JimminyChristmas
asked on
Windows Update Error 0x80070005 XP SP3 cannot update
Hey all,
Thanks in advance for the help. Basically, I have a Windows XP SP3 machine that cannot perform a Windows Update. When looking in the Event Viewer, the following is an error every time the automatic update tries to go:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 14/06/2010
Time: 3:47:18 PM
User: N/A
Computer: computer
Description:
The Automatic Updates service terminated with the following error:
The class is configured to run as a security id different from the caller
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Furthermore, when I try to run the Update manually, it fails on the WGA installation step with: Error number: 0x80070005
I tried doing the manual WGA, at which point Microsoft verified the copy of Windows as genuine, but alas the next time I tried to update (immediately after and after a restart), still no luck.
Thanks in advance
Thanks in advance for the help. Basically, I have a Windows XP SP3 machine that cannot perform a Windows Update. When looking in the Event Viewer, the following is an error every time the automatic update tries to go:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 14/06/2010
Time: 3:47:18 PM
User: N/A
Computer: computer
Description:
The Automatic Updates service terminated with the following error:
The class is configured to run as a security id different from the caller
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Furthermore, when I try to run the Update manually, it fails on the WGA installation step with: Error number: 0x80070005
I tried doing the manual WGA, at which point Microsoft verified the copy of Windows as genuine, but alas the next time I tried to update (immediately after and after a restart), still no luck.
Thanks in advance
ASKER
Thanks for the reply.
Unfortunately not: Norton Firewall is disabled and auto-protect is off. I had tried following that page, and have run the WGA Diagnostic tool to no avail.
Unfortunately not: Norton Firewall is disabled and auto-protect is off. I had tried following that page, and have run the WGA Diagnostic tool to no avail.
try the below ( good luck )
0x80070005 - Resolution Suggestion:
In most cases you can resolve this error by doing the following:
Step 1
Open up your browser and download the Microsoft Genuine Advantage Diagnostic Tool - HERE to your desktop.
Step 2
Simply double click the file and hit the "continue" button.
The tool will now run a diagnostic and hopefully automatically fix the issue on your PC.
Step 3
When finished you should see an entry:
Validation Status: Genuine
Now REBOOT your PC and try Windows Updates again...
Step 4
Another quick way that has been reported to fix this issue is to visit the online validation too:
http://www.microsoft.com/genuine/default.aspx?displaylang=en
...and that should have now resolved the 0x80070005 error for you!
0x80070005 - Resolution Suggestion:
In most cases you can resolve this error by doing the following:
Step 1
Open up your browser and download the Microsoft Genuine Advantage Diagnostic Tool - HERE to your desktop.
Step 2
Simply double click the file and hit the "continue" button.
The tool will now run a diagnostic and hopefully automatically fix the issue on your PC.
Step 3
When finished you should see an entry:
Validation Status: Genuine
Now REBOOT your PC and try Windows Updates again...
Step 4
Another quick way that has been reported to fix this issue is to visit the online validation too:
http://www.microsoft.com/genuine/default.aspx?displaylang=en
...and that should have now resolved the 0x80070005 error for you!
Sorry forgot the link for Microsoft Genuine Advantage Diagnostic Tool
Open up your browser and download the Microsoft Genuine Advantage Diagnostic Tool - HERE
http://go.microsoft.com/fwlink/?linkid=52012
Open up your browser and download the Microsoft Genuine Advantage Diagnostic Tool - HERE
http://go.microsoft.com/fwlink/?linkid=52012
Could be virus related.
Run Combofix and post logfile here after.
Follow its instructions
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Another option is to run MS fixit if not virus
http://support.microsoft.com/kb/971058
Run Combofix and post logfile here after.
