System (SP2) has been running fine for weeks. This morning my Norton Live Update wouldn't install the latest update. After further checking, I found NO files will install. I get error: "xxxx is not a valid Win32 application". This holds true for .exe and .msi. programs. Copied an old .exe file to see if it was a corrupt d/l problem - nope. Nothing changed in last 2 days. Ran AdAware and Norton Anti-virus, no baddies. My Norton files are updated through the 6th, so it worked up to then. Any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can't install files
- Thread starter micker377
- Start date
10/6/2004 is the current NAV definition file.
. Apply the .EXE and .MSI file association fixes from Doug Knox: Reboot and test.
If you are getting the "not a valid Win32" error, is this for files you have just downloaded, or for any file including existing files?
. Apply the .EXE and .MSI file association fixes from Doug Knox: Reboot and test.
If you are getting the "not a valid Win32" error, is this for files you have just downloaded, or for any file including existing files?
- Thread starter
- #3
That didn't help (Doug Knox). You know I never have simple problems. I pulled up a 2 year old .exe file to see if it was a "new file" problem, nope. The problem with Norton is that Live Update keeps trying, over and over, anytime I'm online. Guess I'll have to turn it off 'till I get this resolved.
I think NAV is missing something, as if it is not a virus it is as a good guess something else you do not want on your system.
My daughter had an AOL IM trojan that led to this same result of not being able to use .exe or .msi files.
In any case you should backstop your NAV with the use of a trojan-specific scanner, and at least one Non-Norton/Symantec AV scan.
. Try GIANT antitrojan, using its trial period:
. Do at least one online AV scan: I would do both Trend Micro and Panda:
. It would help to do an Adaware scan as well. The freeware version (update the definition file first thing) is excellent. Go to the download page at:
My daughter had an AOL IM trojan that led to this same result of not being able to use .exe or .msi files.
In any case you should backstop your NAV with the use of a trojan-specific scanner, and at least one Non-Norton/Symantec AV scan.
. Try GIANT antitrojan, using its trial period:
. Do at least one online AV scan: I would do both Trend Micro and Panda:
. It would help to do an Adaware scan as well. The freeware version (update the definition file first thing) is excellent. Go to the download page at:
- Thread starter
- #5
Usually the online AV are activeX controls and not executables. Are you sure you tried Panda and Trend Micro?
See:
See:
See if you can use Safe Mode to get any of your downloaded anti trojan software installed.
Not really that relevant but might be worth a try.
Update for Windows XP Service Pack 2 (KB885894)
System Restore to before the 6th is another consideration. You can try this procedure to recreate your Registry to a point before any trouble.
Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.
If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates (no problem if you substitute them with SP2) but your files and programs will be untouched.
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
Not really that relevant but might be worth a try.
Update for Windows XP Service Pack 2 (KB885894)
System Restore to before the 6th is another consideration. You can try this procedure to recreate your Registry to a point before any trouble.
Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.
If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates (no problem if you substitute them with SP2) but your files and programs will be untouched.
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
- Thread starter
- #8
Bill, both sites (Trend and Panda) tried to d/l and INSTALL the activeX control files, like I said - nothing will install.
Linney, I'll try safe mode again after the SP2 update you posted. Already tried SFC, computer kept giving a "try again" error every 5 minutes. Spent 5 hours clicking "OK" and gave up at 3/4% loaded DLLs. May have to "overwrite". I have the SP2 CD, so no biggie (ha-ha, anyone know how to run Linnux?).
Linney, I'll try safe mode again after the SP2 update you posted. Already tried SFC, computer kept giving a "try again" error every 5 minutes. Spent 5 hours clicking "OK" and gave up at 3/4% loaded DLLs. May have to "overwrite". I have the SP2 CD, so no biggie (ha-ha, anyone know how to run Linnux?).
You may have more success (with SFC), perhaps, if SP2 was slipstreamed with any XP CD you have. It will save you time in the future too with any formats and re-installs.
In any case after SP2 was installed most of the files used by SFC would I imagine be selected from the ServicePackFiles folder in the Windows directory rather than the XP CD (new XP CD's including SP2 excepted). Do you have this folder?
Slipstream Service Packs
thread779-900263
In any case after SP2 was installed most of the files used by SFC would I imagine be selected from the ServicePackFiles folder in the Windows directory rather than the XP CD (new XP CD's including SP2 excepted). Do you have this folder?
