a search, looking in hidden and system files.
> Anything else to try?
>
haloterry *previously* wrote:
> I have XP Meida but the trouble started after Norton remoted into my
> computer to fix viruses. Now I can't install anything because I get error
> messages on anything I try to install referring to the windows installer. I
> went to Microsoft to get a new version and it won't install, just stops and
> saids it failed.
> -- Terry in Help
You could try repairing registry and file permissions using SubInACL:
Solving setup errors by using the SubInACL tool to repair file and
registry permissions
http://blogs.msdn.com/astebner/archi...04/739820.aspx
Sorry to tell you this but the best avenue now would be to format the HD
and reinstall MCE at this point. That's the only way to trust the system
after an infestation by malware and the attempted removal of same by the
Norton 'tech'. Who knows what the tech did or if they even got the
system totally cleaned up.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
Hi,
the solution for this problem is to remove a hidden PNP driver.
Open XP Device Manager.
Select "Show Hidden Devices" from Menue.
Open PNP Tree and look for a driver named lime "swuurqlm.sys".
Disable or delete this driver and Reboot.
Voila.
Regards
Martin
THANK YOU MARTIN! The device manager entry you listed didn't apply to the computer I had a problem with, but you pointed me in the right direction. In my case the entry was named "ogpyovrz". I think it's safe to assume that people should look for a gibberish-looking entry which would be typical for malware. When I Google'd the name and no search results were returned, I was certain I had the problem entry. I disabled it and Windows Installer worked again.
Regarding uninstalling it from device manager, I had the problem return again on the next reboot. For some reason it didn't remove the cooresponding file from %windir%\system32\drivers. To get the uninstall to stick, I booted Safe Mode, deleted the file first, and then uninstalled the entry in Device Manager.
Cheers
That's probably because the Windows Installer service is running and the
key can not be accessed in normal Windows mode.
Are you trying to install the latest Version of Windows Installer and
has the system been compromised by malware, specifically, Antivirus
2008/09 ?
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
ron123 wrote:
> I have a similar problem, strange thing is that you can delete the key in
> safe mode but you still get the error message when installing the installer.
> perhaps the access is being trapped before the register.
>
> "bert_agt" wrote:
>
>
>>'MowGreen [MVP Wrote:
>>
>>>;3930324']HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}
>>>has two
>>>Permissions for both Administrator and SYSTEM.
>>>Both have Inherited perms for CLASSES_ROOT\CLSID with Full Control and
>>>all of the Permissions boxes checked.
>>>They also have Full Control for Parent Object, with Full Control and
>>>all
>>>of the Permissions boxes checked.
>>>
>>>Does that clear up any confusion ?
>>>
>>>MowGreen [MVP 2003-2008]
>>>
>>>>
>>
>>Hi MowGreen,
>>
>>Permissions are set correctly on the
>>HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046} registry
>>entry. I am unable to access the permissions of the DllVersion subkey.
>>Clicking on it just results in a message "Access is denied....." and
>>likewise trying to change/view permissions is as futile... nothing is
>>displayed in the permissions list yet it is set to inherit permissions
>>from parent, and I cannot explicitly add any permissions. When clicking
>>'Apply' again same "Access is denied" error message.
>>
>>I have tried exporting the entire key into a registry file and
>>re-importing it. I can export it succesfully but importing it results
>>in access denied - only on the DllVersion sub key.
>>
>>I have also deleted the {000C101D-0000-0000-C000-000000000046} from the
>>registry and then re-imported using the reg file mentioned above. Same
>>result. {000C101D-0000-0000-C000-000000000046} is restored,
>>{000C101D-0000-0000-C000-000000000046}\DllVersion is not. Access is
>>denied.
>>
>>I have upgraded to Windows Installer v4.5 for XP SP3, still no joy.
>>
>>I have checked that RPC and the Windows Installer services are set to
>>run as LocalSystem. They both are.
>>
>>Have used regmon and see the access denied message when the Windows
>>Installer service is called when a setup program is called (either
>>installing or uninstalling windows installer based programs).
>>
>>Have disabled all non-MSFT services and startup entries, rebooted,
>>still no joy.
>>
>>It would appear the "XP Antispyware 2008" malware has left its mark on
>>Windows and the only solution is to reformat and reload all software
>>on.
>>
>>Sorry for the rant, a tad frustrated :)
>>
>>Any assistance appreciated.
>>Bert
>>
>>
>>--
>>bert_agt
>>------------------------------------------------------------------------
>>bert_agt's Profile: http://forums.techarena.in/members/bert_agt.htm
>>View this thread: Windows installer V3
>>
>>http://forums.techarena.in
>>
>>[/color]
Martin,
>> Open PNP Tree and look for a driver named lime "swuurqlm.sys".
You meant Non-Plug and Play Drivers, right ?
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
Martin wrote:
> Hi,
>
> the solution for this problem is to remove a hidden PNP driver.
> Open XP Device Manager.
> Select "Show Hidden Devices" from Menue.
> Open PNP Tree and look for a driver named lime "swuurqlm.sys".
> Disable or delete this driver and Reboot.
> Voila.
>
> Regards
> Martin
This system should *not* be Trusted. If a hidden driver was found on the
system then the likelihood that there may be other other hidden drivers,
basically a Rootkit or a rootkit-like component, present, too.
There's really no way to be 100% certain that all RKs have been removed.
Either *never* enter any personal information on this system, never do
any online banking, or better yet, *flatten it and reinstall the OS.*
Was it infected with the latest 'Antivirus 200x' malware ?
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
jacksonej1972 wrote:
> THANK YOU MARTIN! The device manager entry you listed didn't apply to
> the computer I had a problem with, but you pointed me in the right
> direction. In my case the entry was named "ogpyovrz". I think it's
> safe to assume that people should look for a gibberish-looking entry
> which would be typical for malware. When I Google'd the name and no
> search results were returned, I was certain I had the problem entry. I
> disabled it and Windows Installer worked again.
>
> Regarding uninstalling it from device manager, I had the problem return
> again on the next reboot. For some reason it didn't remove the
> cooresponding file from %windir%\system32\drivers. To get the uninstall
> to stick, I booted Safe Mode, deleted the file first, and then
> uninstalled the entry in Device Manager.
>
> Cheers
>
>
Bookmarks