0

I'm trying to help neighbor with a problem that seems to have been the result of a power outage. She was running Windows Update > power failure > neverending wuauclt.exe error messages. I've followed the Cleanup Threads and am having some issues deleting some of the files (in use).
I've run ATF, DDS, Windows Malware Removal, MBA-M, but when I tried to run GMER it crashes after 45 minutes (tried 3 times today). Machine seizes up and needs hard reboot.

Exceptions to Cleanup Thread efforts:
1) del entire contents of c:\windows\temp -- can't get rid of JETC052.tmp; perflib_perfdata_170; or perflib_perfdata_198 ("in use")
2) del contents of c:\temp -- no such animal on this computer
3) search *.tmp and del all -- can't del c:\winxp\temp\JETC052.tmp (same as above in 1)
4) clean each user:
>local service\temp - can't del CMLS--2010-05-04--17-04-51.log or
WER1dba.dir00
>cookies file -- can't del username\cookies\index.dat or
networkservice.NTAuthority\cookies\index.dat
and these items also appear in content IE5 and History

Never had such a difficult time fixing something like this before. Any clues would be gratefully accepted! Thanks for your help!

Attachments
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Priscilla Yagel at 17:55:13.04 on Tue 05/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -4:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated)   {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINXP\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINXP\System32\svchost.exe -k dot3svc
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\WINXP\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINXP\System32\dmadmin.exe
C:\WINXP\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\stsystra.exe
C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINXP\system32\spider.exe
C:\Program Files\WIN Malware Tool\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [HostManager] c:\program files\common files\aol\1259949287\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\prisci~1\applic~1\mozilla\firefox\profiles\q5su4152.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winxp\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\winxp\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100429.001\IDSXpx86.sys [2010-5-3 329592]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-27 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100504.004\NAVENG.SYS [2010-5-4 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100504.004\NAVEX15.SYS [2010-5-4 1324720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\winxp\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-05-04 20:33:40	0	d-----w-	c:\docume~1\prisci~1\applic~1\Malwarebytes
2010-05-04 20:33:32	38224	----a-w-	c:\winxp\system32\drivers\mbamswissarmy.sys
2010-05-04 20:33:30	20952	----a-w-	c:\winxp\system32\drivers\mbam.sys
2010-05-04 20:33:30	0	d-----w-	c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-05-04 15:15:23	35552	-c--a-w-	c:\winxp\system32\dllcache\wups.dll
2010-05-04 15:15:23	327896	-c--a-w-	c:\winxp\system32\dllcache\wucltui.dll
2010-05-04 15:15:23	21728	----a-w-	c:\winxp\system32\wucltui.dll.mui
2010-05-04 15:15:22	217816	-c--a-w-	c:\winxp\system32\dllcache\wuaucpl.cpl
2010-05-04 15:15:22	217816	----a-w-	c:\winxp\system32\wuaucpl.cpl
2010-05-04 15:15:22	17632	----a-w-	c:\winxp\system32\wuaueng.dll.mui
2010-05-04 15:15:22	15072	----a-w-	c:\winxp\system32\wuaucpl.cpl.mui
2010-05-04 15:15:19	15064	----a-w-	c:\winxp\system32\wuapi.dll.mui
2010-05-03 20:56:05	0	d-----w-	c:\program files\WIN Malware Tool
2010-05-03 15:02:29	0	d-----w-	c:\winxp\pss
2010-04-22 18:35:27	0	d-----w-	c:\winxp\system32\CatRoot2
2010-04-21 22:24:23	16832	----a-w-	c:\winxp\system32\amcompat.tlb
2010-04-21 22:24:20	23392	----a-w-	c:\winxp\system32\nscompat.tlb
2010-04-21 21:49:40	0	d-----w-	c:\program files\Spybot
2010-04-21 21:44:43	0	d-----w-	c:\program files\Includes
2010-04-21 18:58:45	0	d-sh--w-	c:\documents and settings\priscilla yagel\IECompatCache
2010-04-14 21:53:42	3558912	-c----w-	c:\winxp\system32\dllcache\moviemk.exe
2010-04-14 21:50:58	0	d-sh--w-	c:\documents and settings\priscilla yagel\PrivacIE
2010-04-14 21:46:30	0	d-sh--w-	c:\documents and settings\priscilla yagel\IETldCache
2010-04-14 21:40:21	594432	-c----w-	c:\winxp\system32\dllcache\msfeeds.dll
2010-04-14 21:40:21	55296	-c----w-	c:\winxp\system32\dllcache\msfeedsbs.dll
2010-04-14 21:40:21	247808	-c----w-	c:\winxp\system32\dllcache\ieproxy.dll
2010-04-14 21:40:21	1985536	-c----w-	c:\winxp\system32\dllcache\iertutil.dll
2010-04-14 21:40:21	12800	-c----w-	c:\winxp\system32\dllcache\xpshims.dll
2010-04-14 21:40:20	11070976	-c----w-	c:\winxp\system32\dllcache\ieframe.dll
2010-04-14 21:40:17	0	d-----w-	c:\winxp\ie8updates
2010-04-14 21:39:51	64000	-c----w-	c:\winxp\system32\dllcache\iecompat.dll
2010-04-14 21:38:58	0	dc-h--w-	c:\winxp\ie8
2010-04-14 20:12:01	0	d-----w-	c:\docume~1\alluse~1.win\applic~1\WD_SmartWareCommon
2010-04-14 20:07:24	0	d-----w-	c:\docume~1\prisci~1\applic~1\Western Digital
2010-04-14 20:07:19	0	d-----w-	c:\docume~1\alluse~1.win\applic~1\Western Digital
2010-04-14 20:06:14	0	d-----w-	c:\program files\Western Digital
2010-04-12 20:20:48	0	d-----w-	c:\program files\Windows Media Connect 2
2010-04-12 19:57:20	0	d-----w-	c:\docume~1\pris
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2009 9:20:05 PM
System Uptime: 5/4/2010 4:50:06 PM (1 hours ago)

