Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wuauclt.exe and svchost.exe errors NEED URGENT ASSISTANCE!

Started by Blueheart , Nov 18 2009 04:24 PM

  • Please log in to reply

#1
Blueheart
Posted 18 November 2009 - 04:24 PM

Blueheart

    Member

  • Member
  • PipPip
  • 54 posts
Hello:

I am getting errors while running some programs in my computer, with Windows XP Professional Service Pack 3.

I think it started when the automated update to Adobe Acrobat 9 Pro was downloaded.

The errors read something like this:

• Wuauclt.exe – Application Error

The instruction at “0x10031027” referenced memory at “0x00df621c”. The memory could not be “written”

Click on OK to terminate the program

• svchost.exe – Application Error

The instruction at “0x10031027” referenced memory at “0x00df621c”. The memory could not be “read”

Click on OK to terminate the program

(I have to click OK many times (50 or more ), before I can return to the regular screen of the application I am running, before the error occurs.)

By reading some of Microsoft forums, I thought that this may be the result of a malware. I run “Malwarebytes' Anti-Malware” with negative results. I deleted the files “wuauclt.exe” and “wuauclt1.exe”, which were not in the C:\WINDOWS\system32 and tried reinstalling Service Pack 3, but I keep getting the errors.

After getting these errors, I have problems with Explorer, MS Word, Adobe Acrobat and other programs. I re-start the computer and can work on it for a while, before I get the errors again.

Any help that you can provide will be greatly appreciated.

Thank you
  • 0

Advertisements

#2
othersteve
Posted 18 November 2009 - 06:26 PM

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Hey Blueheart,

Unfortunately, it seems we are not allowed to diagnose possible infections on these forums either--both disinfection and diagnosis is confined to the Virus, Spyware, and Trojan forum. Please follow the instructions posted there and request for your situation to be evaluated.

Sorry I cannot assist you further at this point, but checking for malware should be your next step I believe.

Thanks,

~os

Edited by othersteve, 18 November 2009 - 06:37 PM.

  • 0

#3
Blueheart
Posted 19 November 2009 - 08:46 AM

Blueheart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Dear OS:

Thank you for your response and input. I believe that the problem is with some corrupted files, compounded with my efforts to correct the problem, by running programs afterward (i.e. I installed and run the new Microsoft Windows Installer 4.5 release which "fixes numerous bugs, so it may be worthwhile downloading if you are experiencing installation problems."

I believe that you may not have paid attention to the part of my note indicating that there are no malware problems in my computer. To confirm this, I went to the Malware and Spyware Cleaning Guide page and run all the utilities in there, with NEGATIVE results. I have the report files to prove it!!!

I hope that this gives you, and any other kind soul, a better start point in trying to assist me.

Thank you
  • 0

#4
othersteve
Posted 19 November 2009 - 09:09 AM

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Hey Blueheart,

Perhaps before attempting any disinfection we ought to test your memory and hard drive for errors since this could, in fact, be related to hardware-oriented access issues.

1. I would suggest next that you try a memtest86+ on the PC. Please download and burn the CD as detailed here and let it run for at least two passes.
2. If no errors are discovered during this scan, please then boot to the Windows XP Recovery Console (this step requires your Windows XP CD).
3. Once you reach the command prompt here, please type chkdsk /r and allow the scan to run to completion.

If both of these come back negative, I know it seems unlikely, but I feel we need to rule out the possibility of some sort of rootkit before we proceed further. It's probably not the case, but in situations like this, it's truly better safe than sorry. I don't believe I am allowed to help diagnose possible malware-related issues if that is the case, so if it comes to that, I will redirect you to the proper forum. But for now, please try these three steps and report back with your results.

Thank you and I look forward to your response,

~os

Edited by othersteve, 19 November 2009 - 09:10 AM.

  • 0

#5
Blueheart
Posted 19 November 2009 - 02:11 PM

Blueheart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OS:

I tried all you suggested and as you suspected, the results were negative. The recovery stage went through about 18 cycles before it finished.

I am almost 100% sure that this problem is not a malware or virus issue. I believe it is a corrupted system file that I need to rewrite or fix.

As mentioned before, I tried reinstalling Service Pack 3 but it did not help. Trying to uninstall it will not work, since it aborts with a message that it could not find certain process. That is the reason I posted this “help” request in this forum.

By the way, I do not know if it helps or not. After running all the tests you asked, I started the computer and went to the MSN website, I tried watching some of the most frequent videos they have. The video screen did not work and after a while, I received the wuauclt.exe error message.

Thank you again for your assistance.
  • 0

#6
othersteve
Posted 19 November 2009 - 02:21 PM

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Hey Blueheart,

I've still got some other ideas up my sleeve.

1. Click on Start > Run.
2. In the open field type regsvr32 wuapi.dll and press ENTER.
3. Click OK to the resulting message.
4. Do the same for each of the following:

regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 atl.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll

5. Click Start > Run > type cmd and press ENTER.
6. Type net stop wuauserv
7. Click Start > Run > type %windir% and press ENTER.
8. Right-click the SoftwareDistribution folder, choose Rename, and rename it to SDOld
9. Click Start > Run > type cmd and press ENTER.
10. Type net start wuauserv

Then, let's try this:

1. Turn off Automatic Updates.
2. Reboot.
3. Perform a manual Windows Update via Internet Explorer.
4. Turn Automatic Updates back on.


Let's see where this takes us...

~os

Edited by othersteve, 19 November 2009 - 02:24 PM.

  • 0

#7
123Runner
Posted 19 November 2009 - 02:32 PM

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,527 posts
With all due respect Blueheart, you are coming here for advise. Let us be the judge as to whether you have a virus or not.

