Automatic Update: Access is Denied

(Windows XP Professional SP3)
Apologize in advance for a long message.

My Automatic Update is not running, even though "Automatic (recommended)"
checkbox is selected in System Properties - Automatic Updates tab.

After opening Services (services.msc), Automatic Updates's Description,
Status and Startup Type columns are empty. "Log On As" value is Local System.

When double clicking or right click -> select Properties on Automatic
Updates in Services, I get this message,
"Unable to open service Automatic Updates for reading on Local Computer.
Error 5: Access is denied."

When I go to Windows Update site and try installing updates manually
(http://www.update.microsoft.com/wind...aspx?ln=en-us), I
get "Error number: 0x80070005" during installation after download is complete.

This seems to happen after I got some spywares, which I removed through
scouring registries and cleaning offensive DLLs in system32 directory.

According to many articles indicated, this is a permission problems with
potential errors in registry. I tried a number of suggested fixes with no
successful result,

- Verified BITS is running
- Verified I'm in Administrator group
- Added Trace Flag in Windows registry
- Stopped AdAware daemon. Cannot stop Norton however. But I was able to
run Auto Updates before with Norton running
- Run 2 commands as suggested in this article,
http://www.eggheadcafe.com/software/...ll-record.aspx
a) "sc sdset bits ..." returned SUCCESS
b) "sc sdset wuauserv ..." returned "OpenService FAILED 5: Access is denied"
- Install and run SubInACL tool to repair file and registry permissions
(http://blogs.msdn.com/astebner/archi...04/739820.aspx)
* finish successfully, but same Access error afterwards
- Munually re-install Automatic Update client
(http://msmvps.com/blogs/athif/pages/49608.aspx)
* Browse C:\windows\ServicePackFiles\i386 where wuapi.dll is located.
Restart the system. Same Access is Denied error
- Any attempt to "net stop/start wuauserv" returns Access is Denied

Random clues:

%windir%\inf\wuau.adm
======================
I notice in this file it uses,
KEYNAME "Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
which is a path I don't have under HKLM, does this indicate a problem?

%windir%\setupapi.log
=====================
#-290 Processing REGISTERDLLS section [AU_dlls]. Binary: "%11%\wuaueng.dll",
flags: 0x0001, timeout: 60s.
#E127 Calling "DllRegisterServer" in OLE Control
"C:\WINDOWS\system32\wuaueng.dll" failed. Error 0x80070005: Access is denied.
#E291 Failed to register OLE server "C:\WINDOWS\system32\wuaueng.dll". Error
0x80070005: Access is denied.

