Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Windows update failing

91 views
Skip to first unread message

Chris Lucas

unread,
Nov 14, 2008, 2:42:12 PM11/14/08
to
On a HP laptop, with Vista Business SP1 installed, Windows update has started
failing, and at the same time, there are a large number of unexpected effects
occurring in usage (host services failing, etc).

The original failure was 800706BA, but this has now progressed to 800706BF.
The BITS repair tool fails, saying there is nothing to repair. RPCSS is
running.

Any ideas as to what to do now would be appreciated - and also probable cause
of this unpleasant situation.

Thanks!

MowGreen [MVP]

unread,
Nov 14, 2008, 3:43:47 PM11/14/08
to
Chris,


800706BA The RPC server is unavailable.
800706BF The remote procedure call failed and did not execute.

*Right* click My Computer either on the Desktop or Start Menu and choose
Manage [follow any UAC prompts to allow it to run if need be]
In the middle frame double left click Services and Applications.
Do the same for Services.
Check these startup settings:

Remote Procedure Call (RPC) - Automatic
Remote Procedure Call (RPC) Locator - Manual

IF the settings are as listed, read on ...

Is a 3rd party software firewall being used ?
If yes, disable it and enable the native Vista firewall.
See if the system can update now.

IF no 3rd party is in play, what is the installed antivirus/security suite ?


MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============

Chris Lucas

unread,
Nov 14, 2008, 6:03:00 PM11/14/08
to
Thanks for this.

1/ Both RPC services are already set as you suggest
2/ Firewall is Windows F/W
3/ A/V is Trend Micro Internet Security 2009

Hope this helps, and look forward to your response - thanks.

Chris

PA Bear [MS MVP]

unread,
Nov 14, 2008, 6:08:55 PM11/14/08
to
<kibbitz>

Trend Micro Internet Security 2009 includes a firewall. You don't want both
firewalls enabled, Chris.

What "internet security" suite or anti-virus application was installed
before you installed Trend Micro Internet Security 2009?

</kibbitz>
--
~PA Bear

Chris Lucas wrote:
> Thanks for this.
>
> 1/ Both RPC services are already set as you suggest
> 2/ Firewall is Windows F/W
> 3/ A/V is Trend Micro Internet Security 2009
>
> Hope this helps, and look forward to your response - thanks.
>

> "MowGreen [MVP]" wrote:
>> 800706BA The RPC server is unavailable.
>> 800706BF The remote procedure call failed and did not execute.
>>
>> *Right* click My Computer either on the Desktop or Start Menu and choose
>> Manage [follow any UAC prompts to allow it to run if need be]
>> In the middle frame double left click Services and Applications.
>> Do the same for Services.
>> Check these startup settings:
>>
>> Remote Procedure Call (RPC) - Automatic
>> Remote Procedure Call (RPC) Locator - Manual
>>
>> IF the settings are as listed, read on ...
>>
>> Is a 3rd party software firewall being used ?
>> If yes, disable it and enable the native Vista firewall.
>> See if the system can update now.
>>
>> IF no 3rd party is in play, what is the installed antivirus/security
>> suite?
>>

Chris Lucas

unread,
Nov 14, 2008, 6:31:01 PM11/14/08
to
Thanks - the Trend F/W is not activated, the Windows F/W is fine, survives
most pen tests...

Before Trend Micro 2009, I has Trend Micro 2008. 2009 has been installed
for about 3 months, no problems till now. The problem with Windows Update
(and the rest of the "collapsing" services is about 3 days old.

PA Bear [MS MVP]

unread,
Nov 14, 2008, 7:05:01 PM11/14/08
to
Thank you. Please await Mow's next reply to your thread.

MowGreen [MVP]

unread,
Nov 15, 2008, 6:27:02 AM11/15/08
to
Chris ... download and save AU Check (v78a):
http://www.codeplex.com/aureset/Release/ProjectReleases.aspx?ReleaseId=17263

Disable Trend temporarily, including all services and processes
associated with it. Either consult the User Guide, Trend's web site, or
use MSConfig to disable all of it's services.
Run au_check_v78a_codeplex.exe by *right* clicking it and choosing 'Run
as administrator'. Follow the prompts.
Allow some time for it to complete it's operation and reboot after it's
done.
Try to update now.

MowGreen [MVP 2003-200]9]


===============
*-343-* FDNY
Never Forgotten
===============

PA Bear [MS MVP] wrote:

Chris Lucas

unread,
Nov 15, 2008, 9:46:01 AM11/15/08
to
Mow

1/ Thanks - did all of this. The good news is that Aero has come back.
The bad news is that although Windows Update managed to identify the required
updates, it then failed to install, error code 800706BA. Error is
consistent, I have retried.

At the end of this, there were 17 instances of svchost.exe shown as running,
and a dialogue box appeared saying:

"Host Process for Windows Services stopped working and was closed.