Motherboard: Dell Inc.           |  | 0WG864
Processor: Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 192.112 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
K: is CDROM (UDF)
L: is FIXED (NTFS) - 931 GiB total, 918.791 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP64: 2/3/2010 6:19:17 PM - System Checkpoint
RP65: 2/4/2010 1:53:24 PM - Software Distribution Service 3.0
RP66: 2/5/2010 1:24:16 PM - Norton 360 Registry Clean
RP67: 2/5/2010 1:31:56 PM - Software Distribution Service 3.0
RP68: 2/5/2010 1:40:58 PM - Software Distribution Service 3.0
RP69: 2/6/2010 7:13:17 PM - System Checkpoint
RP70: 2/7/2010 7:43:37 PM - System Checkpoint
RP71: 2/8/2010 8:25:24 PM - System Checkpoint
RP72: 2/9/2010 10:10:13 PM - System Checkpoint
RP73: 2/10/2010 10:24:08 PM - System Checkpoint
RP74: 2/11/2010 11:00:49 PM - System Checkpoint
RP75: 2/12/2010 11:51:52 PM - System Checkpoint
RP76: 2/14/2010 1:19:33 AM - System Checkpoint
RP77: 2/15/2010 5:10:34 PM - System Checkpoint
RP78: 2/16/2010 5:35:25 PM - System Checkpoint
RP79: 2/17/2010 6:36:12 PM - System Checkpoint
RP80: 2/18/2010 10:51:54 PM - System Checkpoint
RP81: 2/19/2010 1:38:59 PM - Restore Operation
RP82: 2/19/2010 1:51:56 PM - Software Distribution Service 3.0
RP83: 2/19/2010 1:53:05 PM - prior to install system pack 3
RP84: 2/19/2010 2:00:28 PM - Installed Windows XP Service Pack 3.
RP85: 2/19/2010 2:08:08 PM - Installed Windows XP KB923561.
RP86: 2/19/2010 2:08:27 PM - Installed Windows XP KB946648.
RP87: 2/19/2010 2:08:48 PM - Installed Windows XP KB950762.
RP88: 2/19/2010 2:09:10 PM - Installed Windows XP KB950974.
RP89: 2/19/2010 2:09:36 PM - Installed Windows XP KB951066.
RP90: 2/19/2010 2:09:58 PM - Installed Windows XP KB951376-v2.
RP91: 2/19/2010 2:10:23 PM - Installed Windows XP KB951748.
RP92: 2/19/2010 2:10:44 PM - Installed Windows XP KB952004.
RP93: 2/19/2010 2:11:05 PM - Installed Windows XP KB952287.
RP94: 2/19/2010 2:11:23 PM - Installed Windows XP KB952954.
RP95: 2/19/2010 2:11:42 PM - Installed Windows XP KB955069.
RP96: 2/19/2010 2:11:58 PM - Installed Windows XP KB973687.
RP97: 2/19/2010 2:12:23 PM - Installed Windows XP KB955759.
RP98: 2/19/2010 2:12:45 PM - Installed Windows XP KB956572.
RP99: 2/19/2010 2:13:08 PM - Installed Windows XP KB956802.
RP100: 2/19/2010 2:13:28 PM - Installed Windows XP KB956803.
RP101: 2/19/2010 2:13:47 PM - Installed Windows XP KB956844.
RP102: 2/19/2010 2:14:07 PM - Installed Windows XP KB957097.
RP103: 2/19/2010 2:14:25 PM - Installed Windows XP KB958644.
RP104: 2/19/2010 2:14:51 PM - Installed Windows XP KB958687.
RP105: 2/19/2010 2:15:11 PM - Installed Windows XP KB959426.
RP106: 2/19/2010 2:15:33 PM - Installed Windows XP KB960225.
RP107: 2/19/2010 2:15:51 PM - Installed Windows XP KB960803.
