0x800703E3 installing Windows Update Agent
in [Windows Update]
|
From: Darryl on 28 Jan 2010 13:09 Thanks again for the help, Mow. The unregister/register of winhttp5.dll worked without any errors. kxentovz.dll is one of the dlls belonging to software that we have written here, so it is Ok. I think rockvdd.dll may be left over from something the prior owner of this machine installed long ago. I think it is benign based on info I found here: http://www.siteadvisor.com/sites/rockey.gr/downloads/2178178/ AppRemover did not find any remnants of security software to be removed. It only found my installation of Malware AntiBytes. Early on in all this, I installed and ran AntiBytes and it found some things that I quarantined and removed: Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and deleted successfully. Getting rid of these things did not solve my problem, though. I ran it again as you suggested and it found more items, which were probably not causing any problems. I quarantined them and removed them anyway: Files Infected: C:\Documents and Settings\joncmartin\Local Settings\Temp\res88B.tmp (Adware.180olutions) -> Quarantined and deleted successfully. C:\Program Files\Microsoft AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\6C755816-4BC4-4E67-B68F-31930B (Adware.180olutions) -> Quarantined and deleted successfully. C:\Program Files\Microsoft AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\D8CEB3A0-F20D-4A91-A424-1CDAB6 (Adware.180olutions) -> Quarantined and deleted successfully. C:\Program Files\Microsoft AntiSpyware\Quarantine\547A6688-0AE7-4F21-8599-6C7272\FBC29733-84E4-4766-9ABB-D365FA (Adware.180olutions) -> Quarantined and deleted successfully. I'm starting to think that the only solution is going to be repaving this machine!
From: MowGreen on 28 Jan 2010 14:56 You're mowst welcome, Darryl. Previously, I suggested the unregistering of winhttp5.dll and the re registering of *winhttp.dll*. Did you mistakenly re register winhttp5.dll ? Before proceeding, I can see there are at least 2 partitions involved, C and D. Suggest you download another copy of the WUA and place it on the partition where the Windows directory is *not* installed, which I assume is D:\ - http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe Then stop the AU and BITS services. ( Adding the /force switch to the executable prior to running it should not have be done when the services are stopped. ) Next, show hidden files, folders, and system files: http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp Using Windows Explorer, navigate to WINDOWS\Software Distribution Open the Software Distribution subfolder and delete *all* of it's subfolders. The only thing left now in the Software Distribution subfolder should be the ReportingEvents.log Now run windowsupdateagent30-x86.exe from the D partition and then restart the system. See if it can search for updates now. If no joy, the only other suggestion left is to download, save, and then run Process Monitor when you try to install the Windows Update Agent. You could set a filter for the executable, windowsupdateagent30-x86.exe, and perhaps see which process/handle/thread is preventing it from installing properly. MowGreen ================ * -343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked Darryl wrote: > Thanks again for the help, Mow. > > The unregister/register of winhttp5.dll worked without any errors. > > kxentovz.dll is one of the dlls belonging to software that we have written > here, so it is Ok. > > I think rockvdd.dll may be left over from something the prior owner of this > machine installed long ago. I think it is benign based on info I found here: > http://www.siteadvisor.com/sites/rockey.gr/downloads/2178178/ > > AppRemover did not find any remnants of security software to be removed. It > only found my installation of Malware AntiBytes. > > Early on in all this, I installed and ran AntiBytes and it found some things > that I quarantined and removed: > > Registry Keys Infected: > HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} > (Adware.Winad) -> Quarantined and deleted successfully. > HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} > (Adware.Winad) -> Quarantined and deleted successfully. > HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} > (Adware.Winad) -> Quarantined and deleted successfully. > HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} > (Rogue.DriveCleaner) -> Quarantined and deleted