Supected Virus Urgent!!

Hello Dj_Fx8 =)

goto C:\Windows\system32\drivers\etc
and open ur HOSTS file in notepad
check if it contains the entries for windows updates and norton site with IP 127.0.0.1
if YES then remove them all, and save the file
restart and now check ??

Also Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe

Hi
The only entry in the Hosts.ics file is
192.168.1.100 steven-b58wxv57.mshome.net # 2009 8 0 30 20 22 3 675

Logfile of HijackThis v1.98.2
Scan saved at 22:05:43, on 31/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Internet\Speed Touch USB\Dragdiag.exe
E:\WINDOWS\System32\servicz.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
E:\Program Files\Messenger\msmsgs.exe
F:\Internet\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\Internet\Norton Internet Security\Norton AntiVirus\SAVScan.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\WINDOWS\System32\mdm.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Internet\Norton Internet Security\Norton AntiVirus\OPScan.exe
E:\WINDOWS\system32\notepad.exe
E:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Internet\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Internet\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Internet\Speed Touch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKLM\..\Run: [Microsoft Update 32] explore32.exe
O4 - HKLM\..\Run: [System Update] E:\WINDOWS\System32\tvduz.exe
O4 - HKLM\..\Run: [update service] winu32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Internet\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] explore32.exe
O4 - HKLM\..\RunServices: [update service] winu32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093877303835
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00893D4D-5D8F-4DF2-865E-5B7FED23BBF8}: NameServer = 194.74.65.86 194.72.9.44
O17 - HKLM\System\CS1\Services\Tcpip\..\{00893D4D-5D8F-4DF2-865E-5B7FED23BBF8}: NameServer = 194.74.65.86 194.72.9.44

Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================

then cehck the following lines in hijackthis and click on Fix Checked.

========================================================
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKLM\..\Run: [Microsoft Update 32] explore32.exe
O4 - HKLM\..\Run: [System Update] E:\WINDOWS\System32\tvduz.exe
O4 - HKLM\..\Run: [update service] winu32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] explore32.exe
O4 - HKLM\..\RunServices: [update service] winu32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
=======================================================================

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise Try running this Winsock Repair for XP:
http://www.spychecker.com/program/winsockxpfix.html

>> E:\WINDOWS\System32\servicz.exe

Also this process is not valid process, so delete this servicz.exe file in saefmode !!

Thanks about to go off line to reboot in safe mode will report back soon, I hope lol

Just listening if more is needed, though you're in good hands here.
Asta

Hi SheharyaarSaahil,

You've just managed to ask someone to uninstall the firewall on their computer. Congratulations.
Sygate is a very good firewall.

Your first advice was excellent (http:#11946553) as that most likely is the issue, it seems that Dj_Fx8 missunderstood you and opened a backup (http:#11946661)

Dj_Fx8,
The hosts file is a hidden file, please just copy/paste this line into the "open" dialog of notepad:

%systemroot%\system32\drivers\etc\hosts

this will make sure the right file is opened, please scroll down, it could be some blank lines are added. Make sure the only line there is:
127.0.0.1 Localhost

Greetings,

LucF

Well there was a reason why i advised to remove Sygate.exe.....
mostly when we install a firewall, it runs in background,,,, and here Sygate.exe was present in Startup run keys, but were not running anywhere in the background processes..... can u see it running ??

Second..... user is running Norton,,,,, why the Sygate.exe firewall then,,,,, it can be the entries from a previously uninstall Sygate Firewall though..... so no need of them now.

Third.... Firewalls dont put ONE process, i.e Sygate.exe
they have so many helper processes.... but here no trace of anything related to Sygate Firewall except this ONE Process..... and it makes it DOUBTFULL, atleast for me.

and Forth,,,,, HOSTS file is not a hidden file..... my Show Hidden Files feature is OFF, and i can open it straight from C:\Windows\system32\drivers\etc

anything esle ??