Read HERE. Pay attention to the NOTE
You can also read HERE. Pay attention to where it states the file should be located.

If this is a virus and it looks to be, everything we do here will be counterproductive.

I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the reguested logs in THAT forum. If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here
  • 0

#8
Blueheart
Posted 19 November 2009 - 10:57 PM

Blueheart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Dear 123Runner:

With the same due respect to you…I get your point. I understand that it must be very difficult to diagnose system problems this way. Depending on our frustration, we may describe our problems in different ways.

I agree with you that most of the problems like mine may be malware related. To follow good ethic rules, I have followed your direction and ran the tests on the Malware and Spyware Cleaning Guide page, created a new topic, attached the reports requested and included a copy of the link to this thread. I will report if necessary on the results I receive from the malware expert.

In the meantime I want to let you know some of the things I have done before and during these communications.

Similar information as the one you provided is located (Here).

Tried removing wuauclt.exe following this "link". Found out that I did not have that register.

Installed the new Microsoft Windows Installer, because of "this" answer.

Thank you for your patience.


Dear OS:

While reading some of the information I received from 123Runner and other sources listed above, I noticed that my system32 directory had a “wuauclt.exe” (53,472 bytes) and a “wuauclt1.exe” (165,888 bytes) files. The size of the second file is more in line to the ones listed on the information mentioned above.

I renamed the files so I could have “wuauclt1.exe” be the “wuauclt.exe”. I rebooted the system and now I do not have the errors I was having before. I was even able to repair my Adobe Acrobat 9 Pro which was giving me the problems reported.

NOW I have different problems…so I still need your HELP!!!

When I started the system again, I showed me a screen which I replaced sometime last year.

My system is very slow and when I shut it down, it does not do it some times or waits for long time before doing it. Starting up is also slow.

I ran all the commands you described above and when I got to the “net stop wuauserv” it gave me a message that this command was not accepted on this server. It will also not let me rename the “SoftwareDistribution” folder.

I also ran the programs in the Malware and Spyware Cleaning Guide page and those are the results I posted in their forum.

I also thank you for your patience.


  • 0

#9
othersteve
Posted 19 November 2009 - 11:09 PM

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Hey Blueheart,

I am in agreement with 123Runner that disinfection must be ensured first for the sake of your system's safety. If you turn out to be infected, and we were to go repairing the file system now without first dealing with the infection, it could cause irreparable damage to the operating system thanks to the file system hooks possibly in place via a rootkit. Better safe than sorry; you should have a definitive answer soon enough. :)

Please kindly await further instruction in that forum from the experts there and then we can pick things back up where we left off here. :) I know it's hard, but try to resist the temptation to troubleshoot this yourself until we're disinfected. Today's rootkits are far nastier than any simple scanner can combat. Some do not register on any conventional scanner and thus must be manually investigated via experts, hence the process in place here.

Thanks for your patience and I look forward to helping you soon,

~os


Edit: To ensure my post complies with this forum's guidelines of not providing malware-specific advice.

Edited by othersteve, 19 November 2009 - 11:32 PM.

  • 0

#10
123Runner
Posted 20 November 2009 - 06:09 AM

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,527 posts
You need to let the malware forum determine that you are clean. There are a lot of virus's that hide from conventional tools.
I looked at 1 of the reports and found some issues.

You have Limewire and utorrent installed which is prone to bringing in infections.
You have liveupdate for symantecs AND you also show some keys for Sohos, Trend, and Panda antivirus software. (Some of these could be uninstalled. I do not have the reports to show that)
If you run more than 1 antivirus, you will get false positives and they could fail to pick up an actual infection.

You also show registry keys for Panda firewall, symantec firewall, Tiny firewall, Trend firewall, and Zonelabs firewall.

There are numerous "files not found" and Java is outdated.

Do Not Do Anything with these. It will make it much harder for a malware tech to resolve the problems.
The malware tech will spot this stuff and will determine exactly what is going on. They are trained in this.

They have the tools to dig deep to find all malware.

It has already been said. PLEASE BE PATIENT
  • 0

Advertisements

#11
Blueheart
Posted 07 December 2009 - 10:10 AM

Blueheart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hello othersteve:

I am back after having gone through all the steps necessary, to make sure my computer did not have any software infection, at the Virus, Spyware and Trojan Removal forum. Azarl, the consultant at that forum, was very thorough and helpful in getting me through all this process.

I continue to have the problems I reported earlier. Now and after some changes I did, while waiting for assistance at the Virus, Spyware and Trojan Removal forum, I do no have the wuauclt.exe errors showing on my screen. My system freezes on some pages, especially if I have tabs opened and while executing some programs. I researched these errors and they are still related to the wuauclt.exe file.

I copied some of these problems, form the WindowsUpdate file in my C:\WINDOWS folder, on my post of Dec 1 2009, 07:12 AM, on the Virus, Spyware and Trojan Removal forum (Link). I am sure that I have many more of these errors by now, which I can provide to you to help you in diagnosing my problem.

I wait for your reply.

Thank you

NOTE: 123Runner; if you are reading this post, I hope your head is not hurting too much, from hitting that keyboard, after reading all of my problems and from other people’s, which I have seen you assisted in other forums.
  • 0

#12
123Runner
Posted 07 December 2009 - 02:02 PM

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,527 posts
The looking I have done shows that error is somewhat of a pain to get rid of.

I re-looked at the post and not knowing if I may have missed something we may do the some steps again.

