Author Topic: Windows Update W2K SP4 (Read 1409 times)

Wild Wheeler · « **on:** February 09, 2008, 09:39:25 PM »

Running two machines with Intel D845WNL motherboards.
Windows 2000 SP4
Windows Update runs
...finds updates to download
...downloads the updates
FAILS to install updates.

One machine works fine, the other does the above. I CAN manually download the update by clicking on the information link and downloading the "stand/alone" patch and install it OK, so I have all but one update applied, the "Root Certificate" which does not have a separate download.

The machine that does this, is used by a curious (read porn and music sites) 19 year-old. I regularly "scrub" with Spybot Search & Destroy as well as Ad-Aware personal. I also have Norton Anti-Virus Professional Edition (10.1.6.6000) Scan Engine 71.4.0.15 and update regularly. Nothing shows up.

I have tried comparing registry entries between the two machines without much success. This machine that "fails" has the SCSI scanner and DVD burner and some extra QuickBooks software that the other one does not.

Any ideas?

guestolo · « **Reply #1 on:** February 09, 2008, 10:54:16 PM »

Do you know which updates fail to install?
What number(s)

Can you also do the following
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

Wild Wheeler · « **Reply #2 on:** February 11, 2008, 04:21:59 PM »

[quote name=\'guestolo\' post=\'421226\' date=\'Feb 9 2008, 09:54 PM\']Do you know which updates fail to install?
What number(s)

Can you also do the following
Download Hijackthis Installer from [color=\"#ff0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum[/quote]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:01 PM, on 2/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
D:\Programs\Spybot\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot\TeaTimer.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 8169 bytes
==========================
To answer the questions...

All of the updates fail to install - I have to install manually. This has been going on this machine for about 6 months (maybe longer - I've lost track). They always are identified, they will always download, all of them FAIL to install.
I found the failing code at one time, don't remember where the log is, but it's one of those long useless 0x800000 type things that gives all sorts of suggestions that don't help.
The WindowsUpdate.log shows:
MicrosoftUpdate]
2008-02-09 18:21:13:343 1288 42c Agent *********
2008-02-09 18:21:13:343 1288 42c Agent * Updates to install = 1
2008-02-09 18:21:13:343 1288 42c Agent * Title = Root Certificates Update
2008-02-09 18:21:13:343 1288 42c Agent * UpdateId = {D1B4FCCB-384D-489E-A709-845116887F36}.100
2008-02-09 18:21:13:343 1288 42c Agent * Bundles 1 updates:
2008-02-09 18:21:13:343 1288 42c Agent * {1F4EC4E0-9FEE-4EBA-A543-E184E03B67F8}.100
2008-02-09 18:21:20:296 1288 42c Agent WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
2008-02-09 18:21:20:312 1288 42c Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-02-09 18:21:20:312 1288 42c Agent * WARNING: Exit code = 0x80240020
2008-02-09 18:21:20:312 1288 42c Agent *********
2008-02-09 18:21:20:312 1288 42c Agent ** END ** Agent: Installing updates [CallerId = MicrosoftUpdate]

Let me know what else you need.

Thanks

Wild Wheeler · « **Reply #3 on:** February 11, 2008, 06:04:14 PM »

quote name='Wild Wheeler' date='Feb 11 2008, 03:21 PM' post='421367']
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:01 PM, on 2/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
D:\Programs\Spybot\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot\TeaTimer.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 8169 bytes
==========================
To answer the questions...

All of the updates fail to install - I have to install manually. This has been going on this machine for about 6 months (maybe longer - I've lost track). They always are identified, they will always download, all of them FAIL to install.
I found the failing code at one time, don't remember where the log is, but it's one of those long useless 0x800000 type things that gives all sorts of suggestions that don't help.
The WindowsUpdate.log shows:
MicrosoftUpdate]
2008-02-09 18:21:13:343 1288 42c Agent *********
2008-02-09 18:21:13:343 1288 42c Agent * Updates to install = 1
2008-02-09 18:21:13:343 1288 42c Agent * Title = Root Certificates Update
2008-02-09 18:21:13:343 1288 42c Agent * UpdateId = {D1B4FCCB-384D-489E-A709-845116887F36}.100
2008-02-09 18:21:13:343 1288 42c Agent * Bundles 1 updates:
2008-02-09 18:21:13:343 1288 42c Agent * {1F4EC4E0-9FEE-4EBA-A543-E184E03B67F8}.100
2008-02-09 18:21:20:296 1288 42c Agent WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
2008-02-09 18:21:20:312 1288 42c Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-02-09 18:21:20:312 1288 42c Agent * WARNING: Exit code = 0x80240020
2008-02-09 18:21:20:312 1288 42c Agent *********
2008-02-09 18:21:20:312 1288 42c Agent ** END ** Agent: Installing updates [CallerId = MicrosoftUpdate]

Let me know what else you need.

Thanks
[/quote]

===============================================

Also found this...

http://www.wsus.info/forums/index.php?showtopic=7117

It could have been going on this long...I don't know

guestolo · « **Reply #4 on:** February 11, 2008, 10:28:11 PM »

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Try disabling your Firewall temporarily and see if the updates still fail
I know it's not wise to have a disabled Firewall for very long, but just till you try Windows Updates

Also, if the above will not work, we still need to clean some orphan entries in Hijackthis

Try the following and see how it goes

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

ALLOW any prompts by Spybot's TeaTimer so it won't interfere with the above

If windows updates previously didn't work,
Download and extract to desktop Dial-a-fix

Open the Extracted folder and click on Dial-a-fix.exe
New windows put a check in
Empty Temp folders
Adjust time/date
Fix Windows Installer
Fix Windows Updates

Leave defaults checked when applied by the above
Then click on GO
When Internet time opens ensure Time and correct date is set then let it continue
when done click on EXIT
Reboot the computer and try Windows updates again

Also post a fresh hijackthis log and let me know how things are running please

NOTE: You may have better luck if you update Internet Explorer 5 to 6
You may be able to do this manually
Check out this link
http://www.microsoft.com/downloads/details...;DisplayLang=en

Wild Wheeler · « **Reply #5 on:** February 14, 2008, 11:55:08 AM »

[quote name=\'guestolo\' post=\'421392\' date=\'Feb 11 2008, 09:28 PM\']Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Try disabling your Firewall temporarily and see if the updates still fail
I know it's not wise to have a disabled Firewall for very long, but just till you try Windows Updates

Also, if the above will not work, we still need to clean some orphan entries in Hijackthis

Try the following and see how it goes

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {B03884F7-0801-42B2-8401-354974CE2F67} - (no file)
O2 - BHO: (no name) - {D9730403-D608-4D02-BE52-4804AD050696} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

ALLOW any prompts by Spybot's TeaTimer so it won't interfere with the above

If windows updates previously didn't work,
Download and extract to desktop Dial-a-fix

Open the Extracted folder and click on Dial-a-fix.exe
New windows put a check in
Empty Temp folders
Adjust time/date
Fix Windows Installer
Fix Windows Updates

Leave defaults checked when applied by the above
Then click on GO
When Internet time opens ensure Time and correct date is set then let it continue
when done click on EXIT
Reboot the computer and try Windows updates again

Also post a fresh hijackthis log and let me know how things are running please

NOTE: You may have better luck if you update Internet Explorer 5 to 6
You may be able to do this manually
Check out this link
http://www.microsoft.com/downloads/details...;DisplayLang=en[/quote]

================================
================================

After dial-a-fix WindowsUpdate will not let me continue without "registering" some files for Windows Update. Then it tries to do the update and I get "Error number: 0x8007041D". So, for giggles, I rebooted the machine with the "registered" files, but I still get the same error.

I am running IE version 6 - specifically according to Help Version: 6.0.2800.1106IC

Here is the HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:48 AM, on 2/14/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
D:\Programs\Conversions Plus\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Programs\Symantec AntiVirus\Rtvscan.exe
D:\Programs\UPHClean\uphclean.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
D:\Programs\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programs\SYMANT~1\VPTray.exe
D:\Programs\Atomic\Atomic.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
D:\Programs\Conversions Plus\MacName.exe
D:\Programs\MoonPhase\moon.exe
C:\WINNT\System32\SCardSvr.exe
D:\Programs\Mozilla\mozilla.exe
D:\Programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MacLicense] "D:\Programs\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programs\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\Programs\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Programs\Atomic\Atomic.exe
O4 - Global Startup: LaunchU3.exe.lnk = C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
O4 - Global Startup: MacName.lnk = D:\Programs\Conversions Plus\MacName.exe
O4 - Global Startup: MoonPhase.lnk = D:\Programs\MoonPhase\moon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programs\Aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929147046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187929139125
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c7/v15.560/qboax8.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380D62FA-9847-4AF2-A602-370D10BBBC14}: NameServer = 192.168.13.2,206.13.28.12,206.13.31.12
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Programs\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MacFormatService - DataViz Inc. - D:\Programs\Conversions Plus\FORMATM.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Programs\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Programs\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 7887 bytes

Error number: 0x8007041D

guestolo · « **Reply #6 on:** February 14, 2008, 10:38:45 PM »

Have you seen this link?
http://www.microsoft.com/communities/newsg...48f0d09&p=1

TheTechGuide Forum

News:

Author Topic: Windows Update W2K SP4 (Read 1409 times)

Wild Wheeler

Windows Update W2K SP4

guestolo

Windows Update W2K SP4

Wild Wheeler

Windows Update W2K SP4

Wild Wheeler

Windows Update W2K SP4

guestolo

Windows Update W2K SP4

Wild Wheeler

Windows Update W2K SP4

guestolo

Windows Update W2K SP4