TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Wild Wheeler on February 09, 2008, 09:39:25 PM
-
Running two machines with Intel D845WNL motherboards.
Windows 2000 SP4
Windows Update runs
...finds updates to download
...downloads the updates
FAILS to install updates.
One machine works fine, the other does the above. I CAN manually download the update by clicking on the information link and downloading the "stand/alone" patch and install it OK, so I have all but one update applied, the "Root Certificate" which does not have a separate download.
The machine that does this, is used by a curious (read porn and music sites) 19 year-old. I regularly "scrub" with Spybot Search & Destroy as well as Ad-Aware personal. I also have Norton Anti-Virus Professional Edition (10.1.6.6000) Scan Engine 71.4.0.15 and update regularly. Nothing shows up.
I have tried comparing registry entries between the two machines without much success. This machine that "fails" has the SCSI scanner and DVD burner and some extra QuickBooks software that the other one does not.
Any ideas?
-
Do you know which updates fail to install?
What number(s)
Can you also do the following
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum
-
[quote name=\'guestolo\' post=\'421226\' date=\'Feb 9 2008, 09:54 PM\']Do you know which updates fail to install?
What number(s)
Can you also do the following
Download Hijackthis Installer from [color=\"#ff0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum[/quote]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:01 PM, on 2/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
D:\Programs\Spybot\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/ (http://\"http://windowsupdate.microsoft.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot\TeaTimer.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab (http://\"https://accounting.quickbooks.com/c7/v15.585/qboax9.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187929147046\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187929139125\")
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab (http://\"https://accounting.quickbooks.com/c7/v15.560/qboax8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5160/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 8169 bytes
==========================
To answer the questions...
All of the updates fail to install - I have to install manually. This has been going on this machine for about 6 months (maybe longer - I've lost track). They always are identified, they will always download, all of them FAIL to install.
I found the failing code at one time, don't remember where the log is, but it's one of those long useless 0x800000 type things that gives all sorts of suggestions that don't help.
The WindowsUpdate.log shows:
MicrosoftUpdate]
2008-02-09 18:21:13:343 1288 42c Agent *********
2008-02-09 18:21:13:343 1288 42c Agent * Updates to install = 1
2008-02-09 18:21:13:343 1288 42c Agent * Title = Root Certificates Update
2008-02-09 18:21:13:343 1288 42c Agent * UpdateId = {D1B4FCCB-384D-489E-A709-845116887F36}.100
2008-02-09 18:21:13:343 1288 42c Agent * Bundles 1 updates:
2008-02-09 18:21:13:343 1288 42c Agent * {1F4EC4E0-9FEE-4EBA-A543-E184E03B67F8}.100
2008-02-09 18:21:20:296 1288 42c Agent WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
2008-02-09 18:21:20:312 1288 42c Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-02-09 18:21:20:312 1288 42c Agent * WARNING: Exit code = 0x80240020
2008-02-09 18:21:20:312 1288 42c Agent *********
2008-02-09 18:21:20:312 1288 42c Agent ** END ** Agent: Installing updates [CallerId = MicrosoftUpdate]
Let me know what else you need.
Thanks
-
quote name='Wild Wheeler' date='Feb 11 2008, 03:21 PM' post='421367']
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:01 PM, on 2/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
D:\Programs\Spybot\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/ (http://\"http://windowsupdate.microsoft.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot\TeaTimer.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab (http://\"https://accounting.quickbooks.com/c7/v15.585/qboax9.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187929147046\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187929139125\")
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab (http://\"https://accounting.quickbooks.com/c7/v15.560/qboax8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5160/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 8169 bytes
==========================
To answer the questions...
All of the updates fail to install - I have to install manually. This has been going on this machine for about 6 months (maybe longer - I've lost track). They always are identified, they will always download, all of them FAIL to install.
I found the failing code at one time, don't remember where the log is, but it's one of those long useless 0x800000 type things that gives all sorts of suggestions that don't help.
The WindowsUpdate.log shows:
MicrosoftUpdate]
2008-02-09 18:21:13:343 1288 42c Agent *********
2008-02-09 18:21:13:343 1288 42c Agent * Updates to install = 1
2008-02-09 18:21:13:343 1288 42c Agent * Title = Root Certificates Update
2008-02-09 18:21:13:343 1288 42c Agent * UpdateId = {D1B4FCCB-384D-489E-A709-845116887F36}.100
2008-02-09 18:21:13:343 1288 42c Agent * Bundles 1 updates:
2008-02-09 18:21:13:343 1288 42c Agent * {1F4EC4E0-9FEE-4EBA-A543-E184E03B67F8}.100
2008-02-09 18:21:20:296 1288 42c Agent WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
2008-02-09 18:21:20:312 1288 42c Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-02-09 18:21:20:312 1288 42c Agent * WARNING: Exit code = 0x80240020
2008-02-09 18:21:20:312 1288 42c Agent *********
2008-02-09 18:21:20:312 1288 42c Agent ** END ** Agent: Installing updates [CallerId = MicrosoftUpdate]
Let me know what else you need.
Thanks
[/quote]
===============================================
Also found this...
http://www.wsus.info/forums/index.php?showtopic=7117 (http://\"http://www.wsus.info/forums/index.php?showtopic=7117\")
It could have been going on this long...I don't know
-
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Try disabling your Firewall temporarily and see if the updates still fail
I know it's not wise to have a disabled Firewall for very long, but just till you try Windows Updates
Also, if the above will not work, we still need to clean some orphan entries in Hijackthis
Try the following and see how it goes
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
ALLOW any prompts by Spybot's TeaTimer so it won't interfere with the above
If windows updates previously didn't work,
Download and extract to desktop Dial-a-fix (http://\"http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip\")
Open the Extracted folder and click on Dial-a-fix.exe
New windows put a check in
Empty Temp folders
Adjust time/date
Fix Windows Installer
Fix Windows Updates
Leave defaults checked when applied by the above
Then click on GO
When Internet time opens ensure Time and correct date is set then let it continue
when done click on EXIT
Reboot the computer and try Windows updates again
Also post a fresh hijackthis log and let me know how things are running please
NOTE: You may have better luck if you update Internet Explorer 5 to 6
You may be able to do this manually
Check out this link
http://www.microsoft.com/downloads/details...;DisplayLang=en (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en\")
-
[quote name=\'guestolo\' post=\'421392\' date=\'Feb 11 2008, 09:28 PM\']Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Try disabling your Firewall temporarily and see if the updates still fail
I know it's not wise to have a disabled Firewall for very long, but just till you try Windows Updates
Also, if the above will not work, we still need to clean some orphan entries in Hijackthis
Try the following and see how it goes
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
ALLOW any prompts by Spybot's TeaTimer so it won't interfere with the above
If windows updates previously didn't work,
Download and extract to desktop Dial-a-fix (http://\"http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip\")
Open the Extracted folder and click on Dial-a-fix.exe
New windows put a check in
Empty Temp folders
Adjust time/date
Fix Windows Installer
Fix Windows Updates
Leave defaults checked when applied by the above
Then click on GO
When Internet time opens ensure Time and correct date is set then let it continue
when done click on EXIT
Reboot the computer and try Windows updates again
Also post a fresh hijackthis log and let me know how things are running please
NOTE: You may have better luck if you update Internet Explorer 5 to 6
You may be able to do this manually
Check out this link
http://www.microsoft.com/downloads/details...;DisplayLang=en (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en\")[/quote]
================================
================================
After dial-a-fix WindowsUpdate will not let me continue without "registering" some files for Windows Update. Then it tries to do the update and I get "Error number: 0x8007041D". So, for giggles, I rebooted the machine with the "registered" files, but I still get the same error.
I am running IE version 6 - specifically according to Help Version: 6.0.2800.1106IC
Here is the HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:48 AM, on 2/14/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
C:\WINNT\System32\SCardSvr.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/ (http://\"http://windowsupdate.microsoft.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab (http://\"https://accounting.quickbooks.com/c7/v15.585/qboax9.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187929147046\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187929139125\")
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab (http://\"https://accounting.quickbooks.com/c7/v15.560/qboax8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5160/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 7887 bytes
Error number: 0x8007041D
-
Have you seen this link?
http://www.microsoft.com/communities/newsg...48f0d09&p=1 (http://\"http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=34b35d0e-7559-4cb6-b24c-0f07448f0d09&p=1\")