Hi
I'm back again, ok done all that, and had a number if infections, Live update is working and I've updated all my virus defs etc, I have win update running but it appears to be the same, only I have the update icon in my system tray but the tool tip for it just says Downloading updates: 0% although my intermet connection bytes received is slowly increasing

>>>Sygate is a very good firewall

Where did I get that from I never heard of it

Dj post here the Fresh Log from hijackhtis..... and did u try running that winsock tool i gave in my last post, last line :)

Logfile of HijackThis v1.98.2
Scan saved at 23:26:52, on 31/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Internet\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\Internet\Norton Internet Security\Norton AntiVirus\SAVScan.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Internet\Speed Touch USB\Dragdiag.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\wuauclt.exe
E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\mdm.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Internet\NORTON~1\NORTON~1\navw32.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Documents and Settings\Steven\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Internet\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Internet\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Internet\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Internet\Speed Touch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Internet\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093877303835
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00893D4D-5D8F-4DF2-865E-5B7FED23BBF8}: NameServer = 194.74.65.86 194.72.9.44
O17 - HKLM\System\CS1\Services\Tcpip\..\{00893D4D-5D8F-4DF2-865E-5B7FED23BBF8}: NameServer = 194.74.65.86 194.72.9.44


No I forgot about the winsock tool shall I try it now

>>mostly when we install a firewall, it runs in background,,,, and here Sygate.exe was present in Startup run keys, but were not running anywhere in the background processes..... can u see it running ??<<

It isn't running because it's been shutdown by one of the other processes you mentioned, Sygate firewall will use exactly those locations to run, and they won't show otherwise in hijackthis.

>>Second..... user is running Norton,,,,, why the Sygate.exe firewall then<<
Is it your choice what someone wants to have running? As a firewall changes the tcp-ip stack, these kind of things might even ruin the internet connection.

>>Third.... Firewalls dont put ONE process, i.e Sygate.exe they have so many helper processes.... but here no trace of anything related to Sygate Firewall except this ONE Process<<
They don't have any "helper processes" except for doing other tasks, sygate just does it's job, being a firewall.

>>and Forth,,,,, HOSTS file is not a hidden file..... my Show Hidden Files feature is OFF, and i can open it straight from C:\Windows\system32\drivers\etc<<
Maybe not at your system, but it's surely hidden at mine. Either way, does this matter? The fact is that Dj_Fx8 opened Hosts.ics which is the Internet Connection Sharing hosts file.

>>anything esle ??<<
Nope, that's it.

LucF

>> Where did I get that from I never heard of it

Dj are u having this folder >> C:\PROGRAM FILES\SYGATE

Could not agree more with LucF's comments.... HOSTS file has no extensions, and AdAware can be configured to check the HOSTS file (updated version)

I don't, shouldn't have Sygate I have never installed, downloaded it unless its part of Norton

>>>Make sure the only line there is:   127.0.0.1 Localhost

It is

Could not agree more with LucF's comments.... MORE!  Sorry, too many hours of no sleep... omitted the most critical word of MORE

Dj_Fx8,

Your logfile is now clean, I'll put the issues I have with SheharyaarSaahil aside...

So your only problem are your windows updates at the moment?

Can you reach windows update by this url => http://207.46.134.92/

LucF

Dj one more thing.... this time when u wil open ur HOSTS file in notepad, hit CTRL+A, then hit CTRL+C and then come here and hit CTRL+V..... this will paste all the contents of that file.....

seems silly but believe me once i faced a case, where all those 127.0.0.1 entires are preset TOOOO below from the normal text ;-)

>> I don't, shouldn't have Sygate I have never installed, downloaded it unless its part of Norton

No its not a part of Norton, and u are not having it on ur system, dont worry ;-)

oh yes I can and then it offers me custom or express install but when I click either it changes pages and says Windows Update is looking for available updates...
and just stays there


Heres my Hosts file

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Dj_Fx8,

Please take a look here:
http://v4.windowsupdate.microsoft.com/troubleshoot/

-=-=-=-=-=-=-=-=-=-=-=-=-
Problem Description:
After clicking Scan for Updates, you receive this message: "Windows Update is looking for available updates... 0% complete.".  Then the site stops communicating.

 
Resolutions:
There are several possible solutions to this problem.

Install the latest scripting engine 5.6 from:
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp
--------------------------------------------------------------------------------
If you have Netsonic on your computer, uninstall it.
--------------------------------------------------------------------------------
If you have not installed the latest version of Windows Update software,  follow the
instructions in the article "Manual installation instructions for Windows Update controls" on this page.
--------------------------------------------------------------------------------
Disable the options "Automatically detect settings" and "Use automatic configuration script."
To do this:
1. Open Internet Explorer.
2. Click "Tools," and then click "Internet Options."
3. Click "Connections," and then click "LAN Settings."
4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.
 