%windir%\WindowsUpdate.log
==========================
- I added a Trace flag in registry for WindowsUpdate
(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace, Flags=7,
Level=4). Below is the log it generates during reboot.
------------------ 8< -----------------------
2009-02-06 11:52:47-0800 4708 16f4 OpenService failed with error 0x80070005
2009-02-06 11:52:47-0800 4708 16f4 WU client fail to create WU service with
error 0x80070005
2009-02-06 11:53:20-0800 4080 248 OpenNamedService failed (0x80070005) for
service "wuauserv", permissions = 0x00000004
2009-02-06 11:53:20-0800 4080 248 AU service is not running.
2009-02-06 11:53:20-0800 4080 248 WUCheckForUpdatesAtShutdown failed,
hr=8024000C
2009-02-06 11:54:03-0800 1104 af8 AU service is not running.
2009-02-06 11:54:03-0800 1104 af8 WUAutoUpdateAtShutdown failed, hr=8024000C
2009-02-06 11:55:30-0800 1544 a24 Service Main starts
2009-02-06 11:55:30-0800 1544 a24 updated service status to 2
2009-02-06 11:55:30-0800 1544 a24 Processing any required registration
2009-02-06 11:55:30-0800 1544 a24 CSusProxyManager successfully initialized.
2009-02-06 11:55:30-0800 1544 a24 CIpAddressMonitor::CreateListenSocket
returning with hr = 0
2009-02-06 11:55:30-0800 1544 a24 Logging events locally at
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2009-02-06 11:55:30-0800 1544 a24 Using event cache directory at
C:\WINDOWS\SoftwareDistribution\EventCache.
2009-02-06 11:55:30-0800 1544 a24 Using BatchFlushAge = 5240.
2009-02-06 11:55:30-0800 1544 a24 Using SamplingValue = 162.
2009-02-06 11:55:30-0800 1544 a24 Write buffer is empty. Not scheduling a
flush.
2009-02-06 11:55:30-0800 1544 a24 Successfully loaded event namespace
dictionary.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 1: Default Event.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 2: Retail Log event.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 3: Debug Log event.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 147: Agent has finished
detecting items.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 148: Error: Agent failed
detecting with reason: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 149: Unable to Connect:
Windows is unable to connect to the automatic updates service and therefore
cannot download and install updates according to the set schedule. Windows
will continue to try to establish a connection.
2009-02-06 11:55:31-0800 1544 a24 Performance warning: CTraceCategory::Trace
had to allocate memory
2009-02-06 11:55:31-0800 1544 a24 Loaded event 150: Update is installed.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 151: Update is installable.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 152: Update is superseded.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 154: Client has an invalid Pid.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 161: Error: Download failed.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 162: Download succeeded.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 163: Download canceled.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 182: Installation Failure:
Windows failed to install the following update with error %1: %2.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 183: Installation Successful:
Windows successfully installed the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 184: Installation successful
and restart required for the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 185: Hide update: user hid
one update.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 186: user cancelled the install
2009-02-06 11:55:31-0800 1544 a24 Loaded event 187: Installation killed:
Installation of the following update is killed by the agent: %2
2009-02-06 11:55:31-0800 1544 a24 Loaded event 188: Installation Ready: The
following updates are downloaded and ready for installation. This computer is
currently scheduled to install these updates on %1 at %2: %3
2009-02-06 11:55:31-0800 1544 a24 Loaded event 189: Installation Ready: The
following updates are downloaded and ready for installation. To install the
updates, an administrator should log on to this computer and Windows will
prompt with further instructions: %1
2009-02-06 11:55:31-0800 1544 a24 Performance warning: CTraceCategory::Trace
had to allocate memory
2009-02-06 11:55:31-0800 1544 a24 Loaded event 190: Installation Successful:
Windows successfully installed the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 191: Installation successful
and restart required for the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 192: Installation killed:
Installation of the following update is killed by the agent: %2
2009-02-06 11:55:31-0800 1544 a24 Loaded event 193: Restart Required: To
complete the installation of the following updates, the computer must be
restarted. Until this computer has been restarted, Windows cannot search for
or download new updates: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 194: Restart Required: To
complete the installation of the following updates, the computer will be
restarted within %1 minutes: %2
2009-02-06 11:55:31-0800 1544 a24 Loaded event 195: Installation Failure:
Windows failed to install the following update with error %1: %2.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 196: Unhide update: user
unhid one update.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 197: Installation Successful:
Windows successfully installed the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 198: Installation Failure:
Windows failed to install the following update with error %1: %2.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 199: Installation successful
and restart required for the following update: %1
2009-02-06 11:55:31-0800 1544 a24 Loaded event 200: Installation killed:
Installation of the following update is killed by the agent: %2
2009-02-06 11:55:31-0800 1544 a24 Loaded event 201: Installation pending.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 221: Uninstallation Failure:
Windows failed to uninstall the following update with error %1: %2.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 222: Uninstallation
Successful: Windows successfully uninstalled the following update: %1.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 223: User cancelled the
uninstall.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 224: Uninstallation
successful and restart required for the following update: %1.
2009-02-06 11:55:31-0800 1544 a24 Loaded event 225: Uninstallation killed:
Uninstallation of the following update is killed by the agent: %2.
2009-02-06 11:55:31-0800 1544 a24 Successfully loaded client event namespace
descriptor.
2009-02-06 11:55:31-0800 1544 a24 Successfully initialized local event
logger. Events will be logged at
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2009-02-06 11:55:31-0800 1544 a24 Successfully initialized NT event logger.
2009-02-06 11:55:31-0800 1544 a24 Batch flush age for server 0 is 120 seconds.
2009-02-06 11:55:31-0800 1544 a24 Write buffer is empty. Not scheduling a
flush.
2009-02-06 11:55:31-0800 1544 a24 Successfully initialized event uploader 0.
2009-02-06 11:55:31-0800 1544 a24 Batch flush age for server 1 is 5240
seconds.
2009-02-06 11:55:31-0800 1544 a24 Write buffer is empty. Not scheduling a
flush.
2009-02-06 11:55:31-0800 1544 a24 Successfully initialized event uploader 1.
2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
1 with internalrouting 0
2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
0 with internalrouting 0
2009-02-06 11:55:31-0800 1544 a24 Network interfaces : 1
2009-02-06 11:55:31-0800 1544 a24 Signal subscription event 8
2009-02-06 11:55:31-0800 1544 a24 create subscription event for destination
2 and routing 0
2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
8 with internalrouting 0
2009-02-06 11:55:31-0800 1544 a24 Network interfaces : 1
2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
9 with internalrouting 0
2009-02-06 11:55:31-0800 1544 a24 EE Handler QI: ISusExprEvaluate
2009-02-06 11:55:31-0800 1544 a24 CEEMsiHandler::AddRef: refcount is 2
2009-02-06 11:55:31-0800 1544 a24 Initializing BITS callback handler.
2009-02-06 11:55:31-0800 1544 a24 AddRef: ref count -> 1
2009-02-06 11:55:31-0800 1544 a24 DH Listener AddRef: ref count -> 1
2009-02-06 11:55:31-0800 1544 a24 Handler QI: IUnknown
2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::AddRef: refcount is 2
2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::Release: refcount is 1
2009-02-06 11:55:31-0800 1544 a24 Handler QI: ISusUpdateInstallerInfo
2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::AddRef: refcount is 2
2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::Release: refcount is 1
2009-02-06 11:55:31-0800 1544 a24 ref count on CCR after AddRef is 2
2009-02-06 11:55:31-0800 1544 a24 ref count on CCR after Release is 1
2009-02-06 11:55:31-0800 1544 a24 fail to register class object 0x80004015
2009-02-06 11:55:31-0800 1544 a24 Client call recorder fails to init with
error 0x80004015
2009-02-06 11:55:31-0800 1544 a24 WU client with version 5.4.3790.5512
failed to initialize with error 0x80004015 from component agent
2009-02-06 11:55:31-0800 1544 a24 Failed to initialize WU client: 0x80004015
2009-02-06 11:55:31-0800 1544 a24 updated service status to 3
2009-02-06 11:55:32-0800 1544 a24 CEEMsiHandler::Release: refcount is 1
2009-02-06 11:55:32-0800 1544 a24 CEEMsiHandler::Release: refcount is 0
2009-02-06 11:55:32-0800 1544 a24 CUHHandlerBase::Release: refcount is 0
2009-02-06 11:55:32-0800 1544 a24 Submitting work item thread request.
2009-02-06 11:55:32-0800 1544 a24 new event 1 of type 2 added to event system
2009-02-06 11:55:32-0800 1544 a24 Asynchronously flushing
CEventQueue@00608220.
2009-02-06 11:55:32-0800 1544 a24 Asynchronously flushing
CEventQueue@00608220.
2009-02-06 11:55:32-0800 1544 a24 Done with asynchronous flush.
2009-02-06 11:55:32-0800 1544 a24 event 1 of type 2 removed from event system
2009-02-06 11:55:32-0800 1544 a24 DH Listener Release: ref count -> 0
2009-02-06 11:55:32-0800 1544 a24 DH Listener waiting for m_hSafeToDeleteEvent
2009-02-06 11:55:32-0800 1544 a24 Release: ref count -> 0
2009-02-06 11:55:32-0800 1544 a24 Waiting for m_hSafeToDeleteEvent
2009-02-06 11:55:32-0800 1544 a24 WUAUENG ServiceMain exits. Exit code is
0x80004015
------------------ >8 -----------------------