Slipstream Service Packs
thread779-900263
- Thread starter
- #10
C:\windows\servicepackfiles\i386\...
How would I point to this? When I ran SFC, I first put in the SP2 CD and was told "wrong CD,try again". I put in the original WinXP and proceeded to try. I haven't had time to try safe mode yet. You think I have problems here, on the test bench is my ex-wifes system to be repaired. I think I will have to switch from beer, to Jack Daniel's for that!
How would I point to this? When I ran SFC, I first put in the SP2 CD and was told "wrong CD,try again". I put in the original WinXP and proceeded to try. I haven't had time to try safe mode yet. You think I have problems here, on the test bench is my ex-wifes system to be repaired. I think I will have to switch from beer, to Jack Daniel's for that!
It seems odd that sfc will run (it is sfc.exe), and IE will run (iexplore.exe), and apparantly System Restore will run (restrui.exe) but other EXE files will not.
Can you run Hijack This?
It is a stand-aloe exe that does not require installation. If so, post the log back here.
Can you run Hijack This?
It is a stand-aloe exe that does not require installation. If so, post the log back here.
- Thread starter
- #12
I'll try "hijack" tomorrow. It's 3:35 am, and I'm going to bed! Interesting new clue: tried "safe mode" as per linney, and it worked to install the latest anti-virus and another program I d/l yesterday. Couldn't do an .msi, as Windows says you can't do an .msi in safe mode. Already tried to boot without msconfig/startup "Load Startup Items" to no avail. Too bad I can't run sfc in safe mode!
Try Safe Mode with Networking:
. Try sfc /Scannow
I believe the RPC service is started if you start Safe Mode with Networking, so I believe SFC will succeed in this mode, but have not tried it.
. System Restore (You do have this enabled I hope).
. and the online AV scanners again
. Try sfc /Scannow
I believe the RPC service is started if you start Safe Mode with Networking, so I believe SFC will succeed in this mode, but have not tried it.
. System Restore (You do have this enabled I hope).
. and the online AV scanners again
- Thread starter
- #14
Safe Mode w/Networking will recognize CD (nice to know for the future), but won't run sfc - window pops up and leaves real fast. Finally got sfc to run (msconfig - uncheck load startup items), 3 hours and no effect. In fact, I had to go into safe mode to change load startup back to normal. Maybe tomorrow I'll get time to run and post Hijack.
- Thread starter
- #15
As requested:
Logfile of HijackThis v1.97.6
Scan saved at 8:37:15 PM, on 10/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Picasa\PicasaMediaDetector.exe
E:\KMaestro\Key_e.EXE
E:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
E:\PROGRA~1\WinEject\wineject.exe
C:\Program Files\Vmtu\VMTU.Exe
E:\Program Files\TitleBarClock\Tbc.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\WordWeb\wweb32.exe
F:\Program Files\Roxio\GoBack\GBTray.exe
D:\Program Files\SpywareGuard\spywareguardcp.exe
D:\Utility\WipeOut\WipeOut.exe
C:\Program Files\SpamPal\spampal.exe
E:\Program Files\AdSubtract\adsub.exe
D:\Utility\purrint.exe
E:\Program Files\AllChars\AllChars.exe
D:\Utility\Nkeybd\Nkboard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Utility\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mick's Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - e:\Program Files\MoreGoogle\MoreGoogle.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MECA-IE - {E7DC02F7-A213-4866-B800-FDCB4555FB79} - E:\Program Files\MECA\HBO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PlanetNews - {C420DE13-AB17-4875-9A82-E3FEC5568FD6} - C:\WINDOWS\Downloaded Program Files\PlanetNews2.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] e:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [KeyMaestro] e:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [D-Link Air Utility] E:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKCU\..\Run: [WinEjectAutoStart1] E:\PROGRA~1\WinEject\wineject.exe -instance:1
O4 - HKCU\..\Run: [VMTU] C:\Program Files\Vmtu\VMTU.Exe
O4 - HKCU\..\Run: [TBC.exe] E:\Program Files\TitleBarClock\Tbc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard Control Panel.lnk = ?
O4 - Startup: WipeOut.exe.lnk = ?
O4 - Startup: SpamPal.lnk = ?
O4 - Startup: AdSubtract.lnk = E:\Program Files\AdSubtract\adsub.exe
O4 - Startup: purrint.exe.lnk = ?