RP108: 2/19/2010 2:16:10 PM - Installed Windows XP KB960859.
RP109: 2/19/2010 2:16:32 PM - Installed Windows XP KB961371-v2.
RP110: 2/19/2010 2:16:53 PM - Installed Windows XP KB961501.
RP111: 2/19/2010 2:17:14 PM - Installed Windows XP KB967715.
RP112: 2/19/2010 2:17:34 PM - Installed Windows XP KB968389.
RP113: 2/19/2010 2:17:57 PM - Installed Windows XP KB969059.
RP114: 2/19/2010 2:18:18 PM - Installed Windows XP KB969947.
RP115: 2/19/2010 2:18:37 PM - Installed Windows XP KB970238.
RP116: 2/19/2010 2:19:00 PM - Installed Windows XP KB970430.
RP117: 2/19/2010 2:19:19 PM - Installed Windows XP KB971486.
RP118: 2/19/2010 2:19:40 PM - Installed Windows XP KB971557.
RP119: 2/19/2010 2:19:59 PM - Installed Windows XP KB971633.
RP120: 2/19/2010 2:20:17 PM - Installed Windows XP KB971657.
RP121: 2/19/2010 2:20:40 PM - Installed Windows XP KB971737.
RP122: 2/19/2010 2:20:58 PM - Installed Windows XP KB972270.
RP123: 2/19/2010 2:21:20 PM - Installed Windows XP KB973354.
RP124: 2/19/2010 2:21:37 PM - Installed Windows XP KB973507.
RP125: 2/19/2010 2:21:59 PM - Installed Windows XP KB973687.
RP126: 2/19/2010 2:22:14 PM - Installed Windows XP KB973815.
RP127: 2/19/2010 2:22:30 PM - Installed Windows XP KB973869.
RP128: 2/19/2010 2:22:48 PM - Installed Windows XP KB974112.
RP129: 2/19/2010 2:23:04 PM - Installed Windows XP KB974318.
RP130: 2/19/2010 2:23:22 PM - Installed Windows XP KB974392.
RP131: 2/19/2010 2:23:39 PM - Installed Windows XP KB974455.
RP132: 2/19/2010 2:23:58 PM - Installed Windows XP KB974571.
RP133: 2/19/2010 2:24:16 PM - Installed Windows XP KB975025.
RP134: 2/19/2010 2:24:32 PM - Installed Windows XP KB975467.
RP135: 2/19/2010 2:24:52 PM - Installed Windows XP KB976325.
RP136: 2/19/2010 2:25:28 PM - Installed Windows XP KB976749.
RP137: 2/19/2010 2:25:49 PM - Installed Windows XP KB978207.
RP138: 2/19/2010 2:37:30 PM - Norton 360 Registry Clean
RP139: 2/19/2010 2:49:16 PM - clean and running
RP140: 2/20/2010 4:08:05 PM - System Checkpoint
RP141: 2/21/2010 7:42:09 PM - System Checkpoint
RP142: 2/22/2010 8:35:47 PM - System Checkpoint
RP143: 2/23/2010 8:41:04 PM - System Checkpoint
RP144: 2/24/2010 8:42:15 PM - System Checkpoint
RP145: 2/25/2010 9:22:45 PM - System Checkpoint
RP146: 2/26/2010 9:39:34 PM - System Checkpoint
RP147: 2/27/2010 9:44:55 PM - System Checkpoint
RP148: 2/28/2010 9:56:56 PM - System Checkpoint
RP149: 3/1/2010 10:49:49 PM - System Checkpoint
RP150: 3/2/2010 11:06:51 PM - System Checkpoint
RP151: 3/4/2010 12:51:35 AM - System Checkpoint
RP152: 3/5/2010 1:30:50 AM - System Checkpoint
RP153: 3/14/2010 3:25:30 AM - System Checkpoint
RP154: 3/15/2010 6:29:15 PM - System Checkpoint
RP155: 3/16/2010 6:31:47 PM - System Checkpoint
RP156: 3/17/2010 6:45:18 PM - System Checkpoint