Follow its instructions
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Another option is to run MS fixit if not virus
http://support.microsoft.com/kb/971058
ASKER
pballan: thanks but I had already tried that diagnostic tool
optoma: good suggestion--interesting when i run the FixIt tool, I get the error message: "Service 'Automatic Updates' (WUAUSERV) could not be stopped. Verify that you have sufficient privileges to stop system services"
Sure enough, when I ope services.msc and try to open the "Automatic Updates" service I get: "Unable to open Service Automatic Updates for reasing on Local Computer. Error 5: Access is Denied"
optoma: good suggestion--interesting when i run the FixIt tool, I get the error message: "Service 'Automatic Updates' (WUAUSERV) could not be stopped. Verify that you have sufficient privileges to stop system services"
Sure enough, when I ope services.msc and try to open the "Automatic Updates" service I get: "Unable to open Service Automatic Updates for reasing on Local Computer. Error 5: Access is Denied"
ASKER
Also the combofix window appears to be running indefinitely...Been sitting there for 25 minutes or so.
It's not really showing other signs of infection, Norton, Trojan Remover coming up empty.
It's not really showing other signs of infection, Norton, Trojan Remover coming up empty.
ASKER
Also I'm not getting any status updates from Combofix...I see on the walkthrough its supposed to come up and say "Completed Stage_1, _2..." etc...don't have any of that
ASKER
nevermind, ran fine after a reboot. here's the log:
ComboFix 10-06-15.02 - Cedric 15/06/2010 22:22:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18. 1022.499 [GMT -4:00]
Running from: c:\documents and settings\Cedric\My Documents\Downloads\ComboF ix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-9 2431C1C35F 8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A 6E19C16F22 0}
.
(((((((((((((((((((((((((( (((((((((( ((( Other Deletions )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
c:\documents and settings\Cedric\GoToAssist DownloadHe lper.exe
c:\program files\INSTALL.LOG
C:\setup.exe
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))) )))))
.
2010-08-06 22:20 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12 101110.dll
2010-06-16 00:40 . 2010-06-16 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-14 20:22 . 2010-06-14 20:22 -------- d-----w- c:\program files\Windows Resource Kits
2010-06-14 20:21 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcab inet.dll
2010-06-14 20:21 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunr ar36.dll
2010-06-14 20:21 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvuna ce26.dll
2010-06-14 20:21 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3 .dll
2010-06-14 20:21 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev 2.dll
2010-06-14 15:49 . 2010-06-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-11 02:57 . 2004-08-04 10:00 221184 ----a-w- c:\windows\system32\wmpns. dll
2010-06-11 02:41 . 2008-04-14 09:41 4255 ------w- c:\windows\system32\driver s\adv01nt5 .dll
2010-06-11 02:37 . 2010-06-11 02:37 -------- d-----w- c:\windows\EHome
2010-06-11 01:51 . 2010-06-11 01:51 -------- d-----w- c:\program files\Windows Defender
2010-06-08 23:21 . 2010-06-08 23:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-05-29 00:10 . 2010-05-29 00:10 503808 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-38dc bca0-n\msv cp71.dll
2010-05-29 00:10 . 2010-05-29 00:10 499712 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-38dc bca0-n\jmc .dll
2010-05-29 00:10 . 2010-05-29 00:10 348160 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-38dc bca0-n\msv cr71.dll
2010-05-29 00:10 . 2010-05-29 00:10 61440 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\Deployment\S ystemCache \6.0\50\55 35ab32-627 fd319-n\de cora-sse.d ll
2010-05-29 00:10 . 2010-05-29 00:10 12800 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\Deployment\S ystemCache \6.0\50\55 35ab32-627 fd319-n\de cora-d3d.d ll
2010-05-22 18:11 . 2010-05-22 18:11 503808 ----a-w- c:\documents and settings\Cedric\Applicatio n Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-5b45 0a03-n\msv cp71.dll
2010-05-22 18:11 . 2010-05-22 18:11 499712 ----a-w- c:\documents and settings\Cedric\Applicatio n Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-5b45 0a03-n\jmc .dll