Go to
Start and then to Run
Type in Chkdsk /r/f Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y
If the window doesn't shutdown on its own then reboot the system manually. On reboot the system will start the chkdsk operation

Note... there are 5 stages...
It may appear to hang at a certain percent for a hour or more or even back up and go over the same area...this is normal...
DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS
This can take several hours to complete.
When completed it will boot the system back into windows.

Let me know if this fixes the problem


After that (if needed) we will run SFC (system file checker)

Do you have a valid XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
  • Click on Start and select Run... type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.
  • 0

#13
Blueheart
Posted 11 December 2009 - 09:26 AM

Blueheart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hello 123Runner:

I wanted to give you an update of what I have done so far.

I followed your suggestion to execute “Chkdsk /r/f” and then I used my computer for one day noticing that I still had some problems, specially in working with several websites and tabs. The system also was slow in responding to commands.

On the following day I executed the next suggestion “sfc /scannow”. When I accessed the “Event Viewer (by clicking on the + symbol next to it) and then click on System”, it gave me a message that the “list was corrupted” and erased everything on it. I wanted to send you the messages listed on it.

I still have the same problems with webpages, in addition I am not able to view videos at some site like the one on this LINK (National Geographic related).

I am also attaching copies of the screens showing the Warnings and Errors in the System and Application from the ‘Event Viewer”, since I cannot print this log because of the error described before.

I am also attaching part of the log (today’s) form the “WindowsUpdate” in case it may help you in finding out what else an be done to get my system back to normal (?)