RP157: 3/18/2010 10:17:41 PM - System Checkpoint
RP158: 3/19/2010 11:17:30 PM - System Checkpoint
RP159: 3/20/2010 11:38:37 PM - System Checkpoint
RP160: 3/22/2010 2:32:51 PM - System Checkpoint
RP161: 3/23/2010 3:23:39 PM - System Checkpoint
RP162: 3/24/2010 3:55:16 PM - System Checkpoint
RP163: 3/25/2010 7:09:23 PM - System Checkpoint
RP164: 3/26/2010 7:41:24 PM - System Checkpoint
RP165: 3/27/2010 7:56:08 PM - System Checkpoint
RP166: 3/28/2010 8:21:27 PM - System Checkpoint
RP167: 3/29/2010 8:54:37 PM - System Checkpoint
RP168: 3/30/2010 9:24:57 PM - System Checkpoint
RP169: 4/1/2010 1:24:13 AM - System Checkpoint
RP170: 4/2/2010 5:51:02 PM - System Checkpoint
RP171: 4/3/2010 5:55:59 PM - System Checkpoint
RP172: 4/4/2010 6:53:45 PM - System Checkpoint
RP173: 4/5/2010 7:11:34 PM - System Checkpoint
RP174: 4/6/2010 8:08:12 PM - System Checkpoint
RP175: 4/7/2010 10:56:42 PM - System Checkpoint
RP176: 4/9/2010 12:50:55 AM - System Checkpoint
RP177: 4/10/2010 6:07:59 PM - System Checkpoint
RP178: 4/11/2010 6:26:58 PM - System Checkpoint
RP179: 4/12/2010 4:18:26 PM - Installed Windows Media Player 11
RP180: 4/12/2010 4:19:03 PM - Software Distribution Service 3.0
RP181: 4/13/2010 7:03:28 PM - System Checkpoint
RP182: 4/14/2010 5:35:07 PM - Software Distribution Service 3.0
RP183: 4/15/2010 3:33:40 AM - Software Distribution Service 3.0
RP184: 4/16/2010 8:31:15 PM - System Checkpoint
RP185: 4/17/2010 9:04:00 PM - System Checkpoint
RP186: 4/18/2010 1:10:40 AM - Software Distribution Service 3.0
RP187: 4/19/2010 1:21:44 AM - System Checkpoint
RP188: 4/20/2010 2:20:02 AM - System Checkpoint
RP189: 4/21/2010 1:11:25 PM - System Checkpoint
RP190: 4/21/2010 1:55:12 PM - Software Distribution Service 3.0
RP191: 4/21/2010 2:31:07 PM - Turned off Items in System to run Faster
RP192: 4/21/2010 2:52:25 PM - Changed settings in system Properties
RP193: 4/21/2010 3:19:26 PM - Software Distribution Service 3.0
RP194: 4/21/2010 4:51:46 PM - Restore Operation
RP195: 4/21/2010 4:57:19 PM - Restore Operation
RP196: 4/21/2010 5:38:29 PM - Restore Operation
RP197: 4/22/2010 4:15:44 PM - Restore Operation
RP198: 4/22/2010 4:21:22 PM - Restore Operation
RP199: 4/23/2010 4:35:13 PM - System Checkpoint
RP200: 4/25/2010 2:00:12 AM - System Checkpoint
RP201: 4/26/2010 5:47:30 PM - System Checkpoint
RP202: 4/27/2010 7:59:26 PM - System Checkpoint
RP203: 4/28/2010 8:26:08 PM - System Checkpoint
RP204: 4/29/2010 9:28:14 PM - System Checkpoint
RP205: 4/30/2010 11:02:35 PM - System Checkpoint
RP206: 5/1/2010 11:24:34 PM - System Checkpoint
RP207: 5/3/2010 12:02:37 AM - System Checkpoint
RP208: 5/3/2010 1:34:17 PM - Restore Operation
RP209: 5/3/2010 1:39:45 PM - Restore Operation
RP210: 5/3/2010 3:56:52 PM - Installed HiJackThis