Again I apologize for the long message. But I'm running out of ideas. Any
help would be greatly appreciated!

I found a fix!!!

Thanks for the suggestions. I ran MSRT (20 hrs!), OTListIt2 and Security
Check. Fortunately no malicious software was found. I did run multiple
scans with Norton and AdAware in safe mode before and removed suspicious
softwares. However, there are really useful information from the scan output.

Turns out the Security setting of wuauserv was corrupted. Can't remember
how it happened. But it might have something to do some settings during
multiple scans.

Anyway, I was able to fix it by following steps as descripted here

That was the work of the hijackware infection(s).

After 3 days of seaching and comparing registries with 3 computers I found
the Fix

Error code 0x80070005 Can not enable Automatic Updates

First Run Malwarbytes and your antivirus program to remove scum viruses.

After Viruses are removed.

Log in to Safe Mode with Administrator Privilages

Click Start >
Run >
Type "regedit" (with out " ")

On the menu bar choose edit > Find > on the text box type "wuauserv" (with
out " "). Remove the check marks named values and Data (only Keys should
remain checked. > click on Find Next

Go through all the keys one at a time and first check its permissions by
right clicking on the key > Permissions > enable FULL CONTROL > CLICK APPLY

NOW ON THE IMAGEPATH CHANGE %fystemroot%\System32\svchost.exe -k netsvcs
to read correctly at "%SystemRoot%\System32\svchost.exe -k netsvcs (only
the S is changed to f). (You do this by right clicking the imagepath on the
right hand side pane and select modify)

HIT the F3 button to Find the next wuauserv key and do the same steps.

check permissions on each key and change if necessary (remember you must be
in SAFE MODE ADMINISTRATOR).

Now do the same steps for the BITS key

Check its permissions and set to Full control if necessary.

Finally, close Registry Editor.

Start > Run > services.msc

find Automatic Udates > Right click > Properties
under START UP TYPE > change to AUTOMATIC

Do the same for Bits if necessary.

And Walla Automatic Updates if back.

How have you determined that just running MBAM removed all traces of the
hijackware that infected your computer?

[LightCC]

After two days and probably 12 hours of working on my final bit of virus removal for a friend's PC this post helped me take the last few steps to reenable Windows Update.

Therefore, I'm posting all the major steps I took along with the final procedure in order to help others out.

This PC had a bad virus situation. It was sending out 50k-60k emails a day, had software that was disabling security like antivirus programs, and I couldn't run process explorer or hijackthis on it at first.

Before I got it, the outdated McAffee was run on it and found a bunch of things. An old version of Spybot was on I had installed. So I started by getting the latest Spybot S&D which found about 4 malicious threats. 2 of those came back after cleaning, however.

A web search led me to download Malwarebyte's Anti-malware program, which was able to remove those 2 viruses and found a few more and cleaned them. The final problem was that Windows Update was disabled... thus started a journey of a 1000 steps... or 1000 DOS commands, or something like that...

So here's the rest of the story on how I got Windows update back up. It appears to be the same virus others in this thread posted about, but I had to do a few extra things to get it running, here's the info.

The first part and a few others, are cut and paste from elsewhere with useful information:

-----------------

Here is perhaps the most definitive (and long-running) conversation about
that error:
http://groups.google.com/group/micro...4667c09cb402c0
=================
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.

