Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows XP Update

Started by kdp , Jun 05 2005 09:38 AM

  • Please log in to reply
77 replies to this topic

#16 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 24 June 2005 - 02:02 PM

Not to worry kdp. There are allot of options left yet.

Boot into safe mode. If you don't know how then see the information here. Scroll down the page until you see the list of operating systems near the bottom and expand the one you need. Once you have done that navigate to the iuctl.ini file as before, right click it and choose install. My thinking here is that it is possible that one of the antispyware apps you are running is blocking the install of the activex component (which is usually a good thing but not so in this case). Their active monitoring systems should not be running in safe mode.
Once you have done that reboot normally and see if windows update will work. If it does not then please post a fresh HijackThis log and check in C:\windows\downloaded program files and let us know if there is a file called WUWebControl Class. If there is then right click it, choose properties and down where it says ID you will see a line similar to the following
{6414512B-B978-451D-A0D8-FCFDF33E833C}
hilight that number and its braces, right click and choose copy then paste the number in a reply here. In the same info box where you copy the number from there is a "status" line, what does it say the status is?

Edited by rand1038, 24 June 2005 - 02:34 PM.

Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

    Advertisements

Register to Remove

#17 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 24 June 2005 - 03:13 PM

Here's my new HJL. I did not find a WUWebCon trol Class file.
Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 3:08:51 PM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mom\My Documents\HihackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#18 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 24 June 2005 - 04:52 PM

Ok kdp, lets see if we can install the wuweb control directly.

Download this cab file and save it.
Make a new folder and put wuweb_site into it.
Right click wuweb_site and choose extract.
Find the file named wuweb.inf (the "setup information" one), right click it and choose install.
Now you should be able to see WUWebControl Class in C:\windows\downloaded program files, if the installation went ok. If you can see it then try windows update.
If not, let us know if you have a Windows XP installation CD (we are not going to reinstall windows but we will need some files from the CD for the next step).

Edited by rand1038, 26 June 2005 - 12:02 PM.

Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

#19 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 27 June 2005 - 05:41 AM

I guess it didn't install because I couldn't find it. I do have a Reinstallation CD for MS Windows XP Home Ed. Ser Pack 1a that came with my computer.

#20 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 27 June 2005 - 07:58 AM

See if you can find a folder on the CD called I386.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

#21 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 27 June 2005 - 10:05 AM

Ok, I found it. Should I install it?

#22 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 27 June 2005 - 10:20 AM

As far as installing anything, I'm waiting for you! :D

#23 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 27 June 2005 - 06:37 PM

Put the cd in the drive and cancel any windows that open up.
Go to Start > Run and type sfc /scannow and click ok. Notice the space between the c and the /.
When it asks you to insert the windows cd, click browse and point it at the folder one level up from the I386 folder. For example if it is at d:\win\I386 you would point sfc to d:\win.
Let the scan finish and then try windows update again. Post back with the results.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

#24 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 14 July 2005 - 10:14 PM

Sorry I took so long! I put in the cd and cancelled the window that came up and typed in what you said. The Windows File Protection window came up and said to please wait while windows verifies that all protected windows files are intact and in their original versions. It finished checking and then that was it. So I tried doing it without the disk in thinking it would then prompt me to insert the cd, but it never did either time.

#25 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 15 July 2005 - 01:50 PM

No problem kdp, life gets busy sometimes.

If you were not prompted for a file location then either sfc didn't find any corrupt files or an acceptable replacement was chached on the hard drive.

Go to Start>Run and paste the following into the box
C:\Windows\WindowsUpdate.log
then click ok.
A text file will open. You will see the dates on the left, beginning each new line. Scroll down to the bottom of the file. Highlight the last fifty or so lines (no need to be exact) and then copy/paste them as a reply to this thread.

Edited by rand1038, 31 July 2005 - 05:28 PM.

Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

    Advertisements

Register to Remove

#26 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 16 July 2005 - 09:27 AM