==== Installed Programs ======================

Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AiO_Scan_CDA
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Conexant D850 56K V.9x DFVc Modem
Dell Resource CD
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photosmart, Officejet and Deskjet 7.0.A
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 17
K-Lite Codec Pack 5.4.4 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.6)
Norton 360 Premier Edition
NVIDIA Drivers
QFolder
Scan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Upd
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-04 18:20:42
Windows 5.1.2600 Service Pack 3
Running: nwhzkmnc.exe; Driver: C:\DOCUME~1\PRISCI~1\LOCALS~1\Temp\pxtdapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip     SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/4/2010 4:42:14 PM
mbam-log-2010-05-04 (16-42-14).txt

Scan type: Quick scan
Objects scanned: 177534
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Pris\Desktop\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
5
Contributors
29
Replies
31
Views
7 Years
Discussion Span
Last Post by jholland1964
0

Hello and welcome to daniweb, sorry it has taken so long for you to receive a reply.
Give us the exact wording of the neverending wuauclt.exe error messages.
There appears to only be one notation in the event log generated by the DDS scan pointing to this file. It reads;

4/29/2010 3:00:56 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\winxp\system32\wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.

There were no other errors noting this file. There is an error noted for a file with a "similar" name but certainly not this one, which says;

wuaucpl.cpl was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Priscilla Yagel. The file version of the bad file is unknown.

Where did you get those Cleanup Thread steps? Here on this forum or someplace else? What program are you using to attempt to clean out the temp files?

Can you update MBA-M and this time do a Full Scan. Of course have it remove/quarantine anything found and post back with the resulting log.
Judy

Edited by jholland1964: n/a

0

s'okay Judy! and thanks for the welcome! I just appreciate the assistance - this little monster makes me want to format c: and rebuild.

Yes, I followed the instructions on Daniweb cleanup threads after following MS' instructions for over a week without resolve. I thought I did run the full MBA-M so I'll go back and try again. I started with PhillyPhan's Read Me thread in Viruses and Spyware, and also dlh6213's thread Cleaning Procedures and Detecting Tools.

It's not my computer (parent's friend) and I won't be able to access it again until Monday so I apologize in advance for the resulting delay in answering the rest of your questions.

Check back here Monday? Mille grazie!

Lorilei

0

dlh6213's thread Cleaning Procedures and Detecting Tools.

That set of instructions is over 4 and 1/2 years old, many of those procedures are now out of date. The key instructions are PhilliePhans Read Me thread in Viruses and Spyware which he keeps updated, if you note there it says Last edited by PhilliePhan; 27 Days Ago

0

That set of instructions is over 4 and 1/2 years old, many of those procedures are now out of date. The key instructions are PhilliePhans Read Me thread in Viruses and Spyware which he keeps updated, if you note there it says Last edited by PhilliePhan; 27 Days Ago

That's good - because that's where I started with PhillyPhan. If I remember, that's where I got the links for ATF, DDS, GMER and MBA-M.

0

That's good - because that's where I started with PhillyPhan. If I remember, that's where I got the links for ATF, DDS, GMER and MBA-M.

That's right. Glad of that.

0

Hello! Sorry for delay!