A problem caused the application to stop working correctly. Windows will
notify you if a solution is available"

2/ I think I mentioned that I tried to do a BITS repair and that the repair
tool advised that BITS repair was not required - sfc/scannow returns:

"Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Chris Lucas>cd\

C:\>sfc/scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some
of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\>"

The tail of the log file indicates a corrupt qmgr.dll - it appears that both
the "live" file, and the source are corrupt (see tail below) - could this be
the root of the problem? If so, I can copy a qmgr.dll (identical version and
size) from another Vista machine available to me - just not sure how to copy
the file across, given that qmgr.dll will be open. Is there a safe download
for this file from Microsoft? Tail follows:

"POQ 63 ends.
2008-11-15 14:33:38, Info CSI 00000162 [SR] Verify
complete
2008-11-15 14:33:38, Info CSI 00000163 [SR] Repairing 1
components
2008-11-15 14:33:38, Info CSI 00000164 [SR] Beginning
Verify and Repair transaction
2008-11-15 14:33:38, Info CSI 00000165 Hashes for file
member
\SystemRoot\WinSxS\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
do not match actual file [l:16{8}]"qmgr.dll" :
Found: {l:32 b:ScKp+5jFLhLGBnC2rsI7ZVgLr8fL0Aaqv5OCHa9uJjo=} Expected:
{l:32 b:DfzQPLln0amA1WEkYD81PcHYAOOl5Dbu6Vxl/eFzmM8=}
2008-11-15 14:33:38, Info CSI 00000166 [SR] Cannot
repair member file [l:16{8}]"qmgr.dll" of Microsoft-Windows-Bits-Client,
Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture
neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35},
Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2008-11-15 14:33:38, Info CSI 00000167 Hashes for file
member
\SystemRoot\WinSxS\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
do not match actual file [l:16{8}]"qmgr.dll" :
Found: {l:32 b:ScKp+5jFLhLGBnC2rsI7ZVgLr8fL0Aaqv5OCHa9uJjo=} Expected:
{l:32 b:DfzQPLln0amA1WEkYD81PcHYAOOl5Dbu6Vxl/eFzmM8=}
2008-11-15 14:33:38, Info CSI 00000168 [SR] Cannot
repair member file [l:16{8}]"qmgr.dll" of Microsoft-Windows-Bits-Client,
Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture
neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35},
Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2008-11-15 14:33:38, Info CSI 00000169 Hashes for file
member \??\C:\windows\System32\qmgr.dll do not match actual file
[l:16{8}]"qmgr.dll" :
Found: {l:32 b:ScKp+5jFLhLGBnC2rsI7ZVgLr8fL0Aaqv5OCHa9uJjo=} Expected:
{l:32 b:DfzQPLln0amA1WEkYD81PcHYAOOl5Dbu6Vxl/eFzmM8=}
2008-11-15 14:33:38, Info CSI 0000016a Hashes for file
member
\SystemRoot\WinSxS\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
do not match actual file [l:16{8}]"qmgr.dll" :
Found: {l:32 b:ScKp+5jFLhLGBnC2rsI7ZVgLr8fL0Aaqv5OCHa9uJjo=} Expected:
{l:32 b:DfzQPLln0amA1WEkYD81PcHYAOOl5Dbu6Vxl/eFzmM8=}
2008-11-15 14:33:38, Info CSI 0000016b [SR] Could not
reproject corrupted file
[ml:520{260},l:46{23}]"\??\C:\windows\System32"\[l:16{8}]"qmgr.dll"; source
file in store is also corrupted
2008-11-15 14:33:38, Info CSI 0000016c Repair results
created:
POQ 64 starts:
0: Move File: Source =
[l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\19f35d262f47c901321c0000e4058413._0000000000000000.cdf-ms",
Destination =
[l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"

POQ 64 ends.
2008-11-15 14:33:38, Info CSI 0000016d [SR] Repair
complete
2008-11-15 14:33:39, Info CSI 0000016e [SR] Committing
transaction
2008-11-15 14:33:39, Info CSI 0000016f Creating NT
transaction (seq 1), objectname [6]"(null)"
2008-11-15 14:33:39, Info CSI 00000170 Created NT
transaction (seq 1) result 0x00000000, handle @0x178c
2008-11-15 14:33:39, Info CSI
00000171@2008/11/15:14:33:39.154 CSI perf trace:
CSIPERF:TXCOMMIT;103851
2008-11-15 14:33:39, Info CSI 00000172 [SR] Verify and
Repair Transaction completed. All files and registry keys listed in this
transaction have been successfully repaired"

Thanks

Chris

MowGreen [MVP]

unread,
Nov 15, 2008, 2:12:23 PM11/15/08
to
Was Trend actively monitoring the system during the application of SP1
and when was it applied ?
That *may* account for the file mismatch in WinSxS.
Before doing any of the below, check the WindowsUpdate.log located in
WINDOWS [ Click Start > Start Search > type in windowsupdate.log > click
Search ]
Look to see if the updates were downloaded or if there are any FATAL or
WARNING entries with accompanying error codes:

How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093

AU Check should have replaced all BITS related files when it was run.
It created an AULOGS folder on the root drive. The logs are stored in
.cab files that can be extracted as .zip files are.
After you decompress the data.CAB and progress.CAB, drill down in the to
the data subfolder and open the Fileversions.txt.
Under BITS / WinHTTP File versions: check to see which versions were
installed, or supposedly, installed.

Also, check the progress.log located in the progress subfolder.
Check the ' ---Enumerating files used by BITS--- ' section to see if any
errors are present.

I don't think you can move system files from one Vista system to another
as in previous Windows OS' due to security descriptors. AFAIK, the
bits-related files should be at a much higher V. then what is showing in
WinSxS, Chris.