2005-07-14 02:38:56-0600 1036 410 Service received logon notification 2005-07-14 04:22:51-0600 1036 410 Service received logoff notification 2005-07-14 09:46:49-0600 1036 410 Service received logon notification 2005-07-14 09:51:25-0600 1036 410 Service received logoff notification 2005-07-14 10:24:18-0600 1032 a78 Service Main starts 2005-07-14 10:24:21-0600 1032 a78 Using BatchFlushAge = 35516. 2005-07-14 10:24:21-0600 1032 a78 Using SamplingValue = 601. 2005-07-14 10:24:21-0600 1032 a78 Successfully loaded event namespace dictionary. 2005-07-14 10:24:21-0600 1032 a78 Successfully loaded client event namespace descriptor. 2005-07-14 10:24:21-0600 1032 a78 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-14 10:24:21-0600 1032 a78 Successfully initialized NT event logger. 2005-07-14 10:24:21-0600 1032 a78 Successfully initialized event uploader 0. 2005-07-14 10:24:21-0600 1032 a78 Successfully initialized event uploader 1. 2005-07-14 10:24:21-0600 1032 a78 WU client with version 5.4.3790.2182 successfully initialized 2005-07-14 10:24:21-0600 1032 a78 Service status is now SERVICE_RUNNING 2005-07-14 10:24:26-0600 1032 40c Service received connect notification 2005-07-14 10:25:06-0600 1032 a78 start delayed initialization of WU client 2005-07-14 10:25:06-0600 3728 e94 Trying to make out of proc datastore active 2005-07-14 10:25:07-0600 3728 e94 Out of proc datastore is now active 2005-07-14 10:25:07-0600 1032 a78 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-14 10:25:07-0600 1032 a78 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-14 10:25:07-0600 1032 a78 WU client succeeded to load 2 persisted Download Calls 2005-07-14 10:25:07-0600 1032 a78 Client Call Recorder finished delayed initialization 2005-07-14 11:36:01-0600 1032 40c Service received logoff notification 2005-07-14 11:37:27-0600 1024 4dc Service Main starts 2005-07-14 11:37:27-0600 1024 4dc Using BatchFlushAge = 35516. 2005-07-14 11:37:27-0600 1024 4dc Using SamplingValue = 601. 2005-07-14 11:37:27-0600 1024 4dc Successfully loaded event namespace dictionary. 2005-07-14 11:37:27-0600 1024 4dc Successfully loaded client event namespace descriptor. 2005-07-14 11:37:27-0600 1024 4dc Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-14 11:37:27-0600 1024 4dc Successfully initialized NT event logger. 2005-07-14 11:37:27-0600 1024 4dc Successfully initialized event uploader 0. 2005-07-14 11:37:27-0600 1024 4dc Successfully initialized event uploader 1. 2005-07-14 11:37:28-0600 1024 4dc WU client with version 5.4.3790.2182 successfully initialized 2005-07-14 11:37:28-0600 1024 4dc Service status is now SERVICE_RUNNING 2005-07-14 11:37:34-0600 1024 404 Service received connect notification 2005-07-14 11:38:15-0600 1024 4dc start delayed initialization of WU client 2005-07-14 11:38:15-0600 3016 bcc Trying to make out of proc datastore active 2005-07-14 11:38:16-0600 3016 bcc Out of proc datastore is now active 2005-07-14 11:38:17-0600 1024 4dc WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-14 11:38:17-0600 1024 4dc WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-14 11:38:17-0600 1024 4dc WU client succeeded to load 2 persisted Download Calls 2005-07-14 11:38:17-0600 1024 4dc Client Call Recorder finished delayed initialization 2005-07-14 11:58:49-0600 1024 404 Service received SERVICE_CONTROL_STOP control 2005-07-14 12:18:10-0600 1028 95c Service Main starts 2005-07-14 12:18:10-0600 1028 95c Using BatchFlushAge = 35516. 2005-07-14 12:18:10-0600 1028 95c Using SamplingValue = 601. 2005-07-14 12:18:10-0600 1028 95c Successfully loaded event namespace dictionary. 2005-07-14 12:18:10-0600 1028 95c Successfully loaded client event namespace descriptor. 2005-07-14 12:18:10-0600 1028 95c Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-14 12:18:10-0600 1028 95c Successfully initialized NT event logger. 2005-07-14 12:18:10-0600 1028 95c Successfully initialized event uploader 0. 2005-07-14 12:18:10-0600 1028 95c Successfully initialized event uploader 1. 2005-07-14 12:18:10-0600 1028 95c WU client with version 5.4.3790.2182 successfully initialized 2005-07-14 12:18:10-0600 1028 95c Service status is now SERVICE_RUNNING 2005-07-14 12:18:17-0600 1028 408 Service received connect notification 2005-07-14 12:18:55-0600 1028 95c start delayed initialization of WU client 2005-07-14 12:18:57-0600 3444 d78 Trying to make out of proc datastore active 2005-07-14 12:18:57-0600 3444 d78 Out of proc datastore is now active 2005-07-14 12:18:57-0600 1028 95c WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-14 12:18:58-0600 1028 95c WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-14 12:18:58-0600 1028 95c WU client succeeded to load 2 persisted Download Calls 2005-07-14 12:18:58-0600 1028 95c Client Call Recorder finished delayed initialization 2005-07-14 12:28:13-0600 1028 408 Service received logoff notification 2005-07-14 12:29:32-0600 1032 958 Service Main starts 2005-07-14 12:29:32-0600 1032 958 Using BatchFlushAge = 35516. 2005-07-14 12:29:32-0600 1032 958 Using SamplingValue = 601. 2005-07-14 12:29:32-0600 1032 958 Successfully loaded event namespace dictionary. 2005-07-14 12:29:32-0600 1032 958 Successfully loaded client event namespace descriptor. 2005-07-14 12:29:32-0600 1032 958 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-14 12:29:32-0600 1032 958 Successfully initialized NT event logger. 2005-07-14 12:29:32-0600 1032 958 Successfully initialized event uploader 0. 2005-07-14 12:29:32-0600 1032 958 Successfully initialized event uploader 1. 2005-07-14 12:29:32-0600 1032 958 WU client with version 5.4.3790.2182 successfully initialized 2005-07-14 12:29:32-0600 1032 958 Service status is now SERVICE_RUNNING 2005-07-14 12:29:41-0600 1032 40c Service received connect notification 2005-07-14 12:30:17-0600 1032 958 start delayed initialization of WU client 2005-07-14 12:30:18-0600 2180 880 Trying to make out of proc datastore active 2005-07-14 12:30:18-0600 2180 880 Out of proc datastore is now active 2005-07-14 12:30:18-0600 1032 958 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-14 12:30:19-0600 1032 958 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-14 12:30:19-0600 1032 958 WU client succeeded to load 2 persisted Download Calls 2005-07-14 12:30:19-0600 1032 958 Client Call Recorder finished delayed initialization 2005-07-14 12:33:21-0600 1032 40c Service received logoff notification 2005-07-14 12:34:42-0600 1040 a54 Service Main starts 2005-07-14 12:34:44-0600 1040 a54 Using BatchFlushAge = 35516. 