O4 - Startup: AllChars.lnk = E:\Program Files\AllChars\AllChars.exe
O4 - Startup: Nkboard.exe.lnk = D:\Utility\Nkeybd\Nkboard.exe
O4 - Global Startup: WordWeb.lnk = ?
O4 - Global Startup: GoBack.lnk = ?
O5 - control.ini: inetcpl.cpl=no
O8 - Extra context menu item: &Browse to... - C:\WINDOWS\Web\browseto.htm
O8 - Extra context menu item: &ieSpell Options - res://E:\Program Files\SlimBrowser\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-mick.html
O8 - Extra context menu item: Check &Spelling - res://E:\Program Files\SlimBrowser\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://e:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://e:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:e:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: IEB: Browser: Resize Window - d:\Program Files\IE Booster\window-size.html
O8 - Extra context menu item: IEB: Frame: Open in &New Window - d:\Program Files\IE Booster\frame-open-in-new-window.html
O8 - Extra context menu item: IEB: Frame: Open in &This Window - d:\Program Files\IE Booster\frame-open-in-this-window.html
O8 - Extra context menu item: IEB: Image: Copy Path to Clipboard - d:\Program Files\IE Booster\image-copy-path-to-clipboard.html
O8 - Extra context menu item: IEB: Image: Show Image Data - d:\Program Files\IE Booster\image-view-image-data.html
O8 - Extra context menu item: IEB: Link: Copy as <A href="URL">caption</A> - d:\Program Files\IE Booster\link-copy.html
O8 - Extra context menu item: IEB: Link: Open in New Minimized Window - d:\Program Files\IE Booster\link-open-minimized.html
O8 - Extra context menu item: IEB: Page: Copy Title as <A href="URL">Title</a> - d:\Program Files\IE Booster\page-copy-title.html
O8 - Extra context menu item: IEB: Page: Show Forms and Applets - d:\Program Files\IE Booster\page-show-forms.html
O8 - Extra context menu item: IEB: Page: Show Hyperlinks - d:\Program Files\IE Booster\page-view-hyperlinks.html
O8 - Extra context menu item: IEB: Page: Show Images - d:\Program Files\IE Booster\page-show-images.html
O8 - Extra context menu item: IEB: Page: Show Source - d:\Program Files\IE Booster\page-view-source.html
O8 - Extra context menu item: IEB: Page: Show Stylesheets - d:\Program Files\IE Booster\page-view-stylesheets.html
O8 - Extra context menu item: IEB: Selection: Copy as plain text - d:\Program Files\IE Booster\selection-copy-plaintext.html
O8 - Extra context menu item: IEB: Selection: Open in Browser - d:\Program Files\IE Booster\selection-open-in-browser.html
O8 - Extra context menu item: IEB: Selection: Show Partial Source - d:\Program Files\IE Booster\selection-show-source.html
O8 - Extra context menu item: Parse with LeechGet - file://e:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm &2 (HKLM)
O9 - Extra button: RSS Explorer (HKLM)
O9 - Extra 'Tools' menuitem: RSS Explorer (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Maximizer (HKLM)
O9 - Extra 'Tools' menuitem: IE New Window Maximizer (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: msvcp71 - O16 - DPF: msvcr71 - O16 - DPF: ppctlcab - O16 - DPF: symsupportutil - O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - O16 - DPF: {14567E65-6AA1-11D6-BBBC-0010A4BF6B06} (XCleanerOnline Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6F3D49A9-8DC8-4566-BF95-9A7776C56F8B} - O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://J:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - O16 - DPF: {F9345AB4-7CB5-11D7-A914-00A0C96F4D57} (PrjBestView.CtlBestView) -
Logfile of HijackThis v1.97.6
Scan saved at 8:37:15 PM, on 10/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Picasa\PicasaMediaDetector.exe
E:\KMaestro\Key_e.EXE
E:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
E:\PROGRA~1\WinEject\wineject.exe
C:\Program Files\Vmtu\VMTU.Exe
E:\Program Files\TitleBarClock\Tbc.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\WordWeb\wweb32.exe
F:\Program Files\Roxio\GoBack\GBTray.exe
D:\Program Files\SpywareGuard\spywareguardcp.exe
D:\Utility\WipeOut\WipeOut.exe
C:\Program Files\SpamPal\spampal.exe
E:\Program Files\AdSubtract\adsub.exe
D:\Utility\purrint.exe
E:\Program Files\AllChars\AllChars.exe
D:\Utility\Nkeybd\Nkboard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Utility\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mick's Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - e:\Program Files\MoreGoogle\MoreGoogle.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MECA-IE - {E7DC02F7-A213-4866-B800-FDCB4555FB79} - E:\Program Files\MECA\HBO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PlanetNews - {C420DE13-AB17-4875-9A82-E3FEC5568FD6} - C:\WINDOWS\Downloaded Program Files\PlanetNews2.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] e:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [KeyMaestro] e:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [D-Link Air Utility] E:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKCU\..\Run: [WinEjectAutoStart1] E:\PROGRA~1\WinEject\wineject.exe -instance:1
O4 - HKCU\..\Run: [VMTU] C:\Program Files\Vmtu\VMTU.Exe
O4 - HKCU\..\Run: [TBC.exe] E:\Program Files\TitleBarClock\Tbc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard Control Panel.lnk = ?