2010-05-22 18:11 . 2010-05-22 18:11 348160 ----a-w- c:\documents and settings\Cedric\Applicatio n Data\Sun\Java\Deployment\S ystemCache \6.0\46\f8 4c6ae-5b45 0a03-n\msv cr71.dll
2010-05-22 18:11 . 2010-05-22 18:11 61440 ----a-w- c:\documents and settings\Cedric\Applicatio n Data\Sun\Java\Deployment\S ystemCache \6.0\50\55 35ab32-725 67230-n\de cora-sse.d ll
2010-05-22 18:11 . 2010-05-22 18:11 12800 ----a-w- c:\documents and settings\Cedric\Applicatio n Data\Sun\Java\Deployment\S ystemCache \6.0\50\55 35ab32-725 67230-n\de cora-d3d.d ll
2010-05-19 03:41 . 2010-05-19 03:41 -------- d-----w- c:\program files\Common Files\Java
2010-05-19 03:41 . 2010-05-19 03:40 411368 ----a-w- c:\windows\system32\deploy Java1.dll
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2010-08-06 22:21 . 2009-08-25 00:57 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-06-14 15:58 . 2009-08-25 00:28 0 ----a-w- c:\windows\system32\driver s\lvuvc.hs
2010-06-14 15:57 . 2009-08-25 00:26 0 ----a-w- c:\windows\system32\driver s\logiflt. iad
2010-06-14 13:49 . 2008-02-25 23:27 -------- d-----w- c:\program files\Dl_cats
2010-06-12 21:02 . 2007-12-04 15:01 47120 ----a-w- c:\documents and settings\Diana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 02:58 . 2007-12-03 22:59 47120 ----a-w- c:\documents and settings\Cedric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 02:49 . 2007-12-03 22:32 77423 ----a-w- c:\windows\pchealth\helpct r\OfflineC ache\index .dat
2010-06-09 00:25 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Cedric\Applicatio n Data\Uniblue
2010-06-09 00:25 . 2009-10-22 18:06 -------- d-----w- c:\program files\Uniblue
2010-06-08 23:44 . 2009-08-25 00:58 23832 ----a-w- c:\windows\system32\driver s\lvuvcflt .sys
2010-06-08 23:30 . 2007-12-03 23:21 45568 ----a-w- c:\windows\system32\driver s\bcm4sbxp .sys
2010-06-03 19:09 . 2009-10-15 19:08 64288 ----a-w- c:\windows\system32\driver s\Lbd.sys
2010-05-29 00:10 . 2010-02-18 14:10 664 ----a-w- c:\windows\system32\d3d9ca ps.dat
2010-05-16 00:33 . 2009-08-24 22:03 -------- d-----w- c:\documents and settings\Cedric\Applicatio n Data\Skype
2010-05-15 23:05 . 2009-08-24 22:07 -------- d-----w- c:\documents and settings\Cedric\Applicatio n Data\skypePM
2010-05-02 19:09 . 2009-10-16 15:55 15880 ----a-w- c:\windows\system32\lsdele te.exe
2010-04-24 23:31 . 2009-09-21 20:04 -------- d-----w- c:\documents and settings\Cedric\Applicatio n Data\dvdcss
2010-04-17 17:45 . 2007-12-04 17:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 15:25 . 2010-04-17 15:25 -------- d-----w- c:\program files\Symantec
2010-04-17 15:25 . 2010-04-17 15:25 805 ----a-w- c:\windows\system32\driver s\SYMEVENT .INF
2010-04-17 15:25 . 2010-04-17 15:25 7443 ----a-w- c:\windows\system32\driver s\SYMEVENT .CAT
2010-04-17 15:25 . 2010-04-17 15:25 60808 ----a-w- c:\windows\system32\S32EVN T1.DLL
2010-04-17 15:25 . 2010-04-17 15:25 124976 ----a-w- c:\windows\system32\driver s\SYMEVENT .SYS
2010-04-17 15:25 . 2010-04-17 15:24 -------- d-----w- c:\program files\Norton Internet Security
2010-04-17 15:24 . 2008-12-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-17 15:17 . 2008-12-04 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\RunOn ce]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\l auncher.ex e" [2010-06-01 46440]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"DLCCCATS"="c:\windows\Sys tem32\spoo l\DRIVERS\ W32X86\3\D LCCtime.dl l" [2005-09-14 73728]
"ISUSPM Startup"="c:\progra~1\COMM ON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe" [2004-07-27 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"{0228e555-4f9c-4e35-a3ec- b109a192b4 c2}"="c:\p rogram files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ISUSScheduler"="c:\progra ~1\COMMON~ 1\INSTAL~1 \UPDATE~1\ issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\p rogram files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"=" c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Softw are\Micros oft\Window s\CurrentV ersion\Run ]
"CTFMON.EXE"="c:\windows\s ystem32\CT FMON.EXE" [2008-04-14 15360]
c:\documents and settings\Cedric\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\winlogon \notify\Go ToAssist]
2008-09-19 01:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\51 4\g2awinlo gon.dll