Thank you again for your assistance

LOG

2009-12-11 07:56:12:921 2980 5e4 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 07:56:12:984 2980 5e4 Misc = Process: C:\WINDOWS\system32\svchost.exe
2009-12-11 07:56:12:984 2980 5e4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2009-12-11 07:56:12:921 2980 5e4 Service *************
2009-12-11 07:56:12:984 2980 5e4 Service ** START ** Service: Service startup
2009-12-11 07:56:12:984 2980 5e4 Service *********
2009-12-11 07:56:14:750 2980 5e4 Agent * WU client version 7.4.7600.226
2009-12-11 07:56:14:796 2980 5e4 Agent * Base directory: C:\WINDOWS\SoftwareDistribution
2009-12-11 07:56:14:828 2980 5e4 Agent * Access type: No proxy
2009-12-11 07:56:17:171 2980 5e4 Agent * Network state: Connected
2009-12-11 07:57:26:046 2980 5e4 Agent *********** Agent: Initializing Windows Update Agent ***********
2009-12-11 07:57:26:046 2980 5e4 Agent *********** Agent: Initializing global settings cache ***********
2009-12-11 07:57:26:078 2980 5e4 Agent * WSUS server: <NULL>
2009-12-11 07:57:26:078 2980 5e4 Agent * WSUS status server: <NULL>
2009-12-11 07:57:26:078 2980 5e4 Agent * Target group: (Unassigned Computers)
2009-12-11 07:57:26:078 2980 5e4 Agent * Windows Update access disabled: No
2009-12-11 07:57:26:187 2980 5e4 DnldMgr Download manager restoring 0 downloads
2009-12-11 07:57:26:296 2980 5e4 AU ########### AU: Initializing Automatic Updates ###########
2009-12-11 07:57:26:296 2980 5e4 AU AU setting next detection timeout to 2009-12-11 12:57:26
2009-12-11 07:57:26:359 2980 5e4 AU AU setting next sqm report timeout to 2009-12-11 12:57:26
2009-12-11 07:57:26:359 2980 5e4 AU # Approval type: Scheduled (User preference)
2009-12-11 07:57:26:359 2980 5e4 AU # Scheduled install day/time: Every day at 9:00
2009-12-11 07:57:26:359 2980 5e4 AU # Auto-install minor updates: Yes (User preference)
2009-12-11 07:57:26:890 2980 5e4 AU Setting AU scheduled install time to 2009-12-11 14:00:00
2009-12-11 07:57:26:906 2980 5e4 AU Initializing featured updates
2009-12-11 07:57:26:906 2980 5e4 AU Found 0 cached featured updates
2009-12-11 07:57:29:562 2980 5e4 Report *********** Report: Initializing static reporting data ***********
2009-12-11 07:57:29:562 2980 5e4 Report * OS Version = 5.1.2600.3.0.65792
2009-12-11 07:57:30:484 2980 5e4 Report * Computer Brand = INTEL_
2009-12-11 07:57:30:484 2980 5e4 Report * Computer Model = Intel
2009-12-11 07:57:30:546 2980 5e4 Report * Bios Revision = BZ87510A.86A.0125.P34.0503312215
2009-12-11 07:57:30:546 2980 5e4 Report * Bios Name = BIOS Date: 03/31/05 22:15:04 Ver: 08.00.09
2009-12-11 07:57:30:546 2980 5e4 Report * Bios Release Date = 2005-03-31T00:00:00
2009-12-11 07:57:30:546 2980 5e4 Report * Locale ID = 1033
2009-12-11 07:57:32:703 2980 5e4 AU AU finished delayed initialization
2009-12-11 07:57:32:703 2980 5e4 AU #############
2009-12-11 07:57:32:703 2980 5e4 AU ## START ## AU: Search for updates
2009-12-11 07:57:32:703 2980 5e4 AU #########
2009-12-11 07:57:32:703 2980 5e4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {DFF5DADF-60B7-4644-BEEF-36F8A639546C}]
2009-12-11 07:57:39:562 2980 644 Report REPORT EVENT: {7C8F3BD1-54D5-4457-9565-BB8A3D02CAC7} 2009-12-11 07:57:26:906-0500 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.
2009-12-11 07:57:39:562 2980 644 Agent *************
2009-12-11 07:57:39:562 2980 644 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 07:57:39:562 2980 644 Agent *********
2009-12-11 07:57:39:562 2980 644 Agent * Online = No; Ignore download priority = No
2009-12-11 07:57:39:562 2980 644 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-12-11 07:57:39:562 2980 644 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 07:57:39:562 2980 644 Agent * Search Scope = {Machine}
2009-12-11 07:59:46:359 5292 12c0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 07:59:46:359 5292 12c0 Misc = Process: C:\Program Files\Windows Media Player\setup_wm.exe
2009-12-11 07:59:46:359 5292 12c0 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2009-12-11 07:59:46:359 5292 12c0 COMAPI -------------
2009-12-11 07:59:46:359 5292 12c0 COMAPI -- START -- COMAPI: Search [ClientId = <NULL>]
2009-12-11 07:59:46:375 5292 12c0 COMAPI ---------
2009-12-11 07:59:46:562 5292 12c0 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = <NULL>]
2009-12-11 08:00:05:406 2980 644 Agent * Added update {6ACD6BCB-A59F-4926-A76E-D07E0C1ECA73}.100 to search result
2009-12-11 08:00:05:406 2980 644 Agent * Found 1 updates and 57 categories in search; evaluated appl. rules of 948 out of 2338 deployed entities
2009-12-11 08:00:05:453 2980 644 Agent *********
2009-12-11 08:00:05:453 2980 644 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 08:00:05:453 2980 644 Agent *************
2009-12-11 08:00:05:484 2980 644 Agent *************
2009-12-11 08:00:05:500 2980 cf8 AU >>## RESUMED ## AU: Search for updates [CallId = {DFF5DADF-60B7-4644-BEEF-36F8A639546C}]
2009-12-11 08:00:05:500 2980 644 Agent ** START ** Agent: Finding updates [CallerId = ]
2009-12-11 08:00:05:500 2980 644 Agent *********
2009-12-11 08:00:05:500 2980 cf8 AU # 1 updates detected
2009-12-11 08:00:05:500 2980 644 Agent * Online = Yes; Ignore download priority = No
2009-12-11 08:00:05:500 2980 644 Agent * Criteria = "DeploymentAction='Installation' AND IsInstalled=0 AND CategoryIDs contains 'e88a19fb-a847-4e3d-9ae2-13c2b84f58a6'"
2009-12-11 08:00:05:500 2980 644 Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2009-12-11 08:00:05:500 2980 644 Agent * Search Scope = {Machine}
2009-12-11 08:00:05:515 2980 cf8 AU #########
2009-12-11 08:00:05:515 2980 cf8 AU ## END ## AU: Search for updates [CallId = {DFF5DADF-60B7-4644-BEEF-36F8A639546C}]
2009-12-11 08:00:05:531 2980 cf8 AU #############
2009-12-11 08:00:05:531 2980 cf8 AU Featured notifications is disabled.
2009-12-11 08:00:05:531 2980 cf8 AU Setting AU scheduled install time to 2009-12-11 14:00:00
2009-12-11 08:00:05:531 2980 5e4 AU #############
2009-12-11 08:00:05:531 2980 5e4 AU ## START ## AU: Search for updates
2009-12-11 08:00:05:531 2980 5e4 AU #########
2009-12-11 08:00:05:546 2980 5e4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {DCC6DD5E-7D88-4CEA-B93B-B558CD299B81}]
2009-12-11 08:00:05:640 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:06:734 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:07:125 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:07:156 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:07:359 2980 644 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.wind...edir/muauth.cab