Try to access the Windows Update site again.

Also, verify that you can connect to SSL-enabled Web sites (sites that start with https://).  

Most online retailers use SSL (Secure Socket Layer) sites during the checkout/payment process. If you've connected to one of these sites in the past then chances are that SSL is working correctly on your computer.  You can also test your ability to connect to SSL sites using a SSL test site like this:

https://www.stanford.edu/group/idg/leland/samples/secure/test.html

If you cannot connect to SSL sites then the Windows Update scan will not work. Make sure that the SSL port (port 443) is open on your network.
-=-=-=-=-=-=-=-=-=-=-=-=-

See if that helps you.

LucF

Hi I have tried all that but still the same, I couldn't find

>>>Problem Description:
>>>After clicking Scan for Updates, you receive this message: "Windows Update is looking for available updates... 0% complete.".  Then the site >>>stops communicating

Guys its very late here and I should be having sweet dreams by now so I'll sign off for now but will check back int the morning, if you have any more thoughts on this post them and I try them

Thanks in advance

>> if you have any more thoughts on this post them and I try them

yes u can try this.....

goto Start>Run>services.msc
look for a service called Automatic Updates
stop it and then right click it, choose properties and set the Startup type to Dsiable
restart ur machine

now go back to same place and set the Startup type back to Enable
restart again and now check if u can get the Windows Update or not ??

Post back :)

>> Startup type back to Enable
more specifically.... set it to back to Automatic :)

Hi
I have just tried your last suggestion but still no sucess, I'm thinking of doing an in-place upgrade (reinstallation) of windows xp to see if that helps, I have to head to work now :-(( so I will check back here later to see if any other suggestions have been left

just try this before a repair install.....

Run This Tool to check if it can solve the problem >> http://www.mvps.org/sramesh2k/IEFIX.htm
if it doesn't help then, do this......

goto Start>Run>cmd
type the following lines, hitting enter after each line !!

Softpub.dll
Wintrust.dll
Initpki.dll
Dssenh.dll
Rsaenh.dll
Gpkcsp.dll
Sccbase.dll
Slbcsp.dll
Cryptdlg.dll
Exit

Then Restart ur computer, ang again go back to cmd and type following lines, hitting enter eafter each line !!

regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
Exit

ref >> http://support.microsoft.com/?kbid=813444
restart and now check for the problem ??

Also u can try creating a new user, and can check there for the problems..... post back results ??

Hi
I have tried all of the above and still had the same problem so I done a repair install but it has not cured my problem so I'm at a total loss as what to do next so any suggestions would be greatly appreciated

well now u are worrying me =|
do u still have Norton installed after the repair ??
and u are connected to internet via modem or .... ??

Also curious if the WindowsUpdate troubleshooting process noted above by LucF did or did not align to any of your specific errors nor help any?

Hi
>>>do u still have Norton installed after the repair ??       Yes, its upto date and working

>>>and u are connected to internet via modem or .... ??    Via usb modem with connected at 1.1Mbps

>>>Also curious if the WindowsUpdate troubleshooting process noted above by LucF did or did not align to any of your specific errors nor help any?
      After reinstalling XP and going to the update site it downloaded and installed the latest scripting engine 5.6
     Under LAN settings Neither of the Auto detect settings or Use auto conf script are checked
     I can access SSL sites ok
     I do not have netsonic installed



Other info which may help
This morning I left my pc connected to the internet, the Windows Automatic Update Autoupdate client was running (wuauclt.exe) and this evening it had downloaded "Background Intelligent Transfer Service" and "Microsoft Security Bulletin MS04-012 Cumulative Update for MS RPC/DCOM (828741)" updates and I was able to install them. I still cant get any updates manually through the windows update site https://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us (it just stays at the Windows Update is looking for available updates... page).  One other thing I noticed I have 2 copies of wuauclt.exe 112KB (and wuauclt1.exe 164KB) don't know if any of this will help but I lost here

>>Yes, its upto date and working<<
That it's running doesn't mean it's working, please try to download one of the files here: http://www.eicar.org/anti_virus_test_file.htm See if a message from Norton pop's up.