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Saf eBoot\Mini mal\Lavaso ft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Saf eBoot\Mini mal\WinDef end]
@="Service"
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Koda k EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda k EasyShare software.lnk
backup=c:\windows\pss\Koda k EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Micr osoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr osoft Office.lnk
backup=c:\windows\pss\Micr osoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ AppleSyncN otifier]
2008-10-01 17:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif ier.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.e xe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ctfmon.exe ]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon .exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ dlccmon.ex e]
2005-10-21 15:40 430080 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ISUSSchedu ler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\Update Service\is sch.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Logitech Utility]
2002-11-08 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ MSMSGS]
2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ SigmatelSy sTrayApp]
2006-07-27 18:19 282624 ----a-w- c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ TkBellExe]
2008-10-05 00:09 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\reals ched.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"KodakDigitalDisplayServic e"=2 (0x2)
"JavaQuickStarterService"= 2 (0x2)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa re\microso ft\securit y center\Monitoring]
"DisableMonitoring"=dword: 00000001
[HKEY_LOCAL_MACHINE\softwa re\microso ft\securit y center\Monitoring\Symantec AntiVirus]
"DisableMonitoring"=dword: 00000001
[HKEY_LOCAL_MACHINE\softwa re\microso ft\securit y center\Monitoring\Symantec Firewall]
"DisableMonitoring"=dword: 00000001
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile\Auth orizedAppl ications\L ist]
"%windir%\\system32\\sessm gr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe" =
"c:\\Program Files\\Bonjour\\mDNSRespon der.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe" =
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e xe"=
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDispl aySoftware .exe"=
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\ \DllStartu pService.e xe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype .exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R0 Lbd;Lbd;c:\windows\system3 2\drivers\ Lbd.sys [10/15/2009 3:08 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\ drivers\NI S\1107000. 00C\symds. sys [5/25/2010 3:13 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\syst em32\drive rs\NIS\110 7000.00C\s ymefa.sys [5/25/2010 3:13 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\docum ents and settings\All Users\Application Data\Norton\{0C55C096-0F1D -4F28-AAA2 -85EF59112 6E7}\NIS_1 7.5.0.127\ Definition s\BASHDefs \20100522. 001\BHDrvx 86.sys [5/22/2010 2:16 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system 32\drivers \NIS\11070 00.00C\cch px86.sys [5/25/2010 3:13 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32 \drivers\N IS\1107000 .00C\ironx 86.sys [5/25/2010 3:13 PM 116784]
R2 KodakDigitalDisplayService ;KodakDigi talDisplay Service;c: \program files\Kodak\Digital Display\OrbKodakLauncher\D llStartupS ervice.exe [5/14/2009 12:21 PM 98304]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ ccsvchst.e xe [5/25/2010 3:13 PM 126392]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;Eraser UtilReboot Drv;c:\pro gram files\Common Files\Symantec Shared\EENGINE\EraserUtilR ebootDrv.s ys [5/27/2010 1:51 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\docum ents and settings\All Users\Application Data\Norton\{0C55C096-0F1D -4F28-AAA2 -85EF59112 6E7}\NIS_1 7.5.0.127\ Definition s\IPSDefs\ 20100604.0 04\IDSXpx8 6.sys [6/9/2010 12:35 PM 331640]
S2 gupdate1ca4dca80fef7ea;Goo gle Update Service (gupdate1ca4dca80fef7ea);c :\program files\Google\Update\Google Update.exe [10/15/2009 3:05 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AA WService.e xe [2/4/2010 11:52 AM 1352320]
.