For more information about how to contact your local Microsoft subsidiary
for security update support issues, visit the International Support Web
site: http://support.microsoft.com/common/international.aspx

For enterprise customers, support for security updates is available through
your usual support contacts.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.netw



---------------

Finding the permissions problem:

Tried to run dos (cmd) and register all the dlls as per a posting. One failed:

> net stop wuauserv
> net stop bits

(neither was started)

> regsvr32 wuaueng.dll

Message pops up: DllRegistServer in wuaueng.dll failed. Return code was: 0x80070005

According to many web posts this is a permissions problem.

--------------

Next tried doing a manual reinstall of Windows Update, as follows:

You can install the WindowsUpdageAgent which is available for download from
http://go.microsoft.com/fwlink/?LinkId=43264 and run the following command;
***********************************************
WindowsUpdateAgent30-x86.exe /wuforce
***********************************************

I just renamed it to WUA30.exe and ran
>> WUA30.exe /wuforce
to force the install. The install failed with following error number:
0x8024d007

-----------

At some point around here I tried using the SubInACL tool (see http://blogs.msdn.com/astebner/archi...04/739820.aspx) to reset the permissions. This failed to change the affected registry keys for wuausrv (I wasn't aware of the problem with BITS at this point)

Maybe this would have worked if I had run it in safe mode, but I wasn't aware of the virus changes to the paths at this point either...

----------------------------

Posted fix in safe mode as Administrator by someone else:

Hello Everyone,

After 3 days of seaching and comparing registries with 3 computers I found
the Fix

Error code 0x80070005 Can not enable Automatic Updates

First Run Malwarbytes and your antivirus program to remove scum viruses.

After Viruses are removed.

Log in to Safe Mode with Administrator Privilages

Click Start >
Run >
Type "regedit" (with out " ")

On the menu bar choose edit > Find > on the text box type "wuauserv" (with
out " "). Remove the check marks named values and Data (only Keys should
remain checked. > click on Find Next

Go through all the keys one at a time and first check its permissions by
right clicking on the key > Permissions > enable FULL CONTROL > CLICK APPLY

NOW ON THE IMAGEPATH CHANGE %fystemroot%\System32\svchost.exe -k netsvcs
to read correctly at "%SystemRoot%\System32\svchost.exe -k netsvcs (only
the S is changed to f). (You do this by right clicking the imagepath on the
right hand side pane and select modify)

HIT the F3 button to Find the next wuauserv key and do the same steps.

check permissions on each key and change if necessary (remember you must be
in SAFE MODE ADMINISTRATOR).

Now do the same steps for the BITS key

Check its permissions and set to Full control if necessary.

Finally, close Registry Editor.

Start > Run > services.msc

find Automatic Udates > Right click > Properties
under START UP TYPE > change to AUTOMATIC

Do the same for Bits if necessary.

And Walla Automatic Updates if back.


----------------

Some notes, clarification and my final process to fix things on my PC:


It does not have to be the official "Administrator" account as long
as the user you log into in safe mode has Administrator access.

When you do 'find' in regedit is when he means to uncheck the 'values'
and 'data' box. I thought he meant during editing after you get to the
keys... but these should be the keys that need to be changes. There may
be additional ones so if it doesn't work try a full search and check
the permissions on every key it finds

The appropriate keys on my machine were:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

Searching for bits and wuauserv found other entries and keys
that were not affected

In these keys the permissions had been changed to only administrator
with only read permission. To get the full list back I did the following:

- Right click on wuauserv key, choose permissions
- See only administrators in the list.
- Click "Advanced" at the bottom
- Checkbox "Inherit from parent the permission entries that apply to child
objects. Include these with entries explicitly defined here"
- Click OK
- Click OK

- In the right pane double-click the "ImagePath" key to edit it
- Change the "%fystemroot%" at the beginning of the path to "%systemroot%"
(the virus had purposely edited it to be misspelled)
- After doing this on ControlSet001 and COntrolSet004 the changes already
showed up in CurrentControlSet when I got there

In services.msc,
Automatic Updates was set to Automatic startup type
Background Intelligent Transfer service was set to Manual startup type

No need to change either of those

But boot back into windows normal mode and all the permissions are changed back and the ImagePath values are corrupted again.