>>One other thing I noticed I have 2 copies of wuauclt.exe 112KB (and wuauclt1.exe 164KB) don't know if any of this will help but I lost here<<
That's NOT normal, please check both at what location they are...
If you meant you really have a file named "wuauclt1.exe" get rid of it right away.

LucF

>> One other thing I noticed I have 2 copies of wuauclt.exe 112KB (and wuauclt1.exe 164KB)
this process is not present in running processes in ur LOG.... but yes there are two wuauclt.exe present

E:\WINDOWS\System32\wuauclt.exe <==
E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\mdm.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Internet\NORTON~1\NORTON~1\navw32.exe
E:\WINDOWS\System32\wuauclt.exe <==

>>>do u still have Norton installed after the repair ??       Yes, its upto date and working
What if i will ask u to uninstall it and then check for the problem just for a minute to check if its working or not :-?

Just to test, Dj_Fx8,

Can you access other secure pages, for example: https://www.paypal.com/

>>> That it's running doesn't mean it's working, please try to download one of the files here: http://www.eicar.org/anti_virus_test_file.htm See if a message from Norton pop's up.

Yes Norton pops up warning of High risk Virus and deletes the file

>>>That's NOT normal, please check both at what location they are...
 E:\Windows\System32      (E:\ is my system root)

>>>If you meant you really have a file named "wuauclt1.exe" get rid of it right away.
Yes thats what I ment, its not actually running as a process, just a file on my HD

>>>What if i will ask u to uninstall it and then check for the problem just for a minute to check if its working or not :-?
I have tried with both the anti virus and internet securtiy disabled (just it takes about 7 restarts to uninstall and reinstall and bring upto date)

wuauclt1.exe is the result of updating to Windows Updater to V5 !!
U can verify it by right clicking it and check its details, it shud be from Microsoft and its version shud be 5.4.3790.2182
right..... ??

Yip that correct, I had deleted it but when I went to the update site it downloaded the 'latest version' and its back

I am considering formating my XP drive and doing a fresh install of XP to see if that helps

That will probably help, but please, let us know if you can access https://www.paypal.com/ without any problems. It could be that your problem just relates to not being able to view secure sites.

LucF

Yea I can access Paypal ok, also https://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us ok but it still wont update

>> I am considering formating my XP drive and doing a fresh install of XP to see if that helps

U can do it if u feel like this.... but what i was thinking is that u got this problem after installing nIS,,, perhaps it screwed ur system, and uninstalling it and running winsock again can help ...... coz i have seen many cases like this !!!!

but if everything is failing then u can go for a format and reinstall,,,, =|

well formating and reinstalling XP is only a last resource  as I would have to reinstall all my software again (pain). So your suggesting unstalling Norton, runing WinsockFix is that correct

>> So your suggesting unstalling Norton, runing WinsockFix is that correct

Yes, coz i think its better if we can try a more easy method than a full format and Reinstall =\

ok I'll uninstall it now

hmmmmmmm fingers crossed !!  <:)

ok Norton is uninstalled and WinsockFix run and rebooted. Have gone to the windows update site and its not lookin good, it is so far still the same

Looks like a format is my only hope now :-((

whyyyyy i mean why its not working,,,,, even after a reinstall....a reinstall deletes all windows system files and registries..... and restores them to default ones !!!!!

means if it was the problem of corrupted system files or registries then the Repair shud have solved it....
Does this mean that its a hardware driver\software installed by u ??

try going to Start>Run>msconfig>Startup and click on Disable All
restart and now..... ??

>>>a reinstall deletes all windows system files and registries..... and restores them to default ones !!!!!
Thats what I thought

>>>Does this mean that its a hardware driver\software installed by u ??
Well not that I'm aware of any software  installed was the same stuff as was installed before my hard drive failure and even now its not all reinstalled

As you know I got a lot of infections initally so unless one of them has done something.

>>>try going to Start>Run>msconfig>Startup and click on Disable All

Trying now back soon

No still the same, as soon as I click Express or Custom install the page changes to the looking for available updates and the status bar says Done

Would it help if we were to use the Remote assistance, I don't know much about it

>> as soon as I click Express or Custom install the page changes to the looking for available updates and the status bar says Done

u mean same as here >> https://www.experts-exchange.com/questions/21117328/windows-update-does-not-finish.html
dont tell me, its another MS Bug.... =\

hmmmmmmm i have found a thing..... check here >> http://www.dslreports.com/forum/remark,11026330~mode=flat
for most of them this method worked.....