successfully. > HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and > deleted successfully. > > Getting rid of these things did not solve my problem, though. > > I ran it again as you suggested and it found more items, which were probably > not causing any problems. I quarantined them and removed them anyway: > > Files Infected: > C:\Documents and Settings\joncmartin\Local Settings\Temp\res88B.tmp > (Adware.180olutions) -> Quarantined and deleted successfully. > C:\Program Files\Microsoft > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\6C755816-4BC4-4E67-B68F-31930B (Adware.180olutions) -> Quarantined and deleted successfully. > C:\Program Files\Microsoft > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\D8CEB3A0-F20D-4A91-A424-1CDAB6 (Adware.180olutions) -> Quarantined and deleted successfully. > C:\Program Files\Microsoft > AntiSpyware\Quarantine\547A6688-0AE7-4F21-8599-6C7272\FBC29733-84E4-4766-9ABB-D365FA (Adware.180olutions) -> Quarantined and deleted successfully. > > I'm starting to think that the only solution is going to be repaving this > machine! > >
From: Darryl on 28 Jan 2010 16:32 Mow, you're right, I had messed up the winhttp registration/unregistration. Went back and redid it, but still no error messages. I tried to install from the D:\ drive, stopping the services first and clearing out the distribution folder as instructed, but got that same old error again. I downloaded and installed the Process Monitor. I set up a filter for windowsupdateagent30-x86, cleared the display and ran the installer. Scanning through the items (and not being very familiar with interpreting the entries), I finally decided that based on the WindowsUpdate.log, it looked like what was failing was wusetup, not windowsupdateagent30-x86 itself. So I set another filter for wusetup, cleared the display, and ran the installer again. Again, I'm not sure how to interpret the entries, but if you would like to take a look, I saved the log and you can get it here: http://darrylsimagehost.s3.amazonaws.com/Logfile.PML Hoping you'll find the silver bullet in there! (and thanks again!) "MowGreen" wrote: > You're mowst welcome, Darryl. > Previously, I suggested the unregistering of winhttp5.dll and the re > registering of *winhttp.dll*. > Did you mistakenly re register winhttp5.dll ? > > Before proceeding, I can see there are at least 2 partitions involved, C > and D. Suggest you download another copy of the WUA and place it on the > partition where the Windows directory is *not* installed, which I assume > is D:\ - > http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe > > Then stop the AU and BITS services. > ( Adding the /force switch to the executable prior to running it should > not have be done when the services are stopped. ) > Next, show hidden files, folders, and system files: > http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp > > Using Windows Explorer, navigate to > WINDOWS\Software Distribution > Open the Software Distribution subfolder and delete *all* of it's > subfolders. > The only thing left now in the Software Distribution subfolder should be > the ReportingEvents.log > Now run windowsupdateagent30-x86.exe from the D partition and then > restart the system. > See if it can search for updates now. > > If no joy, the only other suggestion left is to download, save, and then > run Process Monitor when you try to install the Windows Update Agent. > You could set a filter for the executable, windowsupdateagent30-x86.exe, > and perhaps see which process/handle/thread is preventing it from > installing properly. > > > MowGreen > ================ > * -343-* FDNY > Never Forgotten > ================ > > banthecheck.com > "Security updates should *never* have *non-security content* prechecked > > > > > Darryl wrote: > > Thanks again for the help, Mow. > > > > The unregister/register of winhttp5.dll worked without any errors. > > > > kxentovz.dll is one of the dlls belonging to software that we have written > > here, so it is Ok. > > > > I think rockvdd.dll may be left over from something the prior owner of this > > machine installed long ago. I think it is benign based on info I found here: > > http://www.siteadvisor.com/sites/rockey.gr/downloads/2178178/ > > > > AppRemover did not find any remnants of security software to be removed. It > > only found my installation of Malware AntiBytes. > > > > Early on in all this, I installed and ran AntiBytes and it found some things > > that I quarantined and removed: > > > > Registry Keys Infected: > > HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} > > (Adware.Winad) -> Quarantined and deleted successfully. > > HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} > > (Adware.Winad) -> Quarantined and deleted successfully. > > HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} > > (Adware.Winad) -> Quarantined and deleted successfully. > > HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} > > (Rogue.DriveCleaner) -> Quarantined and deleted successfully. > > HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and > > deleted successfully. > > > > Getting rid of these things did not solve my problem, though. > > > > I ran it again as you suggested and it found more items, which were probably > > not causing any problems. I quarantined them and removed them anyway: > > > > Files Infected: > > C:\Documents and Settings\joncmartin\Local Settings\Temp\res88B.tmp > > (Adware.180olutions) -> Quarantined and deleted successfully. > > C:\Program Files\Microsoft > > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\6C755816-4BC4-4E67-B68F-31930B (Adware.180olutions) -> Quarantined and deleted successfully. > > C:\Program Files\Microsoft > > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\D8CEB3A0-F20D-4A91-A424-1CDAB6 (Adware.180olutions) -> Quarantined and deleted successfully. > > C:\Program Files\Microsoft > > AntiSpyware\Quarantine\547A6688-0AE7-4F21-8599-6C7272\FBC29733-84E4-4766-9ABB-D365FA (Adware.180olutions) -> Quarantined and deleted successfully. > > > > I'm starting to think that the only solution is going to be repaving this > > machine! > > > > > . >
From: MowGreen on 28 Jan 2010 20:22 Well, I didn't an obvious cause of the WUA failing to be updated, Darryl. There are no failures showing in the log. It very well may signify that either the HD has bad sectors or the memory may be starting to go kaput. The only other thing I can think of is that there's a minifilter still present that may have been installed by Trend. From: http://support.microsoft.com/kb/922582 " Click Start, click Run, type cmd, and then click OK. Type fltmc.exe, and then press ENTER. The following example shows a legacy filter and minifilters: Filter Name Num Instances Frame ------------------------------ ------------------ -------- TestLegacyFilter <Legacy> TestMiniFilter1 4 1 TestMiniFilter2 0 0 The following example shows only minifilters: Filter Name Num Instances Frame ------------------------------ ------------------ -------- TestMiniFilter1 4 1 TestMiniFilter2 0 0 " Please post back with the results of running filtmc.exe. MowGreen ================ * -343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked Darryl wrote: > Mow, you're right, I had messed up the winhttp registration/unregistration. > Went back and redid it, but still no error messages. > > I tried to install from the D:\ drive, stopping the services first and > clearing out the distribution folder as instructed, but got that same old > error again. > > I downloaded and installed the Process Monitor. I set up a filter for > windowsupdateagent30-x86, cleared the display and ran the installer. > Scanning through the items (and not being very familiar with interpreting the > entries), I finally decided that based on the WindowsUpdate.log, it looked > like what was failing was wusetup, not windowsupdateagent30-x86 itself. So I > set another filter for wusetup, cleared the display, and ran the installer > again. Again, I'm not sure how to interpret the entries, but if you would > like to take a look, I saved the log and you can get it here: > http://darrylsimagehost.s3.amazonaws.com/Logfile.PML > > Hoping you'll find the silver bullet in there! (and thanks again!) > > "MowGreen" wrote: > >> You're mowst welcome, Darryl. >> Previously, I suggested the unregistering of winhttp5.dll and the re >> registering of *winhttp.dll*. >> Did you mistakenly re register winhttp5.dll ? >> >> Before proceeding, I can see there are at least 2 partitions involved, C >> and D. Suggest you download another copy of the WUA and place it on the >> partition where the Windows directory is *not* installed, which I assume >> is D:\ - >> http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe >> >> Then stop the AU and BITS services. >> ( Adding the /force switch to the executable prior to running it should >> not have be done when the services are stopped. ) >> Next, show hidden files, folders, and system files: >> http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp >> >> Using