So, I go through the virusscan mode again, this time trying the full-on normal-mode, turnoff system restore, and then rescan in safe mode method.

1. TURN OFF SYSTEM RESTORE
2. Full scan with Malware - clean
3. Full scan with spybot - clean

4. Reboot into safe mode on an adminstrator-enabled account

5. normal scan with Malware - clean
6. Full scan with McAfee - subscription ran out about 3/2009, 3 months ago

- found 2 files, I think from heuristic search, one auto-cleaned, I quarantined the other

7. Now, go back and redo the permissions and path updates on the 6 registry keys
8. This time, however, I opened a dos prompt in safe mode and ran the regsvr32 wuaueng.dll
- SUCCESS!!

9. I rebooted into normal mode windows and Windows Update was running.
10. Checked the bad registry keys and they were all still in the correct new state

So, I'm not sure if it was the 2 files mcaffee found, disabling the system restore,
or running the regsvr32 command while still in safe mode, but I'm now up and running.

Just wanted to share the procedure!

There should be no ControlSet subkeys numbered higher than 3. The
ControlSet004 was created by the malware[s].

The *only* subkey that needs editing is CurrentControlSet.

The other subkeys, ControlSet001 -ControlSet003, are pointed to by
CurrentControlSet.
Although the KB below is for Windows NT, the only difference is that
there is no Clone subkey.

What are Control Sets? What is CurrentControlSet?
http://support.microsoft.com/kb/100010

EX: [HKEY_LOCAL_MACHINE\SYSTEM\Select]
"Current"=dword:00000001
"Default"=dword:00000001
"Failed"=dword:00000000
"LastKnownGood"=dword:00000003

If the system fails to boot, upon the restart the boot menu will appear.
The same boot menu shows up when one presses F8 prior to Windows loading
in order to reach Safe Mode.
Choosing the LastKnownGood configuration on the boot menu will load the
last successfully loaded ControlSet, which in this case is ControlSet003.

Cleaning a system *first* will preclude having to reset perms and
imagepath values more than once however, some of the tools needed to
remove most current malwares can be deleterious to the system.
Which is precisely why disabling System Restore should be done as a
*last* step. It will add time to the scans but ... it's best to have a
rat infested [malware] lifeboat rather than none at all.

Emptying all temp and temporary internet files *will* cut down on the
scan times without risking a non-boot situation.

Otherwise ... nice writeups LightCC and BayAreaDave.

would u like tell the method which can fix this update error ?
The link" http://entwindows.com/................." which u give can not open.
also can mail
thanks a lot for ur help

[chrishongrocks]

THANK YOU THANK YOU THANK YOU!

Specifically BayAreaDave and LightCC...

I must have spent about 8 hours total researching and trying different things for this fix and the information on here fixed the problem for me. I created this account just to thank you guys. Automatic Updates is running fine now.

I have had a similar issue, and have found that it is related to incorrect
registry security permissions. to resolve on Windows 2000 or Windows XP,
please do the following:

1. Install SubInACL from Microsoft here:

http://www.microsoft.com/downloads/d...displaylang=en

2. Create a batch file containing the following lines:

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

3. Run that batch file on the problem machine.

4. Go to the Windows Update site and try again...No reboot required!


This procedure will reset registry permissions, and has worked for me on
quite a few machines. I have put this together from many hours of searching
for a solution, and have obtained nearly all the information from various
Microsoft articles.

[rlwaymire]

Ponti1 ...

Registered to TechArena just to say Thanks for this solution. I work in IT and can understand the time that went into the research and the batch file worked as advertised. Your time is well appreciated. Take care.