Hold on a sec ... has this update been offered or installed yet ? -
Update for Windows Vista (KB956774)
http://www.microsoft.com/downloads/details.aspx?FamilyId=E8D89C80-3D82-4C7B-B63E-BFAF77DC394F&displaylang=en


MowGreen [MVP 2003-2009]


===============
*-343-* FDNY
Never Forgotten

================

PA Bear [MS MVP]

unread,
Nov 15, 2008, 4:30:35 PM11/15/08
to
[Is KB956774 being offered by Windows Update? Dunno 'bout you but I'm
a-smellin' hijackware here, BroMow.]

MowGreen [MVP] wrote:
<snippage>

Chris Lucas

unread,
Nov 16, 2008, 5:05:01 AM11/16/08
to
Quite a lot there! OK....

1/ I have tried to install KB956774 - it fails with:

"Installer encountered an error: 0x800706be

The RPC failed"

- cannot tell whether it has been offered through Windows Update - WU will
not let me check through UI, and log file does not refernce files by KB ref.

2/ Reference windowsupdate.log, it is riddled with FATAL and WARNING
messages - the odd intermittent ones in the past, and then all attempts over
the last few days. I have pasted the tail between the ~s below, to give you
a flavour of the content.

3/ Trend was not monitoring the SP1 install, the OS is an HP OEM OS, with
SP1 included

4/ Ref BITS versions in AULOGS data, these are the entries:

BITS / WinHTTP File Versions:
------------------------------------------------------------------------------
--a-- W32i DLL ENU 7.0.6000.16386 shp 10,752 11-02-2006 bitsprx2.dll
--a-- W32i DLL ENU 7.0.6000.16386 shp 9,728 11-02-2006 bitsprx3.dll
--a-- W32i DLL ENU 7.0.6001.18000 shp 758,272 01-21-2008 qmgr.dll
--a-- W32i DLL ENU 7.0.6000.16386 shp 20,480 11-02-2006 qmgrprxy.dll
--a-- W32i DRV ENU 6.0.6001.18000 shp 401,408 01-21-2008 http.sys
--a-- W32i DLL ENU 6.0.6001.18000 shp 376,832 01-21-2008 winhttp.dll

5/ There are no errors in the AULOGS progress section

6/ Have run Hijack this, there are one or 2 entries where the origin is not
100% clear, but not the usual sort of thing you see with a Trojan, etc - can
send you the verbatim log if required.

Thanks!