Start>Run>cmd
type these lines, hitting Enter after each line.

REGSVR32 C:\WINDOWS\system32\wuapi.dll
REGSVR32 C:\WINDOWS\system32\wuaueng.dll
REGSVR32 C:\WINDOWS\system32\atl.dll
REGSVR32 C:\WINDOWS\system32\wucltui.dll
REGSVR32 C:\WINDOWS\system32\wups.dll

Im not sure if it's gonna work or not.... as we have already tried a repair here.... but no harm in trying :-?

No I think I'm getting it at another place than mtk he says
>>> I would get to the screen "scanning for the latest version of update
Which is where I start  "Checking for lastest version of windows update software"
Then I get "Welcome"   "Update your computer"  with the options to "Express Install (Recommended)"  or "Custom Install:"
Its when I click either of these  and the page changes to "Windows Update is looking for available updates..." and has a progress bar with a coloured section constantly running from left to right, it then the status bar says done.
The confusing thing is it was working fine last week befor the hard drive failure

No it didn't help  

I don't know if this is relevant but I tried to rename my windows update.log so as it would create a new one but I cant, it says its being used, even after a reboot is that normal

Here is a section of the log of the last attempt to update is seems there are a lot of probs in it but I don't understand it


2004-09-02      21:37:12+0100       664      4c8      ISusInternal API failed CClientCallRecorder::DisconnectCall with error 0x8024000c
2004-09-02      21:37:12+0100       372      6b0      ISusInternal::DisconnectCall failed, hr=8024000C
2004-09-02      21:37:28+0100       372      8cc      Checking for different Redirector at: http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab
2004-09-02      21:37:28+0100       372      8cc      WinInet: Server file is not newer.  Skipping download.
2004-09-02      21:37:28+0100       372      8cc      Successfully refreshed Redirector cab.
2004-09-02      21:37:28+0100       372      8cc      WinInet: Server file is not newer.  Skipping download.
2004-09-02      21:37:29+0100       372      8cc      WinInet: Download speed is 38685 bytes/sec
2004-09-02      21:37:29+0100       372      8cc      WinInet: Successfully downloaded http://v5.windowsupdate.microsoft.com/SelfUpdate/AU/x86/XP/en/wusetup.cab to file E:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.cab
2004-09-02      21:37:29+0100       372      8cc      Loading inf file E:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.inf
2004-09-02      21:37:29+0100       372      8cc      Section name: cdm: Index: 0
2004-09-02      21:37:29+0100       372      8cc      Section name: iuengine: Index: 1
2004-09-02      21:37:29+0100       372      8cc      Section name: wuapi: Index: 2
2004-09-02      21:37:29+0100       372      8cc      Section name: wuauclt: Index: 3
2004-09-02      21:37:29+0100       372      8cc      Section name: wuauclt1: Index: 4
2004-09-02      21:37:29+0100       372      8cc      Section name: wuaucpl: Index: 5
2004-09-02      21:37:29+0100       372      8cc      Section name: wuaueng_WebSetup: Index: 6
2004-09-02      21:37:29+0100       372      8cc      Section name: wuaueng1: Index: 7
2004-09-02      21:37:29+0100       372      8cc      Section name: wuauserv_WebSetup: Index: 8
2004-09-02      21:37:29+0100       372      8cc      Section name: wucltui: Index: 9
2004-09-02      21:37:29+0100       372      8cc      Section name: wups: Index: 10
2004-09-02      21:37:29+0100       372      8cc      Section name: winhttp: Index: 11
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\cdm.dll is: 5,5,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\cdm.dll: Target version: 5.5.3790.2182 Required: 5.5.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\iuengine.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\iuengine.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuapi.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuapi.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuauclt.exe is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuauclt.exe: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuauclt1.exe is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuauclt1.exe: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuaucpl.cpl is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuaucpl.cpl: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuaueng.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuaueng.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wuaueng1.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wuaueng1.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wucltui.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wucltui.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:29+0100       372      8cc      Required Version for binary E:\WINDOWS\System32\wups.dll is: 5,4,3790,2182