2009-12-11 08:00:07:375 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:00:07:406 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:07:453 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:00:07:484 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:08:328 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:08:390 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:08:437 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:08:500 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:08:562 2980 644 PT +++++++++++ PT: Starting category scan +++++++++++
2009-12-11 08:00:08:562 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:00:09:468 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:09:531 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:09:593 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:09:671 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:09:765 2980 644 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-12-11 08:00:09:781 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:00:10:000 2980 644 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 43 out of 48 deployed entities
2009-12-11 08:00:10:015 2980 644 Agent *********
2009-12-11 08:00:10:015 2980 644 Agent ** END ** Agent: Finding updates [CallerId = ]
2009-12-11 08:00:10:015 2980 644 Agent *************
2009-12-11 08:00:10:015 2980 644 Agent *************
2009-12-11 08:00:10:015 2980 644 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 08:00:10:015 2980 644 Agent *********
2009-12-11 08:00:10:015 2980 644 Agent * Online = Yes; Ignore download priority = No
2009-12-11 08:00:10:015 2980 644 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-12-11 08:00:10:015 2980 644 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:00:10:015 2980 644 Agent * Search Scope = {Machine}
2009-12-11 08:00:10:031 5292 1670 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = <NULL>]
2009-12-11 08:00:10:031 5292 1670 COMAPI - Updates found = 0
2009-12-11 08:00:10:031 5292 1670 COMAPI ---------
2009-12-11 08:00:10:031 5292 1670 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2009-12-11 08:00:10:031 5292 1670 COMAPI -------------
2009-12-11 08:00:10:109 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:10:156 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:24:765 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:24:796 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:24:906 2980 644 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.wind...edir/muauth.cab
2009-12-11 08:00:24:906 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:00:24:937 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:24:984 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:00:25:015 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:25:046 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:25:093 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:25:140 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:00:25:171 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:25:234 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-12-11 08:00:25:296 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:27:734 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-12-11 08:00:27:765 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:27:968 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2009-12-11 08:00:28:000 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:28:031 2980 644 Setup *********** Setup: Checking whether self-update is required ***********
2009-12-11 08:00:28:031 2980 644 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2009-12-11 08:00:28:140 2980 644 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:140 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:203 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:203 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:218 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:281 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:281 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:328 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:375 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:531 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:640 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:640 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:890 2980 644 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:28:890 2980 644 Setup * IsUpdateRequired = No
2009-12-11 08:00:28:890 2980 644 Setup Found non-managed non-WU Service registered with AU
2009-12-11 08:00:28:921 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:28:953 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:29:000 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:29:031 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:29:093 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.cab:
2009-12-11 08:00:29:156 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:29:203 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.cab:
2009-12-11 08:00:29:250 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:29:375 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab:
2009-12-11 08:00:29:421 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:29:437 2980 644 Setup *********** Setup: Checking whether self-update is required ***********
2009-12-11 08:00:29:437 2980 644 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.inf
2009-12-11 08:00:29:625 2980 644 Setup Update NOT required for C:\WINDOWS\system32\mucltui.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:29:687 2980 644 Setup Update NOT required for C:\WINDOWS\system32\mucltui.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:30:078 2980 644 Setup Update NOT required for C:\WINDOWS\system32\muweb.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-12-11 08:00:30:125 2980 644 Setup * IsUpdateRequired = No
2009-12-11 08:00:39:875 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:39:984 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:40:171 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:00:40:265 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:00:40:421 2980 644 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-12-11 08:00:40:515 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:03:02:578 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:03:02:640 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:03:17:187 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:03:17:265 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:03:17:343 2980 644 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2009-12-11 08:03:17:343 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:03:18:406 3680 e9c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 08:03:18:406 3680 e9c Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-12-11 08:03:18:406 3680 e9c Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2009-12-11 08:03:18:406 3680 e9c DtaStor WARNING: Attempted to add URL http://www.download....3d12489cc02.cab for file cQeDVufMBrgs//srkvWj0SSJzAI= when file has not been previously added to the datastore