Chris

~~~~~~~~~~~~~~~~~~~~~~~~

2008-11-15 14:20:17:841 3176 14d8 Service *************
2008-11-15 14:20:17:845 3176 14d8 Service ** START ** Service: Service
startup
2008-11-15 14:20:17:845 3176 14d8 Service *********
2008-11-15 14:20:17:922 3176 14d8 Agent * WU client version 7.2.6001.788
2008-11-15 14:20:17:923 3176 14d8 Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 14:20:17:923 3176 14d8 Agent * Access type: No proxy
2008-11-15 14:20:18:076 3176 14d8 Agent * Network state: Connected
2008-11-15 14:20:18:167 3176 14d8 Setup WARNING: SelfUpdate is in an error
state
2008-11-15 14:20:18:547 3176 11e0 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 14:20:18:548 3176 11e0 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 14:20:18:548 3176 11e0 Agent * WSUS server: <NULL>
2008-11-15 14:20:18:548 3176 11e0 Agent * WSUS status server: <NULL>
2008-11-15 14:20:18:548 3176 11e0 Agent * Target group: (Unassigned
Computers)
2008-11-15 14:20:18:548 3176 11e0 Agent * Windows Update access disabled: No
2008-11-15 14:20:19:685 3176 14d8 Report *********** Report: Initializing
static reporting data ***********
2008-11-15 14:20:19:685 3176 14d8 Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 14:20:19:685 3176 14d8 Report * OS Product Type = 0x00000006
2008-11-15 14:20:19:914 3176 14d8 Report * Computer Brand = Hewlett-Packard
2008-11-15 14:20:19:914 3176 14d8 Report * Computer Model = HP Compaq 6735s
2008-11-15 14:20:19:921 3176 14d8 Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 14:20:19:922 3176 14d8 Report * Bios Name = Default System BIOS
2008-11-15 14:20:19:922 3176 14d8 Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 14:20:19:922 3176 14d8 Report * Locale ID = 2057
2008-11-15 14:20:20:408 3176 11e0 Agent * Found 17 persisted download
calls to restore
2008-11-15 14:20:20:908 3176 11e0 DnldMgr Download manager restoring 17
downloads
2008-11-15 14:20:23:325 3176 11e0 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 14:20:23:343 3176 11e0 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 14:20:23:343 3176 11e0 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 14:20:23:344 3176 11e0 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 14:20:23:344 3176 11e0 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:20:23:345 3176 11e0 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 14:20:24:607 3176 11e0 DnldMgr * Restored download job.
2008-11-15 14:20:24:826 3176 11e0 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 14:20:24:826 3176 11e0 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 14:20:24:826 3176 11e0 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:20:24:842 3176 11e0 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 14:20:24:959 3176 11e0 DnldMgr * Restored download job.
2008-11-15 14:21:29:093 2232 1554 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 14:21:29:093 2232 1554 Misc = Process: C:\windows\Explorer.EXE
2008-11-15 14:21:29:093 2232 1554 Misc = Module:
C:\windows\system32\wucltux.dll
2008-11-15 14:21:29:093 2232 1554 WUApp WARNING: Cannot load updates because
AU service is not available, hr=80010108
2008-11-15 14:21:29:093 2232 1554 WUApp WARNING: Failed to load the update
list, error 80010108
2008-11-15 14:21:29:093 2232 1554 WUApp WARNING: Failed to populate update
list with error 80010108
2008-11-15 14:21:30:239 4032 1178 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 14:21:30:240 4032 1178 Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 14:21:30:240 4032 1178 Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 14:21:30:234 4032 1178 Service *************
2008-11-15 14:21:30:240 4032 1178 Service ** START ** Service: Service
startup
2008-11-15 14:21:30:240 4032 1178 Service *********
2008-11-15 14:21:30:273 4032 1178 Agent * WU client version 7.2.6001.788
2008-11-15 14:21:30:274 4032 1178 Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 14:21:30:583 4032 1178 Agent * Access type: No proxy
2008-11-15 14:21:30:621 4032 1178 Agent * Network state: Connected
2008-11-15 14:21:30:640 4032 1178 Setup WARNING: SelfUpdate is in an error
state
2008-11-15 14:21:30:791 4032 8d0 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 14:21:30:796 4032 8d0 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 14:21:30:803 4032 8d0 Agent * WSUS server: <NULL>
2008-11-15 14:21:30:803 4032 8d0 Agent * WSUS status server: <NULL>
2008-11-15 14:21:30:803 4032 8d0 Agent * Target group: (Unassigned
Computers)
2008-11-15 14:21:30:803 4032 8d0 Agent * Windows Update access disabled: No
2008-11-15 14:21:31:825 4032 1178 Report *********** Report: Initializing
static reporting data ***********
2008-11-15 14:21:31:825 4032 1178 Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 14:21:31:825 4032 1178 Report * OS Product Type = 0x00000006
2008-11-15 14:21:32:053 4032 1178 Report * Computer Brand = Hewlett-Packard
2008-11-15 14:21:32:053 4032 1178 Report * Computer Model = HP Compaq 6735s
2008-11-15 14:21:32:059 4032 1178 Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 14:21:32:059 4032 1178 Report * Bios Name = Default System BIOS
2008-11-15 14:21:32:059 4032 1178 Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 14:21:32:059 4032 1178 Report * Locale ID = 2057
2008-11-15 14:21:32:775 4032 8d0 Agent * Found 17 persisted download calls
to restore
2008-11-15 14:21:33:326 4032 8d0 DnldMgr Download manager restoring 17
downloads
2008-11-15 14:21:36:261 4032 8d0 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 14:21:36:262 4032 8d0 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 14:21:36:262 4032 8d0 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 14:21:36:263 4032 8d0 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 14:21:36:263 4032 8d0 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:21:36:264 4032 8d0 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 14:21:37:041 4032 8d0 DnldMgr * Restored download job.
2008-11-15 14:21:37:048 4032 8d0 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 14:21:37:048 4032 8d0 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 14:21:37:048 4032 8d0 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:21:37:074 4032 8d0 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 14:21:37:266 4032 8d0 DnldMgr * Restored download job.
2008-11-15 14:22:07:329 2232 1554 WUApp WARNING: Error displaying Opted In
Service summary: 80070005