Contents of the 'Scheduled Tasks' folder
2010-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad -AwareAdmi n.exe [2010-02-04 19:08]
2010-03-22 c:\windows\Tasks\AppleSoft wareUpdate .job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-06-16 c:\windows\Tasks\GoogleUpd ateTaskMac hineCore.j ob
- c:\program files\Google\Update\Google Update.exe [2009-10-15 19:05]
2010-06-16 c:\windows\Tasks\GoogleUpd ateTaskMac hineUA.job
- c:\program files\Google\Update\Google Update.exe [2009-10-15 19:05]
2010-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2010-06-11 c:\windows\Tasks\User_Feed _Synchroni zation-{11 39FFEB-BA2 5-45B0-BF8 E-A114DD5C 9176}.job
- c:\windows\system32\msfeed ssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Offic e10\EXCEL. EXE/3000
Trusted Zone: microsoft.com\v4.windowsup date
Trusted Zone: microsoft.com\windowsupdat e
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\cla sses\xmlds o.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DMXLaunche r - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather. exe
MSConfigStartUp-SunJavaUpd ateSched - c:\program files\Java\jre6\bin\jusche d.exe
************************** ********** ********** ********** ********** ********
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 22:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
DLCCCATS = rundll32 c:\windows\System32\spool\ DRIVERS\W3 2X86\3\DLC Ctime.dll, _RunDLLEnt ry@16????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
[HKEY_LOCAL_MACHINE\System \ControlSe t001\Servi ces\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ ccSvcHst.e xe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\ diMaster.d ll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\program files\Citrix\GoToAssist\51 4\G2AWinLo gon.dll
.
Completion time: 2010-06-15 22:33:33
ComboFix-quarantined-files .txt 2010-06-16 02:33
Pre-Run: 137,925,038,080 bytes free
Post-Run: 141,682,282,496 bytes free
- - End Of File - - CF63EFA8A7528BC05182626B75 91C31C
ComboFix 10-06-15.02 - Cedric 15/06/2010 22:22:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.
Running from: c:\documents and settings\Cedric\My Documents\Downloads\ComboF
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-9
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A
.
((((((((((((((((((((((((((
.
c:\documents and settings\Cedric\GoToAssist
c:\program files\INSTALL.LOG
C:\setup.exe
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 ))))))))))))))))))))))))))
.
2010-08-06 22:20 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12
2010-06-16 00:40 . 2010-06-16 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-14 20:22 . 2010-06-14 20:22 -------- d-----w- c:\program files\Windows Resource Kits
2010-06-14 20:21 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcab
2010-06-14 20:21 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunr
2010-06-14 20:21 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvuna
2010-06-14 20:21 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3
2010-06-14 20:21 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev
2010-06-14 15:49 . 2010-06-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-11 02:57 . 2004-08-04 10:00 221184 ----a-w- c:\windows\system32\wmpns.
2010-06-11 02:41 . 2008-04-14 09:41 4255 ------w- c:\windows\system32\driver
2010-06-11 02:37 . 2010-06-11 02:37 -------- d-----w- c:\windows\EHome
2010-06-11 01:51 . 2010-06-11 01:51 -------- d-----w- c:\program files\Windows Defender
2010-06-08 23:21 . 2010-06-08 23:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-05-29 00:10 . 2010-05-29 00:10 503808 ----a-w- c:\documents and settings\Diana\Application
2010-05-29 00:10 . 2010-05-29 00:10 499712 ----a-w- c:\documents and settings\Diana\Application
2010-05-29 00:10 . 2010-05-29 00:10 348160 ----a-w- c:\documents and settings\Diana\Application
2010-05-29 00:10 . 2010-05-29 00:10 61440 ----a-w- c:\documents and settings\Diana\Application
2010-05-29 00:10 . 2010-05-29 00:10 12800 ----a-w- c:\documents and settings\Diana\Application
2010-05-22 18:11 . 2010-05-22 18:11 503808 ----a-w- c:\documents and settings\Cedric\Applicatio
2010-05-22 18:11 . 2010-05-22 18:11 499712 ----a-w- c:\documents and settings\Cedric\Applicatio
2010-05-22 18:11 . 2010-05-22 18:11 348160 ----a-w- c:\documents and settings\Cedric\Applicatio
2010-05-22 18:11 . 2010-05-22 18:11 61440 ----a-w- c:\documents and settings\Cedric\Applicatio
2010-05-22 18:11 . 2010-05-22 18:11 12800 ----a-w- c:\documents and settings\Cedric\Applicatio
2010-05-19 03:41 . 2010-05-19 03:41 -------- d-----w- c:\program files\Common Files\Java
2010-05-19 03:41 . 2010-05-19 03:40 411368 ----a-w- c:\windows\system32\deploy
.
((((((((((((((((((((((((((
.
2010-08-06 22:21 . 2009-08-25 00:57 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-06-14 15:58 . 2009-08-25 00:28 0 ----a-w- c:\windows\system32\driver
2010-06-14 15:57 . 2009-08-25 00:26 0 ----a-w- c:\windows\system32\driver
2010-06-14 13:49 . 2008-02-25 23:27 -------- d-----w- c:\program files\Dl_cats
2010-06-12 21:02 . 2007-12-04 15:01 47120 ----a-w- c:\documents and settings\Diana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 02:58 . 2007-12-03 22:59 47120 ----a-w- c:\documents and settings\Cedric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 02:49 . 2007-12-03 22:32 77423 ----a-w- c:\windows\pchealth\helpct
2010-06-09 00:25 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Cedric\Applicatio
2010-06-09 00:25 . 2009-10-22 18:06 -------- d-----w- c:\program files\Uniblue
2010-06-08 23:44 . 2009-08-25 00:58 23832 ----a-w- c:\windows\system32\driver
2010-06-08 23:30 . 2007-12-03 23:21 45568 ----a-w- c:\windows\system32\driver
2010-06-03 19:09 . 2009-10-15 19:08 64288 ----a-w- c:\windows\system32\driver
2010-05-29 00:10 . 2010-02-18 14:10 664 ----a-w- c:\windows\system32\d3d9ca
2010-05-16 00:33 . 2009-08-24 22:03 -------- d-----w- c:\documents and settings\Cedric\Applicatio
2010-05-15 23:05 . 2009-08-24 22:07 -------- d-----w- c:\documents and settings\Cedric\Applicatio
2010-05-02 19:09 . 2009-10-16 15:55 15880 ----a-w- c:\windows\system32\lsdele
2010-04-24 23:31 . 2009-09-21 20:04 -------- d-----w- c:\documents and settings\Cedric\Applicatio
2010-04-17 17:45 . 2007-12-04 17:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 15:25 . 2010-04-17 15:25 -------- d-----w- c:\program files\Symantec
2010-04-17 15:25 . 2010-04-17 15:25 805 ----a-w- c:\windows\system32\driver
2010-04-17 15:25 . 2010-04-17 15:25 7443 ----a-w- c:\windows\system32\driver
2010-04-17 15:25 . 2010-04-17 15:25 60808 ----a-w- c:\windows\system32\S32EVN
2010-04-17 15:25 . 2010-04-17 15:25 124976 ----a-w- c:\windows\system32\driver
2010-04-17 15:25 . 2010-04-17 15:24 -------- d-----w- c:\program files\Norton Internet Security
2010-04-17 15:24 . 2008-12-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-17 15:17 . 2008-12-04 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"PowerSuite"="c:\program files\Uniblue\PowerSuite\l
[HKEY_LOCAL_MACHINE\SOFTWA
"DLCCCATS"="c:\windows\Sys
"ISUSPM Startup"="c:\progra~1\COMM
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"{0228e555-4f9c-4e35-a3ec-
"ISUSScheduler"="c:\progra
"SunJavaUpdateSched"="c:\p
"LogitechQuickCamRibbon"="
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Softw
"CTFMON.EXE"="c:\windows\s
c:\documents and settings\Cedric\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\softwa
2008-09-19 01:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\51
[HKEY_LOCAL_MACHINE\SYSTEM
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM
@="Service"
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda
backup=c:\windows\pss\Koda
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr
backup=c:\windows\pss\Micr
[HKEY_LOCAL_MACHINE\softwa
2008-10-01 17:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif
[HKEY_LOCAL_MACHINE\softwa
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.e
[HKEY_LOCAL_MACHINE\softwa
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon
[HKEY_LOCAL_MACHINE\softwa
2005-10-21 15:40 430080 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
[HKEY_LOCAL_MACHINE\softwa
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTA
[HKEY_LOCAL_MACHINE\softwa
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\Update
[HKEY_LOCAL_MACHINE\softwa
2002-11-08 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\softwa
2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\softwa
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\softwa
2006-07-27 18:19 282624 ----a-w- c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\softwa
2008-10-05 00:09 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\reals
[HKEY_LOCAL_MACHINE\softwa
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"KodakDigitalDisplayServic
"JavaQuickStarterService"=
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa
"DisableMonitoring"=dword:
[HKEY_LOCAL_MACHINE\softwa
"DisableMonitoring"=dword:
[HKEY_LOCAL_MACHINE\softwa
"DisableMonitoring"=dword:
[HKLM\~\services\sharedacc
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc
"%windir%\\system32\\sessm
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
"c:\\Program Files\\Bonjour\\mDNSRespon
"c:\\Program Files\\iTunes\\iTunes.exe"
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDispl
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R0 Lbd;Lbd;c:\windows\system3
R0 SymDS;Symantec Data Store;c:\windows\system32\
R0 SymEFA;Symantec Extended File Attributes;c:\windows\syst
R1 BHDrvx86;BHDrvx86;c:\docum
R1 ccHP;Symantec Hash Provider;c:\windows\system
R1 SymIRON;Symantec Iron Driver;c:\windows\system32
R2 KodakDigitalDisplayService
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;Eraser
R3 IDSxpx86;IDSxpx86;c:\docum
S2 gupdate1ca4dca80fef7ea;Goo
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AA
.
Contents of the 'Scheduled Tasks' folder
2010-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad
2010-03-22 c:\windows\Tasks\AppleSoft
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-06-16 c:\windows\Tasks\GoogleUpd
- c:\program files\Google\Update\Google
2010-06-16 c:\windows\Tasks\GoogleUpd
- c:\program files\Google\Update\Google
2010-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2010-06-11 c:\windows\Tasks\User_Feed
- c:\windows\system32\msfeed
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Offic
Trusted Zone: microsoft.com\v4.windowsup
Trusted Zone: microsoft.com\windowsupdat
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\cla
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DMXLaunche
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.
MSConfigStartUp-SunJavaUpd
**************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 22:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi
DLCCCATS = rundll32 c:\windows\System32\spool\
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
[HKEY_LOCAL_MACHINE\System
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\program files\Citrix\GoToAssist\51
.
Completion time: 2010-06-15 22:33:33
ComboFix-quarantined-files
Pre-Run: 137,925,038,080 bytes free
Post-Run: 141,682,282,496 bytes free
- - End Of File - - CF63EFA8A7528BC05182626B75
Did you try update fixit after running Combofix?
Any difference/ error messages?
Any difference/ error messages?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No prob.
try checkout
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=00c31eeb-b4a4-46d6-a7d9-de47f7101cfd&p=1
it's included the WGA also