Here's a screen cap of the dreaded wuauclt.exe error and the log of a mba-m full scan (which did not find anything this time around. Just for grins and giggles I tried going back to MS Updates and got the same result - freeze/hang.

Error signature
szAppName : wuauclt.exe szAppVer : 7.4.7600.226 szModName : esent.dll
szModVer : 5.1.2600.5512 offset : 000c42d2

Attachments
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2010 4:59:55 PM
mbam-log-2010-05-11 (16-59-55).txt

Scan type: Full scan (C:\|L:\|)
Objects scanned: 353343
Time elapsed: 2 hour(s), 12 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0

Thanks for your patience -- freshly run hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:56:45 PM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINXP\stsystra.exe
C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINXP\System32\dmadmin.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol toolbar\aoltbServer.exe
L:\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 6186 bytes

0

Try updating once more but this time totally turn off the Norton program. If that doesn't work we will try something else.

0

That didn't work either. Turned off Norton and still can't update and I'm still getting the error message. What next, Obi-Wan?

0

Try this first:
Reset the Windows UPdate components and check if you still get that error message.
Click on the Fix It button in the article below to do that automatically or you may do it manually. For more information refer to the article below.
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Then try to update.
If that doesn't work then try this:

Install Windows Update Agent to manage the updates on your computer.
Download and install Windows Update Agent to manage the updates for your computer.
Follow the link below to download and install Windows Update Agent:
http://support.microsoft.com/kb/949104

After doing that see if Updates will work.

0

will go do that now and check back when it's done - thanks

0

Okay: latest results

"How do I reset Windows Update components?
http://support.microsoft.com/kb/971058"

Tried to run this and reboot three times. Each time it flashed a message that "you may not have the authority to run this program" and then it continued on without correcting the problem. Yes, I am signed in as the owner/administrator.

Then tried
"install Windows Update Agent:
http://support.microsoft.com/kb/949104"

but it asks you to go the the very page that I'm locked out of: support.microsoft.com. Which has been trying to connect in an adjacent tab for about 7 minutes now.

Tried going to Control Panel>User Accounts to see if there was anything useful under the owner/admin's name but it was pretty useless.

0

new hijack log if it helps:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:26 PM, on 5/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINXP\stsystra.exe
C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINXP\System32\dmadmin.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\System32\svchost.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINXP\system32\wuauclt.exe
L:\HiJack This\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 6034 bytes

0

I was able to download and run the Update Agent File from this link but it told me that Update Agent was already loaded and working. And while this window was up, the stupid error message flashed again! >XP

0

Hi!
Did all that. Got new error message: KB893803v2 Setup Error. Setup has detected that the Service Pack version of this system is newer than the update you are applying. There is no need to install this update.

Going back to MS Downloads and looking for WinInstaller update that works with SP 3.

Sorry for delay - RL job usurped my life.

0

Thanks for hanging in there with me! I did download v 4.5 from the link above and followed the directions. It download and install but I still can't get the updates to work at all, and I'm still getting the stupid error messages. Did I miss a step in the process?

here's a HT log if it helps. Again - many thanks! Anyone who wants to jump in I'm taking WAGs (wild A$$ guesses) at this point out of sheer frustration. Coming Soon to a Computer Near Me: format c:\ -- the sequel

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:39:55 PM, on 5/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINXP\System32\dmadmin.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINXP\Explorer.EXE
C:\WINXP\stsystra.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
L:\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINXP\system32\wuauclt.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259949287\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\AdAware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 5838 bytes

0

I posted the info for you one week ago but you have done nothing for a week. If you wanted to fix the computer you would have stayed with this thread.

0

Please excuse me, this isn't my computer and I don't have unlimited access to it. I also have a job that takes precedence. I have done everything you suggested. It hasn't worked so far. I'm sorry to have been an inconvenience, I will search elsewhere for assistance.

0

Press "Ctrl," "Alt" and "Delete" together to open the Windows Task Manager. Click the "Processes" tab to show the currently running processes on your computer.
Scroll down and click "wuauclt.exe ." Click "End Process" to stop this program from running. Close the Task Manager.
Double-click "My Computer" on the desktop and double-click the "C:" drive. Double-click the "WINDOWS" folder and double-click the "System32" folder.
Locate the "wuauclt.exe" file. Right-click it and click "Delete." Empty the recycle bin to complete the removal process.