2004-09-02      21:37:29+0100       372      8cc      Binary: E:\WINDOWS\System32\wups.dll: Target version: 5.4.3790.2182 Required: 5.4.3790.2182
2004-09-02      21:37:39+0100       664      36c      WU client succeeds CClientCallRecorder::BeginFindUpdates from WindowsUpdate with call id {6080EF88-A0B3-4F11-B1D7-E9352765254F}
2004-09-02      21:37:39+0100       664      614      WU client executing call {6080EF88-A0B3-4F11-B1D7-E9352765254F} of type Search Call
2004-09-02      21:37:40+0100       664      614      PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2004-09-02      21:37:40+0100       664      614      PT: Using server URL https://v5.windowsupdate.microsoft.com/ClientWebService/client.asmx
2004-09-02      21:37:40+0100       664      614      Add header for accept-encoding: xpress succeeded
2004-09-02      21:37:42+0100       664      614      DetectCompressionType returning type 1, hr=0x0
2004-09-02      21:37:42+0100       664      614      Add header for accept-encoding: xpress succeeded
2004-09-02      21:37:44+0100       664      614      DetectCompressionType returning type 1, hr=0x0
2004-09-02      21:37:44+0100       664      614      PT: Using serverID {9482F4B4-E343-43B6-B170-9A65BC822C77}
2004-09-02      21:37:44+0100       664      614      PT: Using server URL https://v5.windowsupdate.microsoft.com/ClientWebService/client.asmx
2004-09-02      21:37:44+0100       664      614      Add header for accept-encoding: xpress succeeded
2004-09-02      21:37:45+0100       664      614      DetectCompressionType returning type 1, hr=0x0
2004-09-02      21:37:45+0100       664      614      update {DEF7E2BD-44F0-4FEB-AA92-B1D8A289D740}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {6DDF4501-647A-4FF7-B437-34B53F16F32C}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {0F96FD55-558F-48FC-B0C0-25A5EF794B7E}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      WU client add update {76BAACDD-634F-487D-AC52-33CD061B49E7}.100 to search result
2004-09-02      21:37:45+0100       664      614      update {8FDC9B52-44B3-414A-8640-CEFBCB29E708}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {D9ADFD01-6C60-45DD-91ED-CDA4CC476C08}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E5AB6B0A-EB0B-4EC1-BAD0-FB2E5DBC3665}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {58035B1F-FB5C-48C5-B7CE-A19A2F788C39}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {ABC144E5-0D7D-491D-A9F2-5062C9E75FDC}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {8793CA43-4526-48F1-9CA4-1AD5E7EE4D44}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {394B485D-0372-4DA4-9242-6A886208E408}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E7F78E6B-C996-4198-AF7B-5D52ACA061AD}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {501BF4E4-2641-41E2-9409-3A0109C3005F}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {3BDA7C76-2FB7-42EB-B3FC-299FBA109833}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E9871499-E316-45EF-845D-55E4F28190B0}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {805C16AB-EA6E-411D-9A48-DF7E0440E871}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {26DB7E6A-70D5-481D-B5ED-C3990806C39F}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      WU client add update {B4B9471C-1A5E-4D9C-94EF-84B00592946A}.100 to search result
2004-09-02      21:37:45+0100       664      614      update {C64A65AC-E1A7-4FF9-9074-D6D4694FB673}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {B2B4FF3A-BA40-4E3E-98E6-A54CACF66998}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {AC065938-13C8-4C88-849B-D7B8A8A28839}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E53654A0-CBE7-48AC-88C1-466F9DAABC0D}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {4AED463B-3A3B-4AD8-976E-17BAF6434DA2}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {B0500BFE-0418-41E8-B298-882FE10EF7B2}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {C746232F-E537-45DB-BC22-5D26A7D9376B}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {6AC4BC58-278D-4CC5-863D-320F0C315FD1}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {7FADA317-AB6C-4A4B-BE69-251596F70E8D}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {FF6F05E7-3F3F-415B-80FB-789BB3AB84D3}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {F6776633-813D-495F-B209-EC50D86BB94C}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {3893052E-B8AD-4943-81F8-DEAE9335B340}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {4B55C1C5-F1B7-46E9-A4AF-DABC8D341743}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {C73D340C-4473-4306-B384-9EB1D26914DC}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {C435CD31-8631-47B8-ABE4-AEF2660986EA}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E8F5A5DA-F1D9-4C3D-9C2F-ED8AFAE637C5}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {CF1F446D-6A5A-4DB9-9119-30881192A19C}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {2D97704A-A1DD-4314-8DE2-F2D3CB59CC80}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {5759B31E-8706-4D61-AC10-439DEAE04F39}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {C5686DBA-744F-4053-B14B-586920370179}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      WU client add update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result
2004-09-02      21:37:45+0100       664      614      update {1DDC9FE7-B371-43BA-AF4F-18EFF327A420}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {11C7C0C9-AFB6-4D01-9C16-7B1D3B7D76E4}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {8D1F6795-726F-4870-B246-7AD5BA9AC8C8}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {2D09CBE6-AAF2-44E4-842C-B6C3685CD570}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      DeviceStatus: 0x180000a, DeviceProblemNumber: 00000000
2004-09-02      21:37:45+0100       664      614      WU client add update {ECEF72A1-3EDF-45EE-9F57-B2AB65375B12}.100 to search result
2004-09-02      21:37:45+0100       664      614      update {8FB5A90A-68B5-49CB-9C14-6136E0E348ED}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {8274F4C5-6130-4B8A-A632-9E2115ACFD1E}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {E19EBFB4-6EBE-46E0-852B-A19EE0B277B0}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {9DC6F90B-3F88-47F7-A16F-3E316CC0979A}.102 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {C0C81D0E-4083-42D5-A23A-267C596541EC}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {1C2C4FCF-68F1-498D-BF6F-553FF8107D9E}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {9EF21A00-CC22-4B6D-AC1C-6B667EFFEE04}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {EB3F38F6-F8E7-4446-8DB6-A39052B224C3}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {BBBF59DA-1B0D-4F5A-88D9-E46016784067}.100 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {A42491AC-99CC-43BF-B521-D89769C74B11}.102 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {9B8EC078-A84E-4627-BB04-E0757F5D42EF}.104 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      DeviceStatus: 0x1802400, DeviceProblemNumber: 0x000016
2004-09-02      21:37:45+0100       664      614      WU client add update {96A8ECB6-DFFE-4724-9174-071F13744C37}.100 to search result
2004-09-02      21:37:45+0100       664      614      update {EB6A5D00-8C5F-4423-AC20-A171FF74B779}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      update {A2D48E4F-EB9D-4421-BE44-E7164DCE3467}.101 is pruned out due to potential supersedence
2004-09-02      21:37:45+0100       664      614      WU client add update {7477AF62-8F9B-4F32-9DAF-7AB452E52396}.108 to search result
2004-09-02      21:37:45+0100       664      614      WU client found 6 updates and 10 categories in search
2004-09-02      21:37:45+0100       664      614      WU client finished Searching for update
2004-09-02      21:37:45+0100       664      614      WU client calls back to search call WindowsUpdate with code Call complete and error 0
2004-09-02      21:37:45+0100       664      614      WU client completed and deleted call {6080EF88-A0B3-4F11-B1D7-E9352765254F}
2004-09-02      21:37:46+0100       372      8f8      Update is missing metadata (00000B00), hr=8024001D
2004-09-02      21:37:46+0100       372      8f8      Bad update 76baacdd-634f-487d-ac52-33cd061b49e7 returned by the service.
2004-09-02      21:37:46+0100       372      8f8      Update is missing metadata (00000B00), hr=8024001D
2004-09-02      21:37:46+0100       372      8f8      Bad update b4b9471c-1a5e-4d9c-94ef-84b00592946a returned by the service.
2004-09-02      21:37:46+0100       372      8f8      Update is missing metadata (00000B00), hr=8024001D
2004-09-02      21:37:46+0100       372      8f8      Bad update ac94db3b-e1a8-4e92-9fd0-e86f355e6a44 returned by the service.
2004-09-02      21:37:46+0100       372      8cc      Category is missing metadata (00000B04), hr=8024001D
2004-09-02      21:37:46+0100       372      8cc      Bad category ebfc1fc5-71a4-4f7b-9aca-3b9a503104a0 returned by the service.
2004-09-02      21:37:50+0100       664      614      REPORT EVENT: {E7E35D98-3016-48EB-B9BF-01E3B7B76DAE}      78      2004-09-02 21:37:45+0100      1      147      101      {00000000-0000-0000-0000-000000000000}      0      0      WindowsUpdate      Success      Software Synchronization      Agent has finished detecting items.
2004-09-02      21:42:46+0100       108       c8      Out of proc datastore is shutting down
2004-09-02      21:42:47+0100       108       c8      Out of proc datastore is now inactive
2004-09-02      21:43:13+0100       664      604      ISusInternal API failed CClientCallRecorder::DisconnectCall with error 0x8024000c
2004-09-02      21:43:13+0100       372      8cc      ISusInternal::DisconnectCall failed, hr=8024000C
2004-09-02      21:47:16+0100       664      29c      Service received logoff notification
2004-09-02      21:47:16+0100       664      144      AU received event of 3
2004-09-02      21:47:20+0100       664      29c      Service received SERVICE_CONTROL_SHUTDOWN control
2004-09-02      21:47:20+0100       664      144      Exiting Service Main
2004-09-02      21:47:20+0100       664      144      ISusInternal API CClientCallRecorder::DisconnectCall succeeds
2004-09-02      21:47:20+0100      3040      be4      Trying to make out of proc datastore active
2004-09-02      21:47:21+0100      3040      be4      Out of proc datastore is now active
2004-09-02      21:47:21+0100      3040      be4      Out of proc datastore is shutting down
2004-09-02      21:47:21+0100       664      144      WUAUENG ServiceMain exits. Exit code is 0x240001
2004-09-02      21:47:22+0100      3040      be4      Out of proc datastore is now inactive
2004-09-02      21:48:22+0100       672      4b8      Service Main starts
2004-09-02      21:48:22+0100       672      4b8      Using BatchFlushAge = 7073.
2004-09-02      21:48:22+0100       672      4b8      Using SamplingValue = 989.
2004-09-02      21:48:22+0100       672      4b8      Successfully loaded event namespace dictionary.
2004-09-02      21:48:22+0100       672      4b8      Successfully loaded client event namespace descriptor.
2004-09-02      21:48:22+0100       672      4b8      Successfully initialized local event logger. Events will be logged at E:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2004-09-02      21:48:22+0100       672      4b8      Successfully initialized NT event logger.
2004-09-02      21:48:22+0100       672      4b8      Successfully initialized event uploader 0.
2004-09-02      21:48:22+0100       672      4b8      Reopened existing event cache file at E:\WINDOWS\SoftwareDistribution\EventCache\{67C5AF34-E5A6-47BF-8689-F14E0BB526B2}.bin for writing.
2004-09-02      21:48:22+0100       672      4b8      Successfully initialized event uploader 1.
2004-09-02      21:48:22+0100       672      4b8      WU client with version 5.4.3790.2182 successfully initialized
2004-09-02      21:48:22+0100       672      4b8      Service status is now SERVICE_RUNNING
2004-09-02      21:48:32+0100       672      2a4      Service received logon notification
2004-09-02      21:48:32+0100       672      2a4      Service received connect notification
2004-09-02      21:49:07+0100       672      4b8      start delayed initialization of WU client
2004-09-02      21:49:07+0100      1400      57c      Trying to make out of proc datastore active
2004-09-02      21:49:08+0100      1400      57c      Out of proc datastore is now active
2004-09-02      21:49:08+0100       672      4b8      WU client successfully loaded ongoing download call {8984890A-3A86-49D0-99E1-EFA480A9A57D} from datastore
2004-09-02      21:49:08+0100       672      4b8      WU client succeeded to load 1 persisted Download Calls
2004-09-02      21:49:08+0100       672      4b8      Client Call Recorder finished delayed initialization
2004-09-02      21:49:08+0100       672      4b8      Setting AU scheduled install time to 2004-09-03 20:00:00
2004-09-02      21:49:08+0100       672      4b8      AU finished delayed initialization
2004-09-02      21:49:08+0100       672      2c0      WU client calls back to download call {8984890A-3A86-49D0-99E1-EFA480A9A57D} with code Call progress and error 0
2004-09-02      21:49:22+0100       672      4b8      AU received event of 1
2004-09-02      21:49:22+0100       672      4b8      No pending client directive, bailing out

I'm signing off for tonight but will check in the morning

Hi
I have got the problem sorted, I had to format and do a fresh install, from the chain of events after reinstalling I now know it was a virus related issue which came from connecting to the microsoft update site

Bottom line, you're happy; yay!  ":0) Asta