O4 - Startup: WipeOut.exe.lnk = ?
O4 - Startup: SpamPal.lnk = ?
O4 - Startup: AdSubtract.lnk = E:\Program Files\AdSubtract\adsub.exe
O4 - Startup: purrint.exe.lnk = ?
O4 - Startup: AllChars.lnk = E:\Program Files\AllChars\AllChars.exe
O4 - Startup: Nkboard.exe.lnk = D:\Utility\Nkeybd\Nkboard.exe
O4 - Global Startup: WordWeb.lnk = ?
O4 - Global Startup: GoBack.lnk = ?
O5 - control.ini: inetcpl.cpl=no
O8 - Extra context menu item: &Browse to... - C:\WINDOWS\Web\browseto.htm
O8 - Extra context menu item: &ieSpell Options - res://E:\Program Files\SlimBrowser\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-mick.html
O8 - Extra context menu item: Check &Spelling - res://E:\Program Files\SlimBrowser\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://e:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://e:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: GuruNet... - file:e:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: IEB: Browser: Resize Window - d:\Program Files\IE Booster\window-size.html
O8 - Extra context menu item: IEB: Frame: Open in &New Window - d:\Program Files\IE Booster\frame-open-in-new-window.html
O8 - Extra context menu item: IEB: Frame: Open in &This Window - d:\Program Files\IE Booster\frame-open-in-this-window.html
O8 - Extra context menu item: IEB: Image: Copy Path to Clipboard - d:\Program Files\IE Booster\image-copy-path-to-clipboard.html
O8 - Extra context menu item: IEB: Image: Show Image Data - d:\Program Files\IE Booster\image-view-image-data.html
O8 - Extra context menu item: IEB: Link: Copy as <A href="URL">caption</A> - d:\Program Files\IE Booster\link-copy.html
O8 - Extra context menu item: IEB: Link: Open in New Minimized Window - d:\Program Files\IE Booster\link-open-minimized.html
O8 - Extra context menu item: IEB: Page: Copy Title as <A href="URL">Title</a> - d:\Program Files\IE Booster\page-copy-title.html
O8 - Extra context menu item: IEB: Page: Show Forms and Applets - d:\Program Files\IE Booster\page-show-forms.html
O8 - Extra context menu item: IEB: Page: Show Hyperlinks - d:\Program Files\IE Booster\page-view-hyperlinks.html
O8 - Extra context menu item: IEB: Page: Show Images - d:\Program Files\IE Booster\page-show-images.html
O8 - Extra context menu item: IEB: Page: Show Source - d:\Program Files\IE Booster\page-view-source.html
O8 - Extra context menu item: IEB: Page: Show Stylesheets - d:\Program Files\IE Booster\page-view-stylesheets.html
O8 - Extra context menu item: IEB: Selection: Copy as plain text - d:\Program Files\IE Booster\selection-copy-plaintext.html
O8 - Extra context menu item: IEB: Selection: Open in Browser - d:\Program Files\IE Booster\selection-open-in-browser.html
O8 - Extra context menu item: IEB: Selection: Show Partial Source - d:\Program Files\IE Booster\selection-show-source.html
O8 - Extra context menu item: Parse with LeechGet - file://e:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm &2 (HKLM)
O9 - Extra button: RSS Explorer (HKLM)
O9 - Extra 'Tools' menuitem: RSS Explorer (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Maximizer (HKLM)
O9 - Extra 'Tools' menuitem: IE New Window Maximizer (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: msvcp71 - O16 - DPF: msvcr71 - O16 - DPF: ppctlcab - O16 - DPF: symsupportutil - O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - O16 - DPF: {14567E65-6AA1-11D6-BBBC-0010A4BF6B06} (XCleanerOnline Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6F3D49A9-8DC8-4566-BF95-9A7776C56F8B} - O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://J:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - O16 - DPF: {F9345AB4-7CB5-11D7-A914-00A0C96F4D57} (PrjBestView.CtlBestView) -
It is essentially clean.