Windows Explorer, navigate to >> WINDOWS\Software Distribution >> Open the Software Distribution subfolder and delete *all* of it's >> subfolders. >> The only thing left now in the Software Distribution subfolder should be >> the ReportingEvents.log >> Now run windowsupdateagent30-x86.exe from the D partition and then >> restart the system. >> See if it can search for updates now. >> >> If no joy, the only other suggestion left is to download, save, and then >> run Process Monitor when you try to install the Windows Update Agent. >> You could set a filter for the executable, windowsupdateagent30-x86.exe, >> and perhaps see which process/handle/thread is preventing it from >> installing properly. >> >> >> MowGreen >> ================ >> * -343-* FDNY >> Never Forgotten >> ================ >> >> banthecheck.com >> "Security updates should *never* have *non-security content* prechecked >> >> >> >> >> Darryl wrote: >>> Thanks again for the help, Mow. >>> >>> The unregister/register of winhttp5.dll worked without any errors. >>> >>> kxentovz.dll is one of the dlls belonging to software that we have written >>> here, so it is Ok. >>> >>> I think rockvdd.dll may be left over from something the prior owner of this >>> machine installed long ago. I think it is benign based on info I found here: >>> http://www.siteadvisor.com/sites/rockey.gr/downloads/2178178/ >>> >>> AppRemover did not find any remnants of security software to be removed. It >>> only found my installation of Malware AntiBytes. >>> >>> Early on in all this, I installed and ran AntiBytes and it found some things >>> that I quarantined and removed: >>> >>> Registry Keys Infected: >>> HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} >>> (Adware.Winad) -> Quarantined and deleted successfully. >>> HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} >>> (Adware.Winad) -> Quarantined and deleted successfully. >>> HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} >>> (Adware.Winad) -> Quarantined and deleted successfully. >>> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} >>> (Rogue.DriveCleaner) -> Quarantined and deleted successfully. >>> HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and >>> deleted successfully. >>> >>> Getting rid of these things did not solve my problem, though. >>> >>> I ran it again as you suggested and it found more items, which were probably >>> not causing any problems. I quarantined them and removed them anyway: >>> >>> Files Infected: >>> C:\Documents and Settings\joncmartin\Local Settings\Temp\res88B.tmp >>> (Adware.180olutions) -> Quarantined and deleted successfully. >>> C:\Program Files\Microsoft >>> AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\6C755816-4BC4-4E67-B68F-31930B (Adware.180olutions) -> Quarantined and deleted successfully. >>> C:\Program Files\Microsoft >>> AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\D8CEB3A0-F20D-4A91-A424-1CDAB6 (Adware.180olutions) -> Quarantined and deleted successfully. >>> C:\Program Files\Microsoft >>> AntiSpyware\Quarantine\547A6688-0AE7-4F21-8599-6C7272\FBC29733-84E4-4766-9ABB-D365FA (Adware.180olutions) -> Quarantined and deleted successfully. >>> >>> I'm starting to think that the only solution is going to be repaving this >>> machine! >>> >>> >> . >>
From: Robert Aldwinckle on 28 Jan 2010 21:57
"Darryl" <Darryl(a)discussions.microsoft.com> wrote in message news:7897B33C-6215-4E83-815F-1CBB5BAB08EA(a)microsoft.com... > Mow, you're right, I had messed up the winhttp registration/unregistration. > Went back and redid it, but still no error messages. > > I tried to install from the D:\ drive, stopping the services first and > clearing out the distribution folder as instructed, but got that same old > error again. > > I downloaded and installed the Process Monitor. I set up a filter for > windowsupdateagent30-x86, cleared the display and ran the installer. > Scanning through the items (and not being very familiar with interpreting the > entries), I finally decided that based on the WindowsUpdate.log, it looked > like what was failing was wusetup, not windowsupdateagent30-x86 itself. So I > set another filter for wusetup, cleared the display, and ran the installer > again. Again, I'm not sure how to interpret the entries, but if you would > like to take a look, I saved the log and you can get it here: > http://darrylsimagehost.s3.amazonaws.com/Logfile.PML Filter on Operation Contains WRITE to find C:\$PrepareToShrinkFileSize WTH is that? Notice that it is