2005-07-14 12:34:44-0600 1040 a54 Using SamplingValue = 601. 2005-07-14 12:34:44-0600 1040 a54 Successfully loaded event namespace dictionary. 2005-07-14 12:34:45-0600 1040 a54 Successfully loaded client event namespace descriptor. 2005-07-14 12:34:45-0600 1040 a54 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-14 12:34:45-0600 1040 a54 Successfully initialized NT event logger. 2005-07-14 12:34:45-0600 1040 a54 Successfully initialized event uploader 0. 2005-07-14 12:34:45-0600 1040 a54 Successfully initialized event uploader 1. 2005-07-14 12:34:45-0600 1040 a54 WU client with version 5.4.3790.2182 successfully initialized 2005-07-14 12:34:45-0600 1040 a54 Service status is now SERVICE_RUNNING 2005-07-14 12:34:50-0600 1040 414 Service received connect notification 2005-07-14 12:35:30-0600 1040 a54 start delayed initialization of WU client 2005-07-14 12:35:31-0600 1284 a6c Trying to make out of proc datastore active 2005-07-14 12:35:37-0600 1284 a6c Out of proc datastore is now active 2005-07-14 12:35:38-0600 1040 a54 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-14 12:35:38-0600 1040 a54 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-14 12:35:38-0600 1040 a54 WU client succeeded to load 2 persisted Download Calls 2005-07-14 12:35:38-0600 1040 a54 Client Call Recorder finished delayed initialization 2005-07-14 12:39:25-0600 1040 414 Service received logoff notification 2005-07-14 17:06:30-0600 1040 414 Service received logon notification 2005-07-14 17:12:02-0600 1040 414 Service received logoff notification 2005-07-14 17:15:32-0600 1040 414 Service received logon notification 2005-07-14 17:23:07-0600 1040 414 Service received logoff notification 2005-07-14 18:33:53-0600 1040 414 Service received logon notification 2005-07-14 18:42:12-0600 1040 414 Service received logoff notification 2005-07-14 21:16:31-0600 1040 414 Service received logon notification 2005-07-14 22:45:07-0600 1040 414 Service received logoff notification 2005-07-15 03:18:11-0600 1040 414 Service received logon notification 2005-07-15 04:55:12-0600 1040 414 Service received logoff notification 2005-07-15 08:59:02-0600 1040 414 Service received logon notification 2005-07-15 09:01:34-0600 1040 414 Service received logoff notification 2005-07-15 12:49:17-0600 1040 5b0 Service Main starts 2005-07-15 12:49:17-0600 1040 5b0 Using BatchFlushAge = 35516. 2005-07-15 12:49:17-0600 1040 5b0 Using SamplingValue = 601. 2005-07-15 12:49:17-0600 1040 5b0 Successfully loaded event namespace dictionary. 2005-07-15 12:49:17-0600 1040 5b0 Successfully loaded client event namespace descriptor. 2005-07-15 12:49:17-0600 1040 5b0 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-15 12:49:17-0600 1040 5b0 Successfully initialized NT event logger. 2005-07-15 12:49:17-0600 1040 5b0 Successfully initialized event uploader 0. 2005-07-15 12:49:17-0600 1040 5b0 Successfully initialized event uploader 1. 2005-07-15 12:49:17-0600 1040 5b0 WU client with version 5.4.3790.2182 successfully initialized 2005-07-15 12:49:17-0600 1040 5b0 Service status is now SERVICE_RUNNING 2005-07-15 12:50:02-0600 1040 5b0 start delayed initialization of WU client 2005-07-15 12:50:02-0600 240 d4 Trying to make out of proc datastore active 2005-07-15 12:50:03-0600 240 d4 Out of proc datastore is now active 2005-07-15 12:50:03-0600 1040 5b0 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-15 12:50:03-0600 1040 5b0 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-15 12:50:04-0600 1040 5b0 WU client succeeded to load 2 persisted Download Calls 2005-07-15 12:50:04-0600 1040 5b0 Client Call Recorder finished delayed initialization 2005-07-15 17:22:52-0600 1040 414 Service received connect notification 2005-07-15 17:22:52-0600 1040 414 Service received logon notification 2005-07-15 17:30:52-0600 1040 414 Service received logoff notification 2005-07-15 21:19:55-0600 1028 420 Service Main starts 2005-07-15 21:19:55-0600 1028 420 Using BatchFlushAge = 35516. 2005-07-15 21:19:55-0600 1028 420 Using SamplingValue = 601. 2005-07-15 21:19:55-0600 1028 420 Successfully loaded event namespace dictionary. 2005-07-15 21:19:55-0600 1028 420 Successfully loaded client event namespace descriptor. 2005-07-15 21:19:55-0600 1028 420 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log. 2005-07-15 21:19:56-0600 1028 420 Successfully initialized NT event logger. 2005-07-15 21:19:56-0600 1028 420 Successfully initialized event uploader 0. 2005-07-15 21:19:56-0600 1028 420 Successfully initialized event uploader 1. 2005-07-15 21:19:56-0600 1028 420 WU client with version 5.4.3790.2182 successfully initialized 2005-07-15 21:19:56-0600 1028 420 Service status is now SERVICE_RUNNING 2005-07-15 21:20:04-0600 1028 408 Service received connect notification 2005-07-15 21:20:43-0600 1028 420 start delayed initialization of WU client 2005-07-15 21:20:43-0600 2380 954 Trying to make out of proc datastore active 2005-07-15 21:20:44-0600 2380 954 Out of proc datastore is now active 2005-07-15 21:20:45-0600 1028 420 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore 2005-07-15 21:20:45-0600 1028 420 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore 2005-07-15 21:20:45-0600 1028 420 WU client succeeded to load 2 persisted Download Calls 2005-07-15 21:20:45-0600 1028 420 Client Call Recorder finished delayed initialization 2005-07-15 21:37:44-0600 1028 408 Service received logoff notification 2005-07-16 00:12:46-0600 1028 408 Service received logon notification 2005-07-16 00:44:13-0600 1028 408 Service received logoff notification 2005-07-16 09:04:40-0600 1028 408 Service received logon notification