2009-12-11 08:03:18:421 3680 e9c DtaStor WARNING: Attempted to add URL http://download.wind...97135f89f0a.cab for file 79G26I3KBAZCCoXyTrlJcTX4nwo= when file has not been previously added to the datastore
2009-12-11 08:03:18:437 3680 e9c DtaStor WARNING: Attempted to add URL http://download.wind...eb3da0cf14a.cab for file WyxvJRGcjnYr4fBJpDAes9oM8Uo= when file has not been previously added to the datastore
2009-12-11 08:03:18:437 3680 e9c DtaStor WARNING: Attempted to add URL http://download.wind...a5b939d1195.cab for file mp7NndtxuSD18s+XNQ2qW5OdEZU= when file has not been previously added to the datastore
2009-12-11 08:03:18:437 3680 e9c DtaStor WARNING: Attempted to add URL http://download.wind...597dd84d219.cab for file ks7krnUWxf3L3tg6nRVFl92E0hk= when file has not been previously added to the datastore
2009-12-11 08:03:18:437 3680 e9c DtaStor WARNING: Attempted to add URL http://www.download....09004da66d9.cab for file dcw09YPjY3fo+MYELm2gkATaZtk= when file has not been previously added to the datastore
2009-12-11 08:03:26:265 2980 644 Agent * Added update {6ACD6BCB-A59F-4926-A76E-D07E0C1ECA73}.100 to search result
2009-12-11 08:03:26:265 2980 644 Agent * Found 1 updates and 57 categories in search; evaluated appl. rules of 1392 out of 2338 deployed entities
2009-12-11 08:03:26:296 2980 644 Agent *********
2009-12-11 08:03:26:312 2980 644 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 08:03:26:312 2980 644 Agent *************
2009-12-11 08:03:26:343 2980 cf8 AU >>## RESUMED ## AU: Search for updates [CallId = {DCC6DD5E-7D88-4CEA-B93B-B558CD299B81}]
2009-12-11 08:03:26:359 2980 cf8 AU # 1 updates detected
2009-12-11 08:03:26:359 2980 cf8 AU #########
2009-12-11 08:03:26:359 2980 cf8 AU ## END ## AU: Search for updates [CallId = {DCC6DD5E-7D88-4CEA-B93B-B558CD299B81}]
2009-12-11 08:03:26:359 2980 cf8 AU #############
2009-12-11 08:03:26:359 2980 cf8 AU Featured notifications is disabled.
2009-12-11 08:03:26:359 2980 cf8 AU AU setting next detection timeout to 2009-12-12 06:55:08
2009-12-11 08:03:26:359 2980 cf8 AU Setting AU scheduled install time to 2009-12-11 14:00:00
2009-12-11 08:03:26:359 2980 644 Report REPORT EVENT: {585CC5FA-011D-4268-89E6-76D23DF89373} 2009-12-11 08:00:10:015-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Success Software Synchronization Windows Update Client successfully detected 0 updates.
2009-12-11 08:03:31:296 2980 644 Report REPORT EVENT: {22ED8DCC-3513-4B95-B592-B9C5D9F4F915} 2009-12-11 08:03:26:296-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates.
2009-12-11 08:10:19:078 2208 8b0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 08:10:19:078 2208 8b0 Misc = Process: C:\Program Files\Microsoft Security Essentials\msseces.exe
2009-12-11 08:10:19:078 2208 8b0 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2009-12-11 08:10:19:078 2208 8b0 COMAPI -------------
2009-12-11 08:10:19:078 2208 8b0 COMAPI -- START -- COMAPI: Search [ClientId = Microsoft Security Essentials]
2009-12-11 08:10:19:078 2208 8b0 COMAPI ---------
2009-12-11 08:10:19:140 2980 644 Agent *************
2009-12-11 08:10:19:140 2980 644 Agent ** START ** Agent: Finding updates [CallerId = Microsoft Security Essentials]
2009-12-11 08:10:19:140 2980 644 Agent *********
2009-12-11 08:10:19:140 2208 8b0 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Security Essentials]
2009-12-11 08:10:19:140 2980 644 Agent * Online = Yes; Ignore download priority = No
2009-12-11 08:10:19:140 2980 644 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains '28BC880E-0592-4CBF-8F95-C79B17911D5F') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains 'B54E7D24-7ADD-428F-8B75-90A396FA584F') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains 'CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains'6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains '68C5B0A3-D1A6-4553-AE49-01D3A7827828')"
2009-12-11 08:10:19:140 2980 644 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:10:19:140 2980 644 Agent * Search Scope = {Machine}
2009-12-11 08:10:21:250 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:10:21:281 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:21:390 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:10:21:421 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:21:468 2980 644 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.wind...edir/muauth.cab
2009-12-11 08:10:21:468 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:10:21:500 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:21:546 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:10:21:562 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:22:421 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:10:22:453 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:22:484 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:10:22:515 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:22:531 2980 644 PT +++++++++++ PT: Starting category scan +++++++++++
2009-12-11 08:10:22:531 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:10:27:156 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:10:27:187 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:27:296 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:10:27:328 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:10:27:343 2980 644 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-12-11 08:10:27:343 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:10:27:421 2980 644 PT WARNING: SyncUpdates failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2009-12-11 08:10:27:421 2980 644 PT WARNING: SOAP Fault: 0x00012c
2009-12-11 08:10:27:421 2980 644 PT WARNING: faultstring:Fault occurred
2009-12-11 08:10:27:421 2980 644 PT WARNING: ErrorCode:ConfigChanged(2)
2009-12-11 08:10:27:421 2980 644 PT WARNING: Message:(null)
2009-12-11 08:10:27:421 2980 644 PT WARNING: Method:"http://www.microsoft...ce/SyncUpdates"
2009-12-11 08:10:27:421 2980 644 PT WARNING: ID:17c226f5-2149-4e1b-88cc-c105346be0ce
2009-12-11 08:10:28:984 2980 644 Agent * Found 0 updates and 5 categories in search; evaluated appl. rules of 67 out of 80 deployed entities
2009-12-11 08:10:29:078 2980 644 Agent *********
2009-12-11 08:10:29:093 2980 644 Agent ** END ** Agent: Finding updates [CallerId = Microsoft Security Essentials]
2009-12-11 08:10:29:093 2980 644 Agent *************
2009-12-11 08:10:29:093 2208 d08 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Microsoft Security Essentials]
2009-12-11 08:10:29:109 2208 d08 COMAPI - Updates found = 0
2009-12-11 08:10:29:109 2208 d08 COMAPI ---------
2009-12-11 08:10:29:109 2208 d08 COMAPI -- END -- COMAPI: Search [ClientId = Microsoft Security Essentials]
