WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Windows XP Update
Started by
kdp
, Jun 05 2005 09:38 AM
77 replies to this topic
#46
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 31 July 2005 - 07:12 AM
Register to Remove
#47
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 31 July 2005 - 12:07 PM
When I search my registry for "clone" I get 44 matches so whether it is normal or not depends on what key it was in. Do you remember?FYI: When I was checking the registry key for IE6 yesterday I noticed there was a clone user listed. Is that normal?
First, download, unzip and run this script and let me know what message you get in the dialog box.
We looked at this file once before:
C:\Windows\WindowsUpdate.log
Try windows update again. Let it try running for at least a couple minutes.
Exit Windows Update however you need to do that.
Open WindowsUpdate.log and copy/paste all the lines that start with todays date as a reply to this thread.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#48
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 31 July 2005 - 02:15 PM
The clone was in the IE6 key. Check Admn says I am an administrator.
Here's the windows log in file. Again, thanks!
2005-07-31 06:19:33-0600 1028 408 Service received logon notification
2005-07-31 06:44:00-0600 1028 408 Service received logoff notification
2005-07-31 06:45:12-0600 1036 400 Service Main starts
2005-07-31 06:45:12-0600 1036 400 Using BatchFlushAge = 35516.
2005-07-31 06:45:12-0600 1036 400 Using SamplingValue = 601.
2005-07-31 06:45:12-0600 1036 400 Successfully loaded event namespace dictionary.
2005-07-31 06:45:12-0600 1036 400 Successfully loaded client event namespace descriptor.
2005-07-31 06:45:12-0600 1036 400 Successfully initialized local event logger. Events will be logged at C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
2005-07-31 06:45:12-0600 1036 400 Successfully initialized NT event logger.
2005-07-31 06:45:12-0600 1036 400 Successfully initialized event uploader 0.
2005-07-31 06:45:12-0600 1036 400 Successfully initialized event uploader 1.
2005-07-31 06:45:13-0600 1036 400 WU client with version 5.4.3790.2182 successfully initialized
2005-07-31 06:45:13-0600 1036 400 Service status is now SERVICE_RUNNING
2005-07-31 06:45:21-0600 1036 410 Service received connect notification
2005-07-31 06:45:58-0600 1036 400 start delayed initialization of WU client
2005-07-31 06:45:59-0600 3240 cac Trying to make out of proc datastore active
2005-07-31 06:45:59-0600 3240 cac Out of proc datastore is now active
2005-07-31 06:46:00-0600 1036 400 WU client successfully loaded ongoing download call {E03FD04C-5777-48B0-8F3D-AB5580521D48} from datastore
2005-07-31 06:46:00-0600 1036 400 WU client successfully loaded ongoing download call {92279ADF-6E15-4F03-A3C6-7A5D4C2AE15C} from datastore
2005-07-31 06:46:00-0600 1036 400 WU client succeeded to load 2 persisted Download Calls
2005-07-31 06:46:00-0600 1036 400 Client Call Recorder finished delayed initialization
2005-07-31 08:57:49-0600 1036 410 Service received logoff notification
2005-07-31 09:58:55-0600 1036 410 Service received logon notification
2005-07-31 12:52:43-0600 1036 410 Service received logoff notification
2005-07-31 12:57:21-0600 1036 410 Service received logon notification
#49
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 31 July 2005 - 06:09 PM
What version of AOL are you running?
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#50
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 31 July 2005 - 07:57 PM
AOL is 9.0 Optimized SE
#51
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 01 August 2005 - 08:17 PM
For each of the following command lines do the following
1. Hilight the line with your mouse (mouse over line with left button held down)
2. Right click the highlighted line and choose copy
3. Click Start > Run then right click the run box and choose paste
4. The command should appear in the box
5. Hit your <Enter> key
6. Before you click Ok to any dialogs that come up, note down what they say.
7. Repeat these steps for each of the lines below
Example:
Highlight Regsvr32 wuapi.dll
Right click > copy
Start > Run
Right Click > Paste
Regsvr32 wuapi.dll appears in the run box
Click Ok
RegSvr32 message box comes up, message is "DllRegisterServer in wuapi.dll succeeded"
Highlight RegSvr32 wuaueng1.dll
Etc.
Perfrom the above procedure once for each of these lines.
Regsvr32 wuapi.dll
RegSvr32 wuaueng1.dll
RegSvr32 wuaueng.dll
RegSvr32 wups.dll
RegSvr32 wuweb.dll
RegSvr32 winhttp.dll
RegSvr32 wucltui.dll
RegSvr32 jscript.dll
After you have completed the process for each of the lines above and gotten the "succeeded" message for every one then try windows update again.
If you get any other message than the "succeeded" message I quoted in the example above write down the full and exact text of the message and which dll file had the error. Continue to try the procedure with each of the lines even if you do get an error from a previous one. Make sure you get all of them done without skipping any.
1. Hilight the line with your mouse (mouse over line with left button held down)
2. Right click the highlighted line and choose copy
3. Click Start > Run then right click the run box and choose paste
4. The command should appear in the box
5. Hit your <Enter> key
6. Before you click Ok to any dialogs that come up, note down what they say.
7. Repeat these steps for each of the lines below
Example:
Highlight Regsvr32 wuapi.dll
Right click > copy
Start > Run
Right Click > Paste
Regsvr32 wuapi.dll appears in the run box
Click Ok
RegSvr32 message box comes up, message is "DllRegisterServer in wuapi.dll succeeded"
Highlight RegSvr32 wuaueng1.dll
Etc.
Perfrom the above procedure once for each of these lines.
Regsvr32 wuapi.dll
RegSvr32 wuaueng1.dll
RegSvr32 wuaueng.dll
RegSvr32 wups.dll
RegSvr32 wuweb.dll
RegSvr32 winhttp.dll
RegSvr32 wucltui.dll
RegSvr32 jscript.dll
After you have completed the process for each of the lines above and gotten the "succeeded" message for every one then try windows update again.
If you get any other message than the "succeeded" message I quoted in the example above write down the full and exact text of the message and which dll file had the error. Continue to try the procedure with each of the lines even if you do get an error from a previous one. Make sure you get all of them done without skipping any.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#52
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 03 August 2005 - 09:59 AM
Everything went as you said, no problems. Windows Update is still not working. 
#53
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 03 August 2005 - 11:31 AM
I tried what you had me do again in your last post, but I clicked Start, Run, then typed cmd and then entered the same commands again.
When I tried to enter "regsvr32 wucitui.dll" it said, Load Library (wucitui.dll) failed-The specific module could not be found.
Also, when I click on Windows Udate now it does access the site. I can click on the express update button, but I get an "0x800A01AE" error.
So, we're making progress!!!
#54
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 03 August 2005 - 11:43 AM
That is WUCLTUI.dll, if you spelled it with two of the letter eye thats why you got that message.
I'm getting ready to go to work right now, I'll check back here tonight when I get home. Post a fresh hijackthis log please.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#55
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 03 August 2005 - 11:53 AM
I'll do that now.
I rebooted my computer, and now it won't access the Windows Update 
Register to Remove
#56
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 03 August 2005 - 04:15 PM
Logfile of HijackThis v1.99.1
Scan saved at 4:09:33 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mom\My Documents\HihackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123086461357
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123086449325
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 4:09:33 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mom\My Documents\HihackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123086461357
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123086449325
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
#57
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 04 August 2005 - 03:25 PM
These are the windows update controls we have been waiting to see 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123086461357
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123086449325
First, check scriptblocking and make sure it is set to prompt. Here are some directions from the symantec site.
Lets double check another dlls and make sure it is registered, same procedure as before for this one.
regsvr32 wups2.dll
If windows update is still not working then do the dll register procedure with all the dlls. I've listed them below (you can do this procedure as much as you want, it will not hurt anything) Then see how things work. If windows update works then reboot and see if it still works. Post back with the results.
What I am wondering with it not working after the reboot is if the registration is not persisting. This could occur if the registry is being restored to an earlier state by windows or some other program.
Regsvr32 wuapi.dll
RegSvr32 wuaueng1.dll
RegSvr32 wuaueng.dll
RegSvr32 wups.dll
RegSvr32 wuweb.dll
RegSvr32 winhttp.dll
RegSvr32 wucltui.dll
RegSvr32 jscript.dll
regsvr32 wups2.dll
**********
Thse last two items are not related to your Windows Update problem, just some general advice.
I see you have these in the running processes section.
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
That is windows indexing service, it is a resource hog. I recommend you disable it as follows.
1. Go to Start > Run and type services.msc into the box then click Ok.
2. Scroll down through the list of services until you find "Indexing Service"
3. Double click the Indexing Service line and a dialog box will come up.
4. Click the "General" tab.
5. If the "Stop" button is not greyed out, click it and the service will be stopped.
6. Click the "Startup Type" drop down menu and choose disabled.
7. Close the properties dialog with the Ok button.
If you didn't set this you can checkmark it for fixing in HijackThis then click Fix Checked.
This is a registry flag that disables the ability to change internet settings from within Internet Explorer. You can still do it from Control Panel > Internet Options.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123086461357
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123086449325
First, check scriptblocking and make sure it is set to prompt. Here are some directions from the symantec site.
To enable Script Blocking
1. Start Norton AntiVirus.
If Norton AntiVirus is part of Norton Internet Security or Norton SystemWorks, then start that program.
2. Click Options.
If a submenu appears, then click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, if the entry is not checked, then check Enable Script Blocking (recommended).
5. Click Ask me what to do (recommended). << Make sure this is the option chosen
6. Click OK.
Lets double check another dlls and make sure it is registered, same procedure as before for this one.
regsvr32 wups2.dll
If windows update is still not working then do the dll register procedure with all the dlls. I've listed them below (you can do this procedure as much as you want, it will not hurt anything) Then see how things work. If windows update works then reboot and see if it still works. Post back with the results.
What I am wondering with it not working after the reboot is if the registration is not persisting. This could occur if the registry is being restored to an earlier state by windows or some other program.
Regsvr32 wuapi.dll
RegSvr32 wuaueng1.dll
RegSvr32 wuaueng.dll
RegSvr32 wups.dll
RegSvr32 wuweb.dll
RegSvr32 winhttp.dll
RegSvr32 wucltui.dll
RegSvr32 jscript.dll
regsvr32 wups2.dll
**********
Thse last two items are not related to your Windows Update problem, just some general advice.
I see you have these in the running processes section.
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
That is windows indexing service, it is a resource hog. I recommend you disable it as follows.
1. Go to Start > Run and type services.msc into the box then click Ok.
2. Scroll down through the list of services until you find "Indexing Service"
3. Double click the Indexing Service line and a dialog box will come up.
4. Click the "General" tab.
5. If the "Stop" button is not greyed out, click it and the service will be stopped.
6. Click the "Startup Type" drop down menu and choose disabled.
7. Close the properties dialog with the Ok button.
If you didn't set this you can checkmark it for fixing in HijackThis then click Fix Checked.
This is a registry flag that disables the ability to change internet settings from within Internet Explorer. You can still do it from Control Panel > Internet Options.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Edited by rand1038, 12 August 2005 - 07:15 PM.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#58
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 05 August 2005 - 09:31 PM
This is strange! I tried to go into Norton Antivirus and check the script-blocking. Everthing is marked in read saying "ERROR", must reinstall Norton Antivirus. I'm not sure how to do that since I downloaded it from their website, and I don't have a disk. 
#59
kdp
-
- Authentic Member
-
- 51 posts
Authentic Member
Posted 06 August 2005 - 07:55 AM
I was able to reinstall NA. I will follow through with your previous post.
Thanks!
#60
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 06 August 2005 - 08:19 AM
Good jobI was able to reinstall NA. I will follow through with your previous post.
Thanks!
. I'll leave the info below for others reading this thread who may need it.If you are nearing the end of your subscription or unhappy with Norton then you can download AVG Free Edition which is an excellent antivirus that includes email scanning. It is what I use.
Assuming you are using Norton Antivirus 2005 then follow the instructions here for reinstalling when you downloaded from the symantec store.
A word of warning. Make sure you get a complete uninstall with no errors before you reinstall. That is very important. If you get errors during the uninstall do not reinstall.
Edited by rand1038, 06 August 2005 - 08:28 AM.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