surrounded by a bunch of WU.log writes; so you should be able to use the pattern of their timestamps and lengths to see if there is anything interesting in the log which explains that. Tip: I use Notepad with its Status line on and press End to find out which lines end where. ; ) > > Hoping you'll find the silver bullet in there! (and thanks again!) > > "MowGreen" wrote: > >> You're mowst welcome, Darryl. >> Previously, I suggested the unregistering of winhttp5.dll and the re >> registering of *winhttp.dll*. >> Did you mistakenly re register winhttp5.dll ? >> >> Before proceeding, I can see there are at least 2 partitions involved, C >> and D. Suggest you download another copy of the WUA and place it on the >> partition where the Windows directory is *not* installed, which I assume >> is D:\ - >> http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe >> >> Then stop the AU and BITS services. >> ( Adding the /force switch to the executable prior to running it should >> not have be done when the services are stopped. ) >> Next, show hidden files, folders, and system files: >> http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp >> >> Using Windows Explorer, navigate to >> WINDOWS\Software Distribution >> Open the Software Distribution subfolder and delete *all* of it's >> subfolders. >> The only thing left now in the Software Distribution subfolder should be >> the ReportingEvents.log >> Now run windowsupdateagent30-x86.exe from the D partition and then >> restart the system. >> See if it can search for updates now. >> >> If no joy, the only other suggestion left is to download, save, and then >> run Process Monitor when you try to install the Windows Update Agent. >> You could set a filter for the executable, windowsupdateagent30-x86.exe, >> and perhaps see which process/handle/thread is preventing it from >> installing properly. >> >> >> MowGreen >> ================ >> * -343-* FDNY >> Never Forgotten >> ================ >> >> banthecheck.com >> "Security updates should *never* have *non-security content* prechecked >> >> >> >> >> Darryl wrote: >> > Thanks again for the help, Mow. >> > >> > The unregister/register of winhttp5.dll worked without any errors. >> > >> > kxentovz.dll is one of the dlls belonging to software that we have written >> > here, so it is Ok. >> > >> > I think rockvdd.dll may be left over from something the prior owner of this >> > machine installed long ago. I think it is benign based on info I found here: >> > http://www.siteadvisor.com/sites/rockey.gr/downloads/2178178/ >> > >> > AppRemover did not find any remnants of security software to be removed. It >> > only found my installation of Malware AntiBytes. >> > >> > Early on in all this, I installed and ran AntiBytes and it found some things >> > that I quarantined and removed: >> > >> > Registry Keys Infected: >> > HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} >> > (Adware.Winad) -> Quarantined and deleted successfully. >> > HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} >> > (Adware.Winad) -> Quarantined and deleted successfully. >> > HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} >> > (Adware.Winad) -> Quarantined and deleted successfully. >> > HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} >> > (Rogue.DriveCleaner) -> Quarantined and deleted successfully. >> > HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and >> > deleted successfully. >> > >> > Getting rid of these things did not solve my problem, though. >> > >> > I ran it again as you suggested and it found more items, which were probably >> > not causing any problems. I quarantined them and removed them anyway: >> > >> > Files Infected: >> > C:\Documents and Settings\joncmartin\Local Settings\Temp\res88B.tmp >> > (Adware.180olutions) -> Quarantined and deleted successfully. >> > C:\Program Files\Microsoft >> > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\6C755816-4BC4-4E67-B68F-31930B (Adware.180olutions) -> Quarantined and >> > deleted successfully. >> > C:\Program Files\Microsoft >> > AntiSpyware\Quarantine\28B36EAB-3A20-47BF-BB9A-9B4B89\D8CEB3A0-F20D-4A91-A424-1CDAB6 (Adware.180olutions) -> Quarantined and >> > deleted successfully. >> > C:\Program Files\Microsoft >> > AntiSpyware\Quarantine\547A6688-0AE7-4F21-8599-6C7272\FBC29733-84E4-4766-9ABB-D365FA (Adware.180olutions) -> Quarantined and >> > deleted successfully. >> > >> > I'm starting to think that the only solution is going to be repaving this >> > machine! >> > >> > >> . >> |