2009-12-11 08:10:29:109 2208 d08 COMAPI -------------
2009-12-11 08:10:34:078 2980 644 Report REPORT EVENT: {FD16F8F0-3C39-401F-8010-5AED856D15E1} 2009-12-11 08:10:29:078-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Security Essentials Success Software Synchronization Windows Update Client successfully detected 0 updates.
2009-12-11 08:15:48:046 3348 abc Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 08:15:48:046 3348 abc Misc = Process: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
2009-12-11 08:15:48:046 3348 abc Misc = Module: C:\WINDOWS\system32\wuapi.dll
2009-12-11 08:15:48:046 3348 abc COMAPI -------------
2009-12-11 08:15:48:062 3348 abc COMAPI -- START -- COMAPI: Search [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:15:48:062 3348 abc COMAPI ---------
2009-12-11 08:15:48:093 3348 abc COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:15:48:093 2980 644 Agent *************
2009-12-11 08:15:48:093 2980 644 Agent ** START ** Agent: Finding updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:15:48:093 2980 644 Agent *********
2009-12-11 08:15:48:093 2980 644 Agent * Online = Yes; Ignore download priority = No
2009-12-11 08:15:48:093 2980 644 Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2009-12-11 08:15:48:093 2980 644 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:15:48:093 2980 644 Agent * Search Scope = {Machine}
2009-12-11 08:15:48:125 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:15:48:156 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:01:609 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-12-11 08:16:01:640 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:01:687 2980 644 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.wind...edir/muauth.cab
2009-12-11 08:16:01:687 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:16:01:718 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:01:750 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab:
2009-12-11 08:16:01:781 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:02:578 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:16:02:609 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:02:640 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:16:02:671 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:02:687 2980 644 PT +++++++++++ PT: Starting category scan +++++++++++
2009-12-11 08:16:02:687 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:16:07:359 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:16:07:390 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:07:515 2980 644 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-12-11 08:16:07:546 2980 644 Misc Microsoft signed: Yes
2009-12-11 08:16:07:562 2980 644 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-12-11 08:16:07:562 2980 644 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.m...ice/client.asmx
2009-12-11 08:16:08:953 2980 644 Agent Update {E13BA40C-E04D-4B02-9632-D709C2A7C013}.100 is pruned out due to potential supersedence
2009-12-11 08:16:08:953 2980 644 Agent * Added update {6701528E-C9B7-4AE2-B126-545A758C138C}.100 to search result
2009-12-11 08:16:08:968 2980 644 Agent * Found 1 updates and 4 categories in search; evaluated appl. rules of 67 out of 80 deployed entities
2009-12-11 08:16:08:968 2980 644 Agent *********
2009-12-11 08:16:08:968 2980 644 Agent ** END ** Agent: Finding updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:08:968 2980 644 Agent *************
2009-12-11 08:16:08:984 3348 780 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:09:000 3348 780 COMAPI - Updates found = 1
2009-12-11 08:16:09:000 3348 780 COMAPI ---------
2009-12-11 08:16:09:000 3348 780 COMAPI -- END -- COMAPI: Search [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:09:000 3348 780 COMAPI -------------
2009-12-11 08:16:09:078 3348 1584 COMAPI -------------
2009-12-11 08:16:09:078 3348 1584 COMAPI -- START -- COMAPI: Download [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:09:078 3348 1584 COMAPI ---------
2009-12-11 08:16:09:078 3348 1584 COMAPI - Forced: No; Download priority: 3
2009-12-11 08:16:09:078 3348 1584 COMAPI - Updates in request: 1
2009-12-11 08:16:09:078 3348 1584 COMAPI - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:16:09:125 3348 1584 COMAPI <<-- SUBMITTED -- COMAPI: Download [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:09:328 2980 644 DnldMgr *************
2009-12-11 08:16:09:328 2980 644 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:09:328 2980 644 DnldMgr *********
2009-12-11 08:16:09:328 2980 644 DnldMgr * Call ID = {FE84728D-1BB6-4E73-9099-F6B9F63F03D4}
2009-12-11 08:16:09:328 2980 644 DnldMgr * Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2009-12-11 08:16:09:343 2980 644 DnldMgr * Updates to download = 1
2009-12-11 08:16:09:343 2980 644 Agent * Title = Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.71.721.0)
2009-12-11 08:16:09:343 2980 644 Agent * UpdateId = {6701528E-C9B7-4AE2-B126-545A758C138C}.100
2009-12-11 08:16:09:343 2980 644 Agent * Bundles 1 updates:
2009-12-11 08:16:09:343 2980 644 Agent * {86C5288B-B908-4976-9062-D7DA24914453}.100
2009-12-11 08:16:09:359 2980 644 DnldMgr *********** DnldMgr: New download job [UpdateId = {86C5288B-B908-4976-9062-D7DA24914453}.100] ***********
2009-12-11 08:16:09:921 2980 644 DnldMgr * BITS job initialized, JobId = {1CFF3F94-2386-4B5E-B170-4AD8E7F69808}
2009-12-11 08:16:10:093 2980 644 DnldMgr * Downloading from http://download.wind...8c418cc0eae.exe to C:\WINDOWS\SoftwareDistribution\Download\2ca617492cd768c84fa0fd5c87e2982c\bb6757addb6fc445bc9ba2791ebc08c418cc0eae (full file).
2009-12-11 08:16:10:218 2980 644 Agent *********
2009-12-11 08:16:10:218 2980 644 Agent ** END ** Agent: Downloading updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:10:218 2980 644 Agent *************
2009-12-11 08:16:11:750 2980 6bc DnldMgr BITS job {1CFF3F94-2386-4B5E-B170-4AD8E7F69808} completed successfully
2009-12-11 08:16:12:328 2980 6bc Misc Validating signature for C:\WINDOWS\SoftwareDistribution\Download\2ca617492cd768c84fa0fd5c87e2982c\bb6757addb6fc445bc9ba2791ebc08c418cc0eae:
2009-12-11 08:16:12:375 2980 6bc Misc Microsoft signed: Yes
2009-12-11 08:16:12:375 2980 6bc DnldMgr Download job bytes total = 341392, bytes transferred = 341392
2009-12-11 08:16:12:375 2980 6bc DnldMgr *********** DnldMgr: New download job [UpdateId = {86C5288B-B908-4976-9062-D7DA24914453}.100] ***********
2009-12-11 08:16:12:546 2980 6bc DnldMgr * All files for update were already downloaded and are valid.
2009-12-11 08:16:12:562 3348 780 COMAPI >>-- RESUMED -- COMAPI: Download [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:12:562 3348 780 COMAPI - Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2009-12-11 08:16:12:562 3348 780 COMAPI ---------