#27 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 16 July 2005 - 10:09 AM

Run HijackThis and generate a fresh log. Post it here.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

#28 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 16 July 2005 - 12:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:05:39 PM, on 7/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hpbpro.exe
C:\WINDOWS\System32\hpboid.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom\My Documents\HihackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#29 rand1038

rand1038

    Take over your PC or someone else will.

  • Authentic Member
  • PipPipPipPipPip
  • 1,100 posts

Posted 16 July 2005 - 08:10 PM

I find it odd that the Windows Update control will not install properly. You have allot of antivirus/antispywre programs running, which isn't necessarily a bad thing if you have the memory to supprt them. One of the jobs of these applications is to keep bad programs from installing. Given that we are trying to install an ActiveX control, which is what malicious programs often are, the "protectors" may be doing their job a little too well.
What I would like you to do is to is go into each programs configuratin and shut it down, tell it not to load on reboot. After you have done this for all of them then reboot and check to make sure none of them are running (no icons in the tray or program name in the taskmanager list).

Once that is done then follow the instructions in this post again.

Until you have tried that and then reenabled the programs you want to run, do not surf the net.

Also, let us know if you are on a stand alone machine or if your machine is part of a home or office network.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.

"I would rather be bruised by the truth than caressed by lies."

The help you receive here is free.
If you can please help keep us online by donating.

Posted Image

#30 kdp

kdp

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 16 July 2005 - 09:05 PM

I'm not sure I understand what you want me to do. I am on a single machine in my home.
Do you want me to disable Norton Antivirus and Countespy? I think that's all I have.

Related Topics

Back to Microsoft Windows™ · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Software
  3. Microsoft Windows™
  4. Privacy Policy
  5. Terms of Use ·