0

I've tried that and "wuauclt.exe" relaunches itself immediately. I also did a search on all "wuauclt.exe" and related items as suggested by microsoft and changing the extension to ".old" and that didn't help either. I will be going over to this lady's house shortly and will try your suggestion before I format c: as this has been going on since April and I am tired of messing around with it and she is tired of these stupid error messages.

THANK YOU - I really *do* appreciate all the support I've had here and although this incident may not have been the easiest thing to solve, my first Daniweb help request is positive. I will post the results on how I finally got it solved once it's done.

0

please try this
Click Start, click Run, and then type net stop wuauserv.
On the desktop, double-click My Computer, and then delete the drive:\WuTemp folder.
Click Start, click Run, and then type net stop cryptsvc.
Delete the drive:\Windows\System32\Catroot2 folder.
Open the drive:\Windows folder, and then rename the SoftwareDistribution folder as SoftwareDistributionOLD.
Open the drive:\Windows\system32 folder, and then follow these steps:
Rename the Wuweb.dll file as Wuweb.dll.old.
Rename the Wuapi.dll file as Wuapi.dll.old.
Rename the Wuauclt.exe file as Wuauclt.exe.old.
Rename the Wuaucpl.cpl file as Wuaucpl.cpl.old.
Rename the Wuaueng1.dll file as Wuaueng1.dll.old.
Rename the Wuaueng.dll file as Wuaueng.dll.old.
Rename the Wuauserv.dll file as Wuauserv.dll.old.
Rename the Wucltui.dll file as Wucltui.dll.old.
Rename the Wups2.dll file as Wups2.dll.old.
Rename the Wups.dll file as Wups.dll.old.
Restart the computer

-1

To fix the wuauclt.exe error follow the given steps:
1) Copy and paste wuauclt.exeto C:\WINDOWS\system32. But before doing this, you have to make sure that there is no copy wuauclt.exe in this directory. Then please go to Start, and then "Search" to find whether there is a wuauclt.exefile on your computer. If it is placed at the wrong place, simply cut and then paste it under C:\WINDOWS\system32.
If you unfortunately can not find wuauclt.exe on your own computer, you can copy it from another computer and then paste it on your own. Also, you can reinstall your system to fix this annoying problem, but frankly, it will take you more time. To save your time and easily fix wuauclt.exe error,I highly recommend you to try the solution below.
2) Rely on a professional registry utility to fix wuauclt.exe error. Wuauclt.exe error always occurs when there is something wrong with Windows registry, which decides the proper running of the programs on your computer. And it can be easily fixed by fixing the registry. With a professional registry cleaner in hands, you can not only fix the wuauclt.exe error, but also helps you to effectively fix other kinds of registry errors, manage your system, optimize your computer to top performance every day.

Votes + Comments
Very poor advice. It is never a recommendation here to use registry cleaners.
0

2) Rely on a professional registry utility to fix wuauclt.exe error. Wuauclt.exe error always occurs when there is something wrong with Windows registry, which decides the proper running of the programs on your computer. And it can be easily fixed by fixing the registry. With a professional registry cleaner in hands, you can not only fix the wuauclt.exe error, but also helps you to effectively fix other kinds of registry errors, manage your system, optimize your computer to top performance every day.

Absolutely NEVER advice that is given here. Using registry cleaners and repair programs is never, ever recommended. If you are going to post here, please follow the steps and recommendations used here.

0

i have a sus laptop with vista on it and everytime i turn it on , windows will not boot up ..... Says something about device driver hardware can be removed (error 0000001122 ) not exactly the error code but something to that nature. If anyone could help me out I would really appreciate the time and knowledge...... Thanks again

0

i have a sus laptop with vista on it and everytime i turn it on , windows will not boot up ..... Says something about device driver hardware can be removed (error 0000001122 ) not exactly the error code but something to that nature. If anyone could help me out I would really appreciate the time and knowledge...... Thanks again

jjra0706 you need to begin your own thread rather than hijacking another's. Begin with our Read Me sticky and follow the steps there.
http://www.daniweb.com/forums/thread134865.html
Then begin your own thread stating your problems and including all the requested logs.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.