2009-12-11 08:16:12:562 3348 780 COMAPI -- END -- COMAPI: Download [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:12:562 3348 1624 COMAPI -------------
2009-12-11 08:16:12:562 3348 780 COMAPI -------------
2009-12-11 08:16:12:562 3348 1624 COMAPI -- START -- COMAPI: Install [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:12:562 3348 1624 COMAPI ---------
2009-12-11 08:16:12:562 3348 1624 COMAPI - Allow source prompts: Yes; Forced: No; Force quiet: Yes
2009-12-11 08:16:12:562 3348 1624 COMAPI - Updates in request: 1
2009-12-11 08:16:12:562 3348 1624 COMAPI - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:16:12:578 2980 1010 Agent *************
2009-12-11 08:16:12:578 3348 1624 COMAPI - Updates to install = 1
2009-12-11 08:16:12:593 3348 1624 COMAPI <<-- SUBMITTED -- COMAPI: Install [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:12:593 2980 1010 Agent ** START ** Agent: Installing updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:16:12:593 2980 1010 Agent *********
2009-12-11 08:16:12:593 2980 1010 Agent * Updates to install = 1
2009-12-11 08:16:12:593 2980 1010 Agent * Title = Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.71.721.0)
2009-12-11 08:16:12:593 2980 1010 Agent * UpdateId = {6701528E-C9B7-4AE2-B126-545A758C138C}.100
2009-12-11 08:16:12:593 2980 1010 Agent * Bundles 1 updates:
2009-12-11 08:16:12:609 2980 1010 Agent * {86C5288B-B908-4976-9062-D7DA24914453}.100
2009-12-11 08:16:13:968 2980 644 Report REPORT EVENT: {60917693-5BE5-439C-A422-80935E9C36C6} 2009-12-11 08:16:08:968-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Antimalware (BCF43643 Success Software Synchronization Windows Update Client successfully detected 1 updates.
2009-12-11 08:16:13:968 2980 644 Report REPORT EVENT: {B749CE58-A240-4B2B-B3D2-2A8427C1A925} 2009-12-11 08:16:12:546-0500 1 162 101 {6701528E-C9B7-4AE2-B126-545A758C138C} 100 0 Microsoft Antimalware (BCF43643 Success Content Download Download succeeded.
2009-12-11 08:16:17:859 2980 1010 DnldMgr Preparing update for install, updateId = {86C5288B-B908-4976-9062-D7DA24914453}.100.
2009-12-11 08:16:18:296 5980 81c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-12-11 08:16:18:296 5980 81c Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2009-12-11 08:16:18:296 5980 81c Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2009-12-11 08:16:18:296 5980 81c Handler :::::::::::::
2009-12-11 08:16:18:296 5980 81c Handler :: START :: Handler: Command Line Install
2009-12-11 08:16:18:312 5980 81c Handler :::::::::
2009-12-11 08:16:18:312 5980 81c Handler : Updates to install = 1
2009-12-11 08:17:06:375 5980 81c Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2009-12-11 08:17:06:390 5980 81c Handler :::::::::
2009-12-11 08:17:06:390 5980 81c Handler :: END :: Handler: Command Line Install
2009-12-11 08:17:06:390 5980 81c Handler :::::::::::::
2009-12-11 08:17:06:531 3348 1310 COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:17:06:515 2980 1010 Agent *********
2009-12-11 08:17:06:531 3348 1310 COMAPI - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2009-12-11 08:17:06:531 2980 1010 Agent ** END ** Agent: Installing updates [CallerId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:17:06:531 2980 1010 Agent *************
2009-12-11 08:17:06:531 3348 1310 COMAPI - Reboot required = No
2009-12-11 08:17:06:515 2980 5e4 AU Triggering Offline detection (non-interactive)
2009-12-11 08:17:06:531 3348 1310 COMAPI ---------
2009-12-11 08:17:06:531 3348 1310 COMAPI -- END -- COMAPI: Install [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-12-11 08:17:06:531 2980 5e4 AU #############
2009-12-11 08:17:06:531 3348 1310 COMAPI -------------
2009-12-11 08:17:06:531 2980 5e4 AU ## START ## AU: Search for updates
2009-12-11 08:17:06:531 2980 5e4 AU #########
2009-12-11 08:17:06:562 2980 5e4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {FC91C5D9-9846-43A2-8E6E-D8E077C039EC}]
2009-12-11 08:17:06:562 2980 644 Agent *************
2009-12-11 08:17:06:562 2980 644 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 08:17:06:562 2980 644 Agent *********
2009-12-11 08:17:06:578 2980 644 Agent * Online = No; Ignore download priority = No
2009-12-11 08:17:06:578 2980 644 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-12-11 08:17:06:578 2980 644 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2009-12-11 08:17:06:578 2980 644 Agent * Search Scope = {Machine}
2009-12-11 08:18:38:765 2980 644 Agent * Added update {6ACD6BCB-A59F-4926-A76E-D07E0C1ECA73}.100 to search result
2009-12-11 08:18:38:765 2980 644 Agent * Found 1 updates and 57 categories in search; evaluated appl. rules of 948 out of 2338 deployed entities
2009-12-11 08:18:38:968 2980 644 Agent *********
2009-12-11 08:18:38:968 2980 644 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-12-11 08:18:38:968 2980 644 Agent *************
2009-12-11 08:18:39:000 2980 cf8 AU >>## RESUMED ## AU: Search for updates [CallId = {FC91C5D9-9846-43A2-8E6E-D8E077C039EC}]
2009-12-11 08:18:39:000 2980 644 Report REPORT EVENT: {3F0B1BF8-A745-4D79-8AF7-610674AFEBAC} 2009-12-11 08:17:06:406-0500 1 183 101 {6701528E-C9B7-4AE2-B126-545A758C138C} 100 0 Microsoft Antimalware (BCF43643 Success Content Install Installation Successful: Windows successfully installed the following update: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.71.721.0)
2009-12-11 08:18:39:000 2980 cf8 AU # 1 updates detected
2009-12-11 08:18:39:046 2980 cf8 AU #########
2009-12-11 08:18:39:046 2980 cf8 AU ## END ## AU: Search for updates [CallId = {FC91C5D9-9846-43A2-8E6E-D8E077C039EC}]
2009-12-11 08:18:39:046 2980 cf8 AU #############
2009-12-11 08:18:39:046 2980 cf8 AU Featured notifications is disabled.
2009-12-11 08:18:39:312 2980 cf8 AU Setting AU scheduled install time to 2009-12-11 14:00:00
2009-12-11 09:00:10:000 2980 5e4 AU Forced install timer expired for scheduled install
2009-12-11 09:00:10:000 2980 5e4 AU UpdateDownloadProperties: 0 download(s) are still in progress.
2009-12-11 09:00:10:000 2980 5e4 AU Setting AU scheduled install time to 2009-12-12 14:00:00

Attached Thumbnails

  • System.jpg
  • Application.jpg

  • 0

#14
123Runner
Posted 15 December 2009 - 03:12 PM

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,527 posts
I have asked someone else to take a look at it.
  • 0

#15
rshaffer61
Posted 15 December 2009 - 03:36 PM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Let's try some fresh logs guys because these are pointing at a few things.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Thanks to Broni for the instructions and program


Download WhoCrashed from the link in my signature below
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP