winupd.dll and Norton problems

winupd.dll

edit note: I split this thread away from another one that dealt with winupd.dll so if things look a little disjointed through the first 3 posts, blame me. Newt

I've experienced the same problem with that block as well. I've tried alot of the suggestions and fixes many have suggested here. In addition to this problem, I also have tried to uninstall McAfee Antivirus and install Norton Internet Security. Obviously lots of problems with that too. My question is...should I try to fix the file and software problems, or just format and start over. I'm not sure which would be the lesser of two evils!
I would greatly appreciate any suggestions.

JT

 

Hi tanman and welcome to the forum.

A format and clean install would probably be faster than going after the bad stuff piece by piece. However, we can certainly work with you to clean up the system without the hassle of a reinstall.

Worst case if we work to clean it and have problems is a little lost time and you do a format/reinstall so other than some time, no real downside to trying to fix your system.

We do need your details though.

 

Newt--first off, thanks for the help in advance, I've talked with support folks from several places, and they only want to sell me something they think might fix my problems. Alright, enough of my whining....

Just a little background: my system seemed to be operating fine for the most part, just some issues with McAfee Antivirus--mostly not catching a virus before it tried to install. Anyway, I opted to go with Norton Internet Security pak. My first problem was trying to uninstall the McAfee. Couldn't seem to eliminate the program without losing my internet connection (Roadrunner Highspeed Broadband). I assume this is because of firewall setting problems. I had to reinstall to get my connection back. Couldn't update McAfee without resubscribing--just turned off as much of it as I could. Then installed Norton, some issues with that, but minor comparably speaking!

This is where I started getting the message "rundll--error loading winupd.dll the specific module could not be found" I typed it in the search engine--came up with this website--tried several of the spyware/adware programs, eliminated alot, but obviously have not eliminated what I need to. I did save the hijackthis log if you want to view it. Just didn't want to overload an already full posting!

 

Well, we got nothing to sell so that won't be a problem. Actually, Aire (forum owner) does have some nice utilities he sells but they aren't specific to this sort of problem and I won't tell you where to find them anyway although if you search all the links on this forum you can find them.

More information still needed but what you provided at least gives a starting place. I hope. If you are running Win2K or XP, then click on start, click on run, key in eventvwr.msc and click OK. Look in your system and application logs for specific errors or warnings that look related to this problem and if you find one or more, open the event, click on the icon below the up/down arrows (sends a text copy to the clipboard) and paste the event here.

Since you have a HJT log, might as well post it too now that we've shortened this thread by quite a bit.

 

These are just a few of the errors...there are many from the last week or so, just a few that stood out to me. Hope they help!

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 9/9/2004
Time: 2:23:10 PM
User: N/A
Computer: JEFFNANNETTE
Description:
Faulting application ccapp.exe, version 2.1.1.700, faulting module ccemlpxy.dll, version 2.1.1.700, fault address 0x00017b00.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 63 63 61 ure cca
0018: 70 70 2e 65 78 65 20 32 pp.exe 2
0020: 2e 31 2e 31 2e 37 30 30 .1.1.700
0028: 20 69 6e 20 63 63 65 6d in ccem
0030: 6c 70 78 79 2e 64 6c 6c lpxy.dll
0038: 20 32 2e 31 2e 31 2e 37 2.1.1.7
0040: 30 30 20 61 74 20 6f 66 00 at of
0048: 66 73 65 74 20 30 30 30 fset 000
0050: 31 37 62 30 30 0d 0a 17b00..
Event Type: Error
Event Source: Perflib
Event Category: None
Event ID: 1015
Date: 9/9/2004
Time: 8:16:11 AM
User: N/A
Computer: JEFFNANNETTE
Description:
The timeout waiting for the performance data collection function "PerfProc" in the "C:\WINDOWS\System32\perfproc.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 9/8/2004
Time: 9:19:59 PM
User: N/A
Computer: JEFFNANNETTE
Description:
Faulting application explorer.exe, version 6.0.2800.1106, faulting module ntdll.dll, version 5.1.2600.1106, fault address 0x00002b6a.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 31 30 36 20 00.1106
0030: 69 6e 20 6e 74 64 6c 6c in ntdll
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 31 31 .2600.11
0048: 30 36 20 61 74 20 6f 66 06 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 30 32 62 36 61 0d 0a 02b6a..
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3001
Date: 9/8/2004
Time: 6:29:22 PM
User: N/A
Computer: JEFFNANNETTE
Description:
The performance counter name string value in the registry is incorrectly formatted. The bogus string is 2824, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 08 0b 00 00 06 0b 00 00 ........
0008: 07 0b 00 00 cf 01 00 00 ....Ã...
Event Type: Error
Event Source: Ci
Event Category: CI Service
Event ID: 4126
Date: 9/8/2004
Time: 5:00:02 PM
User: N/A
Computer: JEFFNANNETTE
Description:
Cleaning up corrupt content index metadata on c:\program files\dell\support\ui\search\catalog.wci. Index will be automatically restored by refiltering all documents.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 9/8/2004
Time: 1:03:04 PM
User: N/A
Computer: JEFFNANNETTE
Description:
Hanging application explorer.exe, version 6.0.2800.1221, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 65 78 70 6c 6f 72 explor
0018: 65 72 2e 65 78 65 20 36 er.exe 6
0020: 2e 30 2e 32 38 30 30 2e .0.2800.
0028: 31 32 32 31 20 69 6e 20 1221 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

These are from the System errors....
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/9/2004
Time: 2:31:08 PM
User: N/A
Computer: JEFFNANNETTE
Description:
The .NET Framework Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/9/2004
Time: 2:22:28 PM
User: N/A
Computer: JEFFNANNETTE
Description:
The Symantec Network Proxy service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 9/9/2004
Time: 2:22:10 PM
User: N/A
Computer: JEFFNANNETTE
Description:
The IPSEC Services service terminated with the following error:
The requested service provider could not be loaded or initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 9/9/2004
Time: 2:20:33 PM
User: N/A
Computer: JEFFNANNETTE
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0007E977A7E8. The following error occurred:
An operation was attempted on something that is not a socket. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 36 27 00 00 6'..

there are more logs...most are identical to the ones above...
Here is my HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 8:20:04 AM, on 9/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\ipbcors.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\update\update.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeffery Tanner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: >
O1 - Hosts: </html>
O2 - BHO: MxTargetObj Class - {0000607d-d204-42c7-8e46-216055bf9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: Band Class - {01f44a8a-8c97-4325-a378-76e68dc4ab2e} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [fvwsptaugvk] C:\WINDOWS\System32\ipbcors.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\RECYCLER\S-1-5-21-1731174417-1254886498-2144040659-1006\Dc29.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab


Am I giving you anything of value? I hope so!!
JT

 

That HJT log shows quite a few nasties. Please download, install and immediately check for updates, current versions of both Spybot and Ad-aware. Run Spybot and fix everything it finds and prechecks. Run Ad-aware in full scan mode and remove everything it finds. Reboot and post a new HijackThis log.

 

You are. Some of this is going to take some research though so probably tomorrow before I can give you anything. Hopefully someone else will chime in - especially with cleanup of some of the junk showing from your HJT log.

Please move the hijackthis.exe file someplace other than directly on the desktop or any of your temp folders. When you start using it to clean things, you will want to keep all the stuff it generates in one place. I like c:\hjt or c:\anti-spyware\hjt or similar.

Also, please empty your event logs (save the contents to whatever folder you put HJT into), reboot, and see how many of those errors/warnings show up again. Any that do, please post in another reply. As you did this time, one example of each but if one is showing up lots of times, a comment about how many of it you are seeing will help.

 

Newt--I will get started on the things that you said with the events log and moving the info (different folders/directories). I'll post the errors as soon as I can tonight.
Noahdfear--I will start downloading updates to both shortly--just one problem that I have experienced with scratching all the things found by ad-aware. I quarantined the files, and lost my internet connectivity. I had to undo the quarantine and then got my connection back!! I think that is also part of the firewall "issues" I was having...something was changing my settings and not allowing me to access the net. I'll start with the minor stuff first and then check back here...oh yeah...thanks for helping me too!

JT

 

I cleared the event logs, and there were no application errors this time, and this is the only security error listed!! One other thing I noticed, I didn't get the WINUPD.DLL error right away like I usually do when I reboot...perhaps a fluke, but thought I would note it none the less.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/10/2004
Time: 11:34:31 PM
User: N/A
Computer: JEFFNANNETTE
Description:
The .NET Framework Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Alright, I'm back to doing the Ad-Aware and spybot runs!

JT

 

Dave--got nothing prechecked on the scan from HJT, should I check all the boxes, and then click fix?

 

DO NOT check any boxes and fix with HijackThis. It is Spybot you want to remove what it finds that is prechecked.

I would imagine that having a broken internet connection after using Ad-aware would be a result of the removal of this file, inetadpt.dll, which has your Winsock hooked. The broken connection is usually the result of using an outdated version of Ad-aware, with or without updated reference files, or using an up-to-date version with outdated reference files. Please be sure that you are using the newest versions of both Spybot and Ad-aware. Spybot now has version 1.3 and Ad-aware has version SE Personal 1.04 If you are not using the current build of both programs, download them, unistall the old and install the new, then update before running.

Download LSPFix. Should removing ALL Ad-aware finds, after using the newest version with updated references files, break your intrnet access, open LSPFix, check the box I know what I'm doing and click finish. Reboot and try internet again.

 

Here are some of the errors that came up under applications event log.

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11406
Date: 9/11/2004
Time: 11:25:18 AM
User: N/A
Computer: JEFFNANNETTE
Description:
Product: Symantec Network Driver Update -- Error 1406. Could not write value to key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.AlertEvent.1\CLSID. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Event Type: Error
Event Source: Perflib
Event Category: None
Event ID: 1015
Date: 9/11/2004
Time: 11:39:57 AM
User: N/A
Computer: JEFFNANNETTE
Description:
The timeout waiting for the performance data collection function "PerfProc" in the "C:\WINDOWS\System32\perfproc.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11406
Date: 9/11/2004
Time: 11:40:04 AM
User: N/A
Computer: JEFFNANNETTE
Description:
Product: Symantec Network Driver Update -- Error 1406. Could not write value to key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.AlertEvent.1\CLSID. System error . Verify that you have sufficient access to that key, or contact your support personnel.

This is the only system error that came up again. It has come up twice this morning in about 90 minutes:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/11/2004
Time: 11:17:56 AM
User: N/A
Computer: JEFFNANNETTE
Description:
The .NET Framework Service service failed to start due to the following error:
The system cannot find the file specified.

I checked both Spybot and Ad-Aware, and have the most up-to-date versions. I went through and fixed all errors found--deleted 10 files from Spybot and 906 from Ad-Aware.

I rebooted and then ran the lspfix program and I have internet connection. yeah!! And mysteriously enough, I no longer have the block that popped up giving me the winupd.dll error. Not at all!!!!!!!!!

Not sure what other problems still exist, still checking on them. Should I rerun HJT and check the log again?

Jeff

 

Below is a scan list of the files that Ad-Aware finds, but doesn't seem to be able to delete, or maybe they keep loading themselves over and over.
Not sure how relevant they are, but thought I would include them!!


MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU RegReference : S-1-5-21-1731174417-1254886498-2144040659-1006\software\microsoft\windows\currentversion\explorer\runmru
obj[1]=MRU RegReference : S-1-5-21-1731174417-1254886498-2144040659-1006\software\microsoft\search assistant\acmru\5603
obj[2]=MRU RegReference : S-1-5-21-1731174417-1254886498-2144040659-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.js
obj[3]=MRU RegReference : S-1-5-21-1731174417-1254886498-2144040659-1006\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[4]=MRU RegReference : S-1-5-21-1731174417-1254886498-2144040659-1006\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[6]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[7]=MRU FileReference : C:\Documents and Settings\Jeffery Tanner\recent\03FBYK99.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Jeffery Tanner\recent\hp_data[1].js.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Jeffery Tanner\recent\lspfix.lnk
obj[10]=MRU FileReference : C:\Documents and Settings\Jeffery Tanner\recent\lspfix.txt.lnk

IBIS TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[8]=Regkey : protocols\name-space handler\res\wtoolsb.resprotocol
obj[9]=Regkey : wtoolsb.resprotocol
obj[10]=Regkey : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
obj[11]=Regkey : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
obj[12]=Regkey : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}
obj[13]=Regkey : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
obj[14]=Regkey : S-1-5-21-1731174417-1254886498-2144040659-1006\software\wintools
obj[15]=Regkey : software\wintools
obj[17]=File : C:\Documents and Settings\Jeffery Tanner\Local Settings\Temporary Internet Files\Content.IE5\8LMZCPER\Toolbar[1].cab
obj[19]=File : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0005289.exe
obj[20]=Regkey : software\microsoft\windows\currentversion\installer\userdata\sto
obj[21]=Regkey : software\microsoft\windows\currentversion\uninstall\wintools
obj[22]=Regkey : system\controlset001\services\wintoolssvc
obj[23]=Regkey : system\currentcontrolset\services\wintoolssvc
obj[24]=RegValue : software\microsoft\windows\currentversion\run
obj[25]=Folder : C:\Program Files\Toolbar

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[16]=IECache Entry : Cookie:jeffery tanner@tribalfusion.com/

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[18]=File : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0005271.exe



Jeff

 

Hi Jeff,

Please post a new HJT log so we can see what other cleanup may be needed.

 

Here ya go guys....this is the latest.

Logfile of HijackThis v1.98.2
Scan saved at 7:37:47 PM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: >
O1 - Hosts: </html>
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\RECYCLER\S-1-5-21-1731174417-1254886498-2144040659-1006\Dc29.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

 

thanks Broni, I got rid of those using the fix it!! Any other ones I can get rid of, Or just leave them there?

Jeff

 

broni--sorry to sound stupid, but how do I turn the system restore on and off...I have rebooted once after fixing the problems you suggested, ran HJT again, and those entries were gone. Does that mean that system restore may already be off?

thanks...
Jeff