2008-11-15 14:22:18:977 1860 169c Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 14:22:18:977 1860 169c Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 14:22:18:977 1860 169c Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 14:22:18:969 1860 169c Service *************
2008-11-15 14:22:18:977 1860 169c Service ** START ** Service: Service
startup
2008-11-15 14:22:18:978 1860 169c Service *********
2008-11-15 14:22:19:148 1860 169c Agent * WU client version 7.2.6001.788
2008-11-15 14:22:19:149 1860 169c Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 14:22:19:402 1860 169c Agent * Access type: No proxy
2008-11-15 14:22:19:420 1860 169c Agent * Network state: Connected
2008-11-15 14:22:19:431 1860 169c Setup WARNING: SelfUpdate is in an error
state
2008-11-15 14:22:19:457 1860 a00 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 14:22:19:457 1860 a00 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 14:22:19:457 1860 a00 Agent * WSUS server: <NULL>
2008-11-15 14:22:19:457 1860 a00 Agent * WSUS status server: <NULL>
2008-11-15 14:22:19:457 1860 a00 Agent * Target group: (Unassigned
Computers)
2008-11-15 14:22:19:457 1860 a00 Agent * Windows Update access disabled: No
2008-11-15 14:22:21:115 1860 a00 Agent * Found 17 persisted download calls
to restore
2008-11-15 14:22:21:676 1860 a00 DnldMgr Download manager restoring 17
downloads
2008-11-15 14:22:25:119 1860 a00 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 14:22:25:127 1860 a00 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 14:22:25:128 1860 a00 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 14:22:25:128 1860 a00 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 14:22:25:128 1860 a00 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:22:25:154 1860 a00 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 14:22:25:933 1860 a00 DnldMgr * Restored download job.
2008-11-15 14:22:26:007 1860 a00 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 14:22:26:007 1860 a00 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 14:22:26:007 1860 a00 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 14:22:26:008 1860 a00 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 14:22:26:087 1860 a00 DnldMgr * Restored download job.
2008-11-15 14:22:56:437 1860 169c Report *********** Report: Initializing
static reporting data ***********
2008-11-15 14:22:56:438 1860 169c Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 14:22:56:438 1860 169c Report * OS Product Type = 0x00000006
2008-11-15 14:22:56:600 1860 169c Report * Computer Brand = Hewlett-Packard
2008-11-15 14:22:56:600 1860 169c Report * Computer Model = HP Compaq 6735s
2008-11-15 14:22:56:605 1860 169c Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 14:22:56:605 1860 169c Report * Bios Name = Default System BIOS
2008-11-15 14:22:56:605 1860 169c Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 14:22:56:605 1860 169c Report * Locale ID = 2057
2008-11-15 14:23:02:108 2232 1554 WUApp WARNING: Failed to initiate
detection, hr=800706BA
2008-11-15 22:06:09:655 3736 b60 Misc =========== Logging initialized
(build: 7.2.6001.784, tz: -0000) ===========
2008-11-15 22:06:09:655 3736 b60 Misc = Process:
C:\windows\system32\wusa.exe
2008-11-15 22:06:09:655 3736 b60 Misc = Module:
C:\Windows\system32\wuapi.dll
2008-11-15 22:06:09:636 3736 b60 COMAPI ----------- COMAPI:
IUpdateServiceManager::AddScanPackageService -----------
2008-11-15 22:06:09:655 3736 b60 COMAPI - ServiceName = Windows Update
Standalone Installer
2008-11-15 22:06:09:655 3736 b60 COMAPI - ScanFileLocation =
C:\fa7cb24874a033d9055421\wsusscan.cab
2008-11-15 22:06:10:331 5616 a9c Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 22:06:10:331 5616 a9c Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 22:06:10:331 5616 a9c Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 22:06:10:267 5616 a9c Service *************
2008-11-15 22:06:10:332 5616 a9c Service ** START ** Service: Service startup
2008-11-15 22:06:10:332 5616 a9c Service *********
2008-11-15 22:06:10:448 5616 a9c Agent * WU client version 7.2.6001.788
2008-11-15 22:06:10:450 5616 a9c Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 22:06:10:616 5616 a9c Agent * Access type: No proxy
2008-11-15 22:06:10:630 5616 a9c Agent * Network state: Connected
2008-11-15 22:06:10:668 5616 a9c Setup WARNING: SelfUpdate is in an error
state
2008-11-15 22:06:10:719 5616 860 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 22:06:10:720 5616 860 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 22:06:10:720 5616 860 Agent * WSUS server: <NULL>
2008-11-15 22:06:10:720 5616 860 Agent * WSUS status server: <NULL>
2008-11-15 22:06:10:720 5616 860 Agent * Target group: (Unassigned
Computers)
2008-11-15 22:06:10:720 5616 860 Agent * Windows Update access disabled: No
2008-11-15 22:06:11:307 5616 a9c Report *********** Report: Initializing
static reporting data ***********
2008-11-15 22:06:11:307 5616 a9c Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 22:06:11:307 5616 a9c Report * OS Product Type = 0x00000006
2008-11-15 22:06:11:479 5616 a9c Report * Computer Brand = Hewlett-Packard
2008-11-15 22:06:11:479 5616 a9c Report * Computer Model = HP Compaq 6735s
2008-11-15 22:06:11:485 5616 a9c Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 22:06:11:485 5616 a9c Report * Bios Name = Default System BIOS
2008-11-15 22:06:11:485 5616 a9c Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 22:06:11:486 5616 a9c Report * Locale ID = 2057
2008-11-15 22:06:11:707 5616 860 Agent * Found 17 persisted download calls
to restore
2008-11-15 22:06:12:050 5616 860 DnldMgr Download manager restoring 17
downloads
2008-11-15 22:06:13:714 5616 860 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 22:06:13:716 5616 860 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 22:06:13:716 5616 860 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 22:06:13:716 5616 860 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 22:06:13:716 5616 860 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:06:13:735 5616 860 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 22:06:14:143 5616 860 DnldMgr * Restored download job.
2008-11-15 22:06:14:190 5616 860 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 22:06:14:190 5616 860 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 22:06:14:190 5616 860 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:06:14:362 5616 860 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 22:06:14:468 5616 860 DnldMgr * Restored download job.
