<div>
After following the younghv advice, &nbsp;and per your HiJackthis logs, following entries needs to be fixed:<br />
O23 - Service: @%SystemRoot%\system32\Alg<wbr />.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.ex<wbr />e (file missing)<br />
O23 - Service: @%SystemRoot%\system32\efs<wbr />svc.dll,-1<wbr />00 (EFS) - Unknown owner - C:\windows\System32\lsass.<wbr />exe (file missing)<br />
O23 - Service: @%SystemRoot%\System32\net<wbr />logon.dll,<wbr />-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.<wbr />exe (file missing)<br />
O23 - Service: @%systemroot%\system32\psb<wbr />ase.dll,-3<wbr />00 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.<wbr />exe (file missing)<br />
O23 - Service: @%systemroot%\system32\Loc<wbr />ator.exe,-<wbr />2 (RpcLocator) - Unknown owner - C:\windows\system32\locato<wbr />r.exe (file missing)<br />
O23 - Service: @%SystemRoot%\system32\sam<wbr />srv.dll,-1<wbr /> (SamSs) - Unknown owner - C:\windows\system32\lsass.<wbr />exe (file missing)<br />
O23 - Service: @%systemroot%\system32\spo<wbr />olsv.exe,-<wbr />1 (Spooler) - Unknown owner - C:\windows\System32\spools<wbr />v.exe (file missing)<br />
O23 - Service: @%SystemRoot%\system32\vau<wbr />ltsvc.dll,<wbr />-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.<wbr />exe (file missing)<br />
O23 - Service: @%SystemRoot%\system32\vds<wbr />.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.ex<wbr />e (file missing)<br />
O23 - Service: @%systemroot%\system32\vss<wbr />vc.exe,-10<wbr />2 (VSS) - Unknown owner - C:\windows\system32\vssvc.<wbr />exe (file missing)<br />
<br />
Sudeep
</div>


<div>
Once that is done I would also advice you if you a copy of you Symantec Antivirus then uninstall before installing the Service Pack 1. Once that is install, install the Symantec Antivirus afterwards.<br />
<br />
I hope that would help<br />
<br />
Sudeep
</div>


<div>
As noted in this Article, there are several things that HijackThis cannot handle in a 64 bit architecture.<br />
<a href="https://www.experts-exchange.com/Virus_and_Spyware/HijackThis/A_3178-HijackThis-reports-missing-files-on-64-bit-Systems.html" rel="ugc">https://www.experts-exchange.com/Virus_and_Spyware/HijackThis/A_3178-HijackThis-reports-missing-files-on-64-bit-Systems.html</a><br />
<br />
There is no need to take any action in any of the above listed &quot;023&quot; entries.<br />
<br />

</div>


<div>
I ran the combo fix log, and here are the results. &nbsp;I'll look into that rogue killer hyperlink suggested by younghv.<br />
<br />
Based on the combo fix log, should I take any additional steps?<br />
<a href="https://filedb.experts-exchange.com/incoming/2011/05_w21/459461/ComboFix.txt" target="_blank" class="file-inline" title="ComboFix Log (18 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ComboFix.txt</a>
</div>


ComboFix.txt

<div>
The Rogue Killer didn't return any bad processes or tasks. &nbsp;I'm going to uninstall Symantec and try to do the SP1 update again.
</div>


<div>
Unionblitz,<br />
RogueKiller is only the first step in the process.<br />
After you run that, you immediately install and update Malwarebytes - then do a full scan.<br />
<br />
Post your Malwarebytes log when you are through.
</div>


<div>
20 minutes and still scanning, using the Malware tool (Full scan)... I will post the log up here when it's done.
</div>


<div>
*anti-malware (malwarebytes)
</div>


<div>
Younghv, here is the anti-malware log. &nbsp;It doesn't look like anything malicious is running in the background (which is obviously a great thing). &nbsp;Please advice me on what to do next.<br />
<br />
Thank you!<br />
<a href="https://filedb.experts-exchange.com/incoming/2011/05_w21/459471/mbam-log-2011-05-15--15-08-03-.txt" target="_blank" class="file-inline" title="Anti-Malware Log (893 bytes)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>mbam-log-2011-05-15--15-08-03-.txt</a>
</div>


mbam-log-2011-05-15--15-08-03-.txt

<div>
I agree - nothing bad showing up - and I agree that it is a great thing.<br />
<br />
Have you tried downloading the actual SP1 &quot;executable file and running that from your system?<br />
<br />
As noted above, Symantec and SME could be conflicting - or - it could be the Symantec is/was blocking the install.<br />
<br />
With all of your AV (temporarily) disconnected, try run SP1 from the website again.<br />
If that doesn't work, download the executable and try running that.
</div>


<div>
Installing from web (Windows Updates)... &nbsp;Hopefully this will work! *fingers crossed*
</div>


<div>
nope, the web version didn't work. &nbsp;I got the c004f01f error again. What should I do now? Download the SP1 onto my desktop, restart in safe mode, and try installing it that way?<br />
<br />
Again, the scandisk will probably come up with additional errors. &nbsp;I don't think we ever addressed those errors. &nbsp;Is there any way to fix that?
</div>


<div>
That is a very common error (according to MS).<br />
<br />
Their number one recommendation is to download and install the SP manually.<br />
<br />
<a href="http://support.microsoft.com/kb/947366" rel="ugc">http://support.microsoft.com/kb/947366</a>
</div>


<div>
This one might be better:<br />
<a href="http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windowsupdatec004f01f-windowsupdatedt000/509681cb-b54c-e011-8dfc-68b599b31bf5" rel="ugc nofollow">http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windowsupdatec004f01f-windowsupdatedt000/509681cb-b54c-e011-8dfc-68b599b31bf5</a>
</div>


<div>
I've tried running the windows 7 sp1 file by itself on my machine, to no avail. &nbsp;I tried running those files to prime the machine for the windows updates, which fixed nothing.<br />
<br />
I tried booting in recovery mode for Windows 7, and it couldn't find any issues with the setup.<br />
<br />
I am wondering if the scan disk log is a good start as to what is wrong.<br />
<br />
Help!
</div>


<div>
Did you read the suggestions at the second MS link I posted?<br />
MS have an actual SP trouble-shooter that you can use.
</div>


<div>
 yes, I ran that trouble shooter. I ran the preparer tool as well. Nothing is working... I might just reinstall windows soon. I can't get any windows update to install. Fun fun. :)
</div>


<div>
Before you reinstall &nbsp;the OS take a look at this article, &nbsp;Although it describes a different error code the suggestions should help&gt;&gt;<br />
<a href="http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/unable-to-install-windows-7-service-pack-1-sp1-due/2859b00a-e472-e011-8dfc-68b599b31bf5?msgId=292ba7c6-e972-e011-8dfc-68b599b31bf5" rel="ugc nofollow">http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/unable-to-install-windows-7-service-pack-1-sp1-due/2859b00a-e472-e011-8dfc-68b599b31bf5?msgId=292ba7c6-e972-e011-8dfc-68b599b31bf5</a><br />
<br />
As stated, please ensure you disable your AV, &amp;&nbsp;ensure the laptop is connected to mains power &amp;&nbsp;not battery. <br />
<br />
Also ...<br />
<a href="http://www.zdnet.com/blog/bott/microsoft-notes-windows-update-inconsistencies-provides-fix/3044" rel="ugc">http://www.zdnet.com/blog/bott/microsoft-notes-windows-update-inconsistencies-provides-fix/3044</a>
</div>


<div>
Its conceivable the laptop is still infected, so you may like to run another Malware scan <b>before</b> you attempt that last article.<br />
<br />
Try Hitman Pro, a second opinion scanner:<br />
Hitman Pro <a href="http://www.surfright.nl/en/hitmanpro" rel="ugc">http://www.surfright.nl/en/hitmanpro</a><br />
<br />
Also this ESET Online Scanner: <br />
<a href="http://www.eset.com/online-scanner" rel="ugc">http://www.eset.com/online-scanner</a>&nbsp;<br />
<br />
Meanwhile i'll study the previous ComboFix log file ...
</div>


<div>
Apart from the &quot;Other Deletions&quot; and &quot;Orphans removed&quot; lists in the CF log file, there does not appear to be any other infection ...but still advise you re-scan as suggested above.
</div>


<div>
I was unable to resolve this problem. However, this was the closest solution.
</div>


<div>
<div class="content wysiwyg-content">
Good afternoon,<br />
<br />
I am unable to upgrade to Windows 7 SP1- I get a C004F01F error. &nbsp;I really would like to get SP1 on this machine, and remove anything malicious that might still be on it (without doing a system reinstall).<br />
<br />
This machine is used for work, and it's imperative that work-related files/programs installed remain intact if I have to do a recovery/reinstall.<br />
<br />
Some background:<br />
1. The machine had a virus at some point. &nbsp;A registry edit was able to &quot;fix&quot; the issue (I think).<br />
2. I installed/ran Spybot, Symantec Antivirus, and Microsoft Security Essentials. &nbsp;<br />
3. I am unable to install Win7 SP1. I keep getting a C004F01F error.<br />
4. I ran a scan disk, and came up with several problems (not fixable).<br />
5. The laptop is a Toshiba, and it came with a recovery disk (not a Windows disk).<br />
<br />
What I've done to get closer to fixing it:<br />
1. Ran Hijackthis, attached the log.<br />
2. Attached a shorted CBS.log.<br />
<br />
Could someone please help me!<br />
<a href="https://filedb.experts-exchange.com/incoming/2011/05_w21/459450/hijackthis.log" target="_blank" class="file-inline" title="Hijackthis log (12 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>hijackthis.log</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2011/05_w21/459451/sfcdetails.txt" target="_blank" class="file-inline" title="CBS log details (89 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>sfcdetails.txt</a>
</div>
</div>


sfcdetails.txt

hijackthis.log

Good afternoon,

I am unable to upgrade to Windows 7 SP1- I get a C004F01F error.  I really would like to get SP1 on this machine, and remove anything malicious that might still be on it (without doing a system reinstall).

This machine is used for work, and it's imperative that work-related files/programs installed remain intact if I have to do a recovery/reinstall.

Some background:
1. The machine had a virus at some point.  A registry edit was able to "fix" the issue (I think).
2. I installed/ran Spybot, Symantec Antivirus, and Microsoft Security Essentials.  
3. I am unable to install Win7 SP1. I keep getting a C004F01F error.
4. I ran a scan disk, and came up with several problems (not fixable).
5. The laptop is a Toshiba, and it came with a recovery disk (not a Windows disk).

What I've done to get closer to fixing it:
1. Ran Hijackthis, attached the log.
2. Attached a shorted CBS.log.

Could someone please help me!

Hijackthis log - Win7 SP1 Issues

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.