This entry bothers me a bit:
C:\WINDOWS\System32\tcpsvcs.exe as the default is normally set to Manual.
I think you are going to have to do a repair reinstall of XP:
This entry bothers me a bit:
C:\WINDOWS\System32\tcpsvcs.exe as the default is normally set to Manual.
I think you are going to have to do a repair reinstall of XP:
- Thread starter
- #18
Method 1: Reinstall Windows XP by using Windows XP
To reinstall Windows XP by using Windows XP, follow these steps: 1. Start your computer.
2. Insert the Windows XP CD in your computer's CD-ROM or DVD-ROM drive.
3. On the Welcome to Microsoft Windows XP page, click Install Windows XP.
4. On the Welcome to Windows Setup page, click Upgrade (Recommended) in the Installation Type box (if it is not already selected), and then click Next.
5. On the License Agreement page, click I accept this agreement, and then click Next.
6. On the Your Product Key page, type the 25-character product key in the Product key boxes, and then click Next.
7. On the Get Updated Setup Files page, select the option that you want, and then click Next.
8. Follow the instructions that appear on the screen to reinstall Windows XP.
Method 2: Reinstall Windows XP by starting your computer from the Windows XP CD
To reinstall Windows XP by starting your computer from the Windows XP CD, follow these steps: 1. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
2. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.
Note Your computer must be configured to start from the CD-ROM or DVD-ROM drive. For more information about how to configure your computer to start from the CD-ROM or DVD-ROM drive, see your computer's documentation or contact your computer manufacturer.
3. You receive the following message on the Welcome to Setup screen that appears:
This portion of the Setup program prepares Microsoft Windows XP to run on your computer:
To setup Windows XP now, press ENTER.
To repair a Windows XP installation using Recovery Console, press R.
To quit Setup without installing Windows XP, press F3.
Press ENTER to set up Windows XP.
4. On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement.
5. Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
6. Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.
After you perform an in-place upgrade or repair installation, you must reinstall all updates to Windows. To reinstall Windows updates, visit the following Microsoft Web site:
To reinstall Windows XP by using Windows XP, follow these steps: 1. Start your computer.
2. Insert the Windows XP CD in your computer's CD-ROM or DVD-ROM drive.
3. On the Welcome to Microsoft Windows XP page, click Install Windows XP.
4. On the Welcome to Windows Setup page, click Upgrade (Recommended) in the Installation Type box (if it is not already selected), and then click Next.
5. On the License Agreement page, click I accept this agreement, and then click Next.
6. On the Your Product Key page, type the 25-character product key in the Product key boxes, and then click Next.
7. On the Get Updated Setup Files page, select the option that you want, and then click Next.
8. Follow the instructions that appear on the screen to reinstall Windows XP.
Method 2: Reinstall Windows XP by starting your computer from the Windows XP CD
To reinstall Windows XP by starting your computer from the Windows XP CD, follow these steps: 1. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
2. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.
Note Your computer must be configured to start from the CD-ROM or DVD-ROM drive. For more information about how to configure your computer to start from the CD-ROM or DVD-ROM drive, see your computer's documentation or contact your computer manufacturer.
3. You receive the following message on the Welcome to Setup screen that appears:
This portion of the Setup program prepares Microsoft Windows XP to run on your computer:
To setup Windows XP now, press ENTER.
To repair a Windows XP installation using Recovery Console, press R.
To quit Setup without installing Windows XP, press F3.
Press ENTER to set up Windows XP.
4. On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement.
5. Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
6. Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.
After you perform an in-place upgrade or repair installation, you must reinstall all updates to Windows. To reinstall Windows updates, visit the following Microsoft Web site:
![[profile]](/data/assets/smilies/profile.gif "[profile] [profile]")
- Status
Similar threads