2008-11-15 22:06:22:968 3736 b60 COMAPI WARNING: Unable to listen to
self-update/shutdown event (hr=0X800706BE)
2008-11-15 22:06:22:972 3736 b60 COMAPI WARNING: Unable to establish
connection to the service. (hr=800706BE)
2008-11-15 22:06:22:972 3736 b60 COMAPI - Exit code = 0x800706BE
2008-11-15 22:06:35:052 4316 ee0 Misc =========== Logging initialized
(build: 7.2.6001.784, tz: -0000) ===========
2008-11-15 22:06:35:053 4316 ee0 Misc = Process:
C:\windows\system32\wusa.exe
2008-11-15 22:06:35:053 4316 ee0 Misc = Module:
C:\Windows\system32\wuapi.dll
2008-11-15 22:06:35:032 4316 ee0 COMAPI ----------- COMAPI:
IUpdateServiceManager::AddScanPackageService -----------
2008-11-15 22:06:35:053 4316 ee0 COMAPI - ServiceName = Windows Update
Standalone Installer
2008-11-15 22:06:35:053 4316 ee0 COMAPI - ScanFileLocation =
C:\449aaa544024786fb7795c7388\wsusscan.cab
2008-11-15 22:06:35:389 1876 f9c Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 22:06:35:389 1876 f9c Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 22:06:35:389 1876 f9c Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 22:06:35:380 1876 f9c Service *************
2008-11-15 22:06:35:389 1876 f9c Service ** START ** Service: Service startup
2008-11-15 22:06:35:389 1876 f9c Service *********
2008-11-15 22:06:35:418 1876 f9c Agent * WU client version 7.2.6001.788
2008-11-15 22:06:35:419 1876 f9c Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 22:06:35:513 1876 f9c Agent * Access type: No proxy
2008-11-15 22:06:35:530 1876 f9c Agent * Network state: Connected
2008-11-15 22:06:35:541 1876 f9c Setup WARNING: SelfUpdate is in an error
state
2008-11-15 22:06:35:572 1876 1740 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 22:06:35:572 1876 1740 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 22:06:35:572 1876 1740 Agent * WSUS server: <NULL>
2008-11-15 22:06:35:572 1876 1740 Agent * WSUS status server: <NULL>
2008-11-15 22:06:35:572 1876 1740 Agent * Target group: (Unassigned
Computers)
2008-11-15 22:06:35:572 1876 1740 Agent * Windows Update access disabled: No
2008-11-15 22:06:36:589 1876 1740 Agent * Found 17 persisted download
calls to restore
2008-11-15 22:06:36:931 1876 1740 DnldMgr Download manager restoring 17
downloads
2008-11-15 22:06:38:852 1876 1740 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 22:06:38:853 1876 1740 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 22:06:38:853 1876 1740 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 22:06:38:853 1876 1740 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 22:06:38:853 1876 1740 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:06:38:880 1876 1740 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 22:06:39:283 1876 1740 DnldMgr * Restored download job.
2008-11-15 22:06:39:292 1876 1740 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 22:06:39:292 1876 1740 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 22:06:39:292 1876 1740 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:06:39:378 1876 1740 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 22:06:39:449 1876 1740 DnldMgr * Restored download job.
2008-11-15 22:06:45:905 4316 ee0 COMAPI WARNING: Unable to listen to
self-update/shutdown event (hr=0X800706BE)
2008-11-15 22:06:45:910 4316 ee0 COMAPI WARNING: Unable to establish
connection to the service. (hr=800706BE)
2008-11-15 22:06:45:911 4316 ee0 COMAPI - Exit code = 0x800706BE
2008-11-15 22:09:22:033 3652 15a4 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 22:09:22:033 3652 15a4 Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 22:09:22:034 3652 15a4 Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 22:09:22:028 3652 15a4 Service *************
2008-11-15 22:09:22:034 3652 15a4 Service ** START ** Service: Service
startup
2008-11-15 22:09:22:034 3652 15a4 Service *********
2008-11-15 22:09:22:047 3652 15a4 Agent * WU client version 7.2.6001.788
2008-11-15 22:09:22:048 3652 15a4 Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 22:09:22:142 3652 15a4 Agent * Access type: No proxy
2008-11-15 22:09:22:159 3652 15a4 Agent * Network state: Connected
2008-11-15 22:09:22:168 3652 15a4 Setup WARNING: SelfUpdate is in an error
state
2008-11-15 22:09:22:201 3652 4cc Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 22:09:22:204 3652 4cc Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 22:09:22:204 3652 4cc Agent * WSUS server: <NULL>
2008-11-15 22:09:22:204 3652 4cc Agent * WSUS status server: <NULL>
2008-11-15 22:09:22:204 3652 4cc Agent * Target group: (Unassigned
Computers)
2008-11-15 22:09:22:204 3652 4cc Agent * Windows Update access disabled: No
2008-11-15 22:09:22:664 3652 15a4 Report *********** Report: Initializing
static reporting data ***********
2008-11-15 22:09:22:664 3652 15a4 Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 22:09:22:664 3652 15a4 Report * OS Product Type = 0x00000006
2008-11-15 22:09:22:778 3652 15a4 Report * Computer Brand = Hewlett-Packard
2008-11-15 22:09:22:778 3652 15a4 Report * Computer Model = HP Compaq 6735s
2008-11-15 22:09:22:784 3652 15a4 Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 22:09:22:785 3652 15a4 Report * Bios Name = Default System BIOS
2008-11-15 22:09:22:785 3652 15a4 Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 22:09:22:785 3652 15a4 Report * Locale ID = 2057
2008-11-15 22:09:23:070 3652 4cc Agent * Found 17 persisted download calls
to restore
2008-11-15 22:09:23:415 3652 4cc DnldMgr Download manager restoring 17
downloads
2008-11-15 22:09:25:599 3652 4cc Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 22:09:25:601 3652 4cc DnldMgr Retrieved 11 persisted download jobs
2008-11-15 22:09:25:601 3652 4cc DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 22:09:25:601 3652 4cc DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 22:09:25:601 3652 4cc DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:09:25:607 3652 4cc DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 22:09:25:930 3652 4cc DnldMgr * Restored download job.
2008-11-15 22:09:26:050 3652 4cc DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 22:09:26:051 3652 4cc DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 22:09:26:051 3652 4cc DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:09:26:124 3652 4cc DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 22:09:26:186 3652 4cc DnldMgr * Restored download job.
2008-11-15 22:10:04:164 2232 11e8 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 22:10:04:164 2232 11e8 Misc = Process: C:\windows\Explorer.EXE
2008-11-15 22:10:04:164 2232 11e8 Misc = Module:
C:\windows\system32\wucltux.dll
2008-11-15 22:10:04:163 2232 11e8 WUApp WARNING: Cannot load updates because
AU service is not available, hr=80010108
2008-11-15 22:10:04:164 2232 11e8 WUApp WARNING: Failed to load the update
list, error 80010108
2008-11-15 22:10:04:164 2232 11e8 WUApp WARNING: Failed to populate update
list with error 80010108
2008-11-15 22:10:05:255 2760 1044 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0000) ===========
2008-11-15 22:10:05:255 2760 1044 Misc = Process:
C:\windows\system32\svchost.exe
2008-11-15 22:10:05:255 2760 1044 Misc = Module:
c:\windows\system32\wuaueng.dll
2008-11-15 22:10:05:251 2760 1044 Service *************
2008-11-15 22:10:05:255 2760 1044 Service ** START ** Service: Service
startup
2008-11-15 22:10:05:256 2760 1044 Service *********
2008-11-15 22:10:05:267 2760 1044 Agent * WU client version 7.2.6001.788
2008-11-15 22:10:05:268 2760 1044 Agent * Base directory:
C:\windows\SoftwareDistribution
2008-11-15 22:10:05:356 2760 1044 Agent * Access type: No proxy
2008-11-15 22:10:05:372 2760 1044 Agent * Network state: Connected
2008-11-15 22:10:05:385 2760 1044 Setup WARNING: SelfUpdate is in an error
state
2008-11-15 22:10:05:410 2760 1534 Agent *********** Agent: Initializing
Windows Update Agent ***********
2008-11-15 22:10:05:410 2760 1534 Agent *********** Agent: Initializing
global settings cache ***********
2008-11-15 22:10:05:410 2760 1534 Agent * WSUS server: <NULL>
2008-11-15 22:10:05:410 2760 1534 Agent * WSUS status server: <NULL>
2008-11-15 22:10:05:410 2760 1534 Agent * Target group: (Unassigned
Computers)
2008-11-15 22:10:05:410 2760 1534 Agent * Windows Update access disabled: No
2008-11-15 22:10:05:933 2760 1044 Report *********** Report: Initializing
static reporting data ***********
2008-11-15 22:10:05:933 2760 1044 Report * OS Version = 6.0.6001.1.0.65792
2008-11-15 22:10:05:933 2760 1044 Report * OS Product Type = 0x00000006
2008-11-15 22:10:06:025 2760 1044 Report * Computer Brand = Hewlett-Packard
2008-11-15 22:10:06:025 2760 1044 Report * Computer Model = HP Compaq 6735s
2008-11-15 22:10:06:041 2760 1044 Report * Bios Revision = 68GPP Ver. F.03
2008-11-15 22:10:06:041 2760 1044 Report * Bios Name = Default System BIOS
2008-11-15 22:10:06:041 2760 1044 Report * Bios Release Date =
2008-07-02T00:00:00
2008-11-15 22:10:06:041 2760 1044 Report * Locale ID = 2057
2008-11-15 22:10:06:288 2760 1534 Agent * Found 17 persisted download
calls to restore
2008-11-15 22:10:06:641 2760 1534 DnldMgr Download manager restoring 17
downloads
2008-11-15 22:10:08:606 2760 1534 Agent * Successfully loaded 17 persisted
download calls.
2008-11-15 22:10:08:607 2760 1534 DnldMgr Retrieved 11 persisted download jobs
2008-11-15 22:10:08:607 2760 1534 DnldMgr *********** DnldMgr: Restoring
download [no. 0] ***********
2008-11-15 22:10:08:608 2760 1534 DnldMgr * BITS JobId =
{DA6A5509-B363-4A58-B479-BE8822900F57}
2008-11-15 22:10:08:608 2760 1534 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:10:08:635 2760 1534 DnldMgr * UpdateId =
{3B70F6C8-5F24-401C-ACE7-DADB944C151D}.101
2008-11-15 22:10:08:974 2760 1534 DnldMgr * Restored download job.
2008-11-15 22:10:08:985 2760 1534 DnldMgr *********** DnldMgr: Restoring
download [no. 1] ***********
2008-11-15 22:10:08:986 2760 1534 DnldMgr * BITS JobId =
{5E545715-200A-4B92-8882-D998FFA55FD3}
2008-11-15 22:10:08:986 2760 1534 DnldMgr * ServiceId =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2008-11-15 22:10:09:053 2760 1534 DnldMgr * UpdateId =
{587B918D-3110-49D0-A7AA-BF6E800DAF50}.101
2008-11-15 22:10:09:119 2760 1534 DnldMgr * Restored download job.
2008-11-15 22:10:17:673 2232 11e8 WUApp WARNING: Error displaying Opted In
Service summary: 80070005

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"PA Bear [MS MVP]" wrote:

Chris Lucas

unread,
Nov 16, 2008, 6:28:01 AM11/16/08
to
Here is the Hijack This log:

~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:07, on 15/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\windows\system32\wusa.exe
C:\windows\system32\wermgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program
Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Credential Manager for HP ProtectTools -
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program
Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -
C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program
Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP
ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe
c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program
Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File
Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick
Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD
Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program
Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-UKSessionManager] C:\Program
Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet
Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center]
%windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog
Devices\SoundMAX\soundmax.exe /tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common
Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet
Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet
Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet
Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD
Check\DVDCheck.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program
Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -
C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings -
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google
Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
- C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: McAfee Application Installer Cleanup (0175181222782520)
(0175181222782520mcinstcleanup) - Unknown owner -
C:\Users\CHRISL~1\AppData\Local\Temp\017518~1.EXE (file missing)
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity -
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea
Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -
C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared
Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c92387a964b3a0)
(gupdate1c92387a964b3a0) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development
Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot
International - c:\Program Files\Hewlett-Packard\Drive
Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) -
Hewlett-Packard - C:\Program Files\Hewlett-Packard\File
Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation -
C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc -
C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service
(TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. -
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 13864 bytes

PA Bear [MS MVP]

unread,
Nov 16, 2008, 12:57:18 PM11/16/08
to
1. TIP: Download/run this removal tool, then reboot:
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033

2. Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
*to an appropriate forum*, not here.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. ***Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.***

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Chris Lucas wrote:
<snip>

Lucas@discussions.microsoft.com Chris Lucas

unread,
Nov 16, 2008, 2:52:01 PM11/16/08
to
Thanks Mow and PA.... Using the McAfee removal tool now and will post the
Hijack this log, as suggested.

Reference the BITS files, are versions OK? And what can I do about the
corrupt qmgr.dll? Can I download a BITS installer and overright?

Thanks.

Chris


"MowGreen [MVP]" wrote:

> Was Trend actively monitoring the system during the application of SP1
> and when was it applied ?
> That *may* account for the file mismatch in WinSxS.
> Before doing any of the below, check the WindowsUpdate.log located in
> WINDOWS [ Click Start > Start Search > type in windowsupdate.log > click
> Search ]
> Look to see if the updates were downloaded or if there are any FATAL or
> WARNING entries with accompanying error codes:
>
> How to read the Windowsupdate.log file
> http://support.microsoft.com/kb/902093
>
> AU Check should have replaced all BITS related files when it was run.
> It created an AULOGS folder on the root drive. The logs are stored in

> ..cab files that can be extracted as .zip files are.

MowGreen [MVP]

unread,
Nov 17, 2008, 1:33:00 PM11/17/08
to
The updating service can't function

2008-11-15 14:21:29:093 2232 1554 WUApp WARNING: Cannot load updates
because AU service is not available, hr=80010108

Because of the RPC failure

0X800706BE RPC_S_CALL_FAILED
The remote procedure call failed.
0x80010108 RPC_E_DISCONNECTED
The object invoked has disconnected from its clients.

Then, there's this Permissions issue

2008-11-15 14:22:07:329 2232 1554 WUApp WARNING: Error displaying Opted
In Service summary: 80070005

Either malware is causing this, there's interference with the update
servers and RPC due to a 3rd party add-on, or the entire issue was
caused by Trend OR leftover files from McAfee.

If running the McAfee cleanup tool results in no joy, then suggest you
disable all 3rd party IE add-ons. Open Internet Options in the Control
Panel and click the Programs tab. Then click the Manage add-ons button.
Disable all non-Microsoft add-ons and see if the system can update now.

The WU.log shows the latest version of the Windows Update Agent has
installed properly. So, that's a positive step.
What you can do, IF malware is *not* detected, is to boot to Safe Mode
with Networking and run AU Check once more.
Restart the system to SM w/networking and see if the system can update
from within that mode.

I'll be leaving early tomorrow AM and probably won't be able to check
this thread until Wednesday at the earliest, Chris. Hang in there.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============

Chris Lucas

unread,
Nov 19, 2008, 6:45:01 AM11/19/08
to
Mow

I have achieved a resolution, but by drastic means!!! Anyway, here is the
update:

1/ McAfee cleanup ran, but did not achieve any progress
2/ Disabled all add ins in IE - same symptoms....
3/ Stepped through the AU Check in all modes, restarting after each - 3 x
logs available at:

https://rcpt.yousendit.com/626462121/d7a1655c94d727f52d1e9371463a718c

https://rcpt.yousendit.com/626457073/8fd3bb5a7b89e33e46326bb2d565e070 and

https://rcpt.yousendit.com/626456625/0f40146b5b702774eaaad2b0062f4e89

(files will be available for 7 days)

- still unable to WU, similar symptoms.

4/ sfc/scannow still reported qmgr.dll as corrupt - since Windows would not
allow me to install SP1 again, I took drastic steps and installed Windows
Ultimate, using the "retain existing settings and programmes" option. Worked
like a dream!!! I deselected certain packs and cycled through several WU, to
ensure no recurrence
5/ Before installation, ran HijackThis again, and Kaspersky and Symantec
remote scans - nothing unpleasant reported

Either the issue arose as a result of being unable to correct corrupt files,
as the BITS repairer did not work, or as a result of malware. But I guess
the reinstall will have overwritten all important Windows files and given me
a solid build.

Thanks for all your help, let me know if you need any further info for the KB.

Best wishes

Chris

MowGreen

unread,
Nov 26, 2008, 12:24:39 PM11/26/08
to
Chris,

Glad to hear that you got this issue sorted out. Not sure where it
stemmed from. It's too bad that to resolve this you had to install Vista
once more. Sadly, that seems to be the fastest most reliable method
for resolving these 'mysterious', catastrophic updating issues.
FWIW, when I intend to do updating on a client's newly installed Vista
RTM system the security software is *never* installed until all updating
and required rebooting is completed. I DON'T trust any sec software to
*not* interfere with Vista's RTM updating components. Perhaps after SP1
is applied, perhaps, but, why waste time taking a gamble ?
Best to you ...

MowGreen

Effie

unread,
Dec 25, 2008, 5:19:00 PM12/25/08
to
I have exactly the same problem with all the same symptoms as well!

MowGreen [MVP]

unread,
Dec 26, 2008, 4:09:40 PM12/26/08
to
Effie wrote:

> I have exactly the same problem with all the same symptoms as well!


You're posting to a thread started in November and have provided NO
relevant information.

To get assistance with whatever issue you're facing, please start a new
thread after reading this:

How to ask a question
http://support.microsoft.com/kb/555375

Help *us*, help YOU.

0 new messages