Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quite A Few Problems I Am Unable To Pinpoint


  • This topic is locked This topic is locked
18 replies to this topic

#1 LaurenCP

LaurenCP

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 23 April 2008 - 09:27 AM

I need some help with my Windows XP, please. I have run numerous virus scans and spyware scans but nothing shows up. I can't run Symantec System Check Virus Scan because it says

"Unable to run Virus Detection

In order to run Virus Detection you must be using Microsoft Internet Explorer 5.0 or higher with ActiveX and Scripting enabled." Both of these conditions are met..I am running IE 6 and both of those options are enabled.

It says that Service Pack 2 is installed, but there were several updates I tried to download manually that said it couldn't be downloaded because Service Pack 2 is a prerequisite. And speaking of updates... I cannot access the Windows Update site. I go through the motions and it starts to check for updates and goes for about 15 minutes checking, but I end up with an error code of 0x80072EFD. I have tried all the suggested remedies for this (bypassing proxy, adding various urls to the trusted sites, checking hosts file,firewall settings etc) but the problem still remains. I have no firewall, so I know that is not the problem.

I am also having several small issues with Windows in general. When I start Windows, the welcome screen stays up for about 45 seconds..that is a bit longer that usual. I was having issues with Outlook Express (script errors and unable to email to certain people), but that problem seems to be solved. Several webpages hang or encounter errors.

So, that is the problem. I hope someone can offer some help. I have included a Hijackthis log.

Thanks in advance, Lauren

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:48 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1208526330515
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208873482828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208365710765
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...276/mcfscan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nhksrv - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)

--
End of file - 5844 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 23 April 2008 - 11:07 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Please go here and scroll down to step 6. Follow the directions there to run DSS and then post those logs here in your next reply.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 23 April 2008 - 12:14 PM

Deckard's System Scanner v20071014.68
Run by Lauren on 2008-04-23 13:12:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:36 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\CY2X42LY\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lauren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...279/mcfscan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nhksrv - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4738 bytes

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 12:11:02 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-23 11:47:32 0 d-------- C:\Program Files\Promosoft Corporation
2008-04-23 10:54:14 0 d-------- C:\Program Files\Viewpoint
2008-04-23 10:54:02 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 10:53:07 0 d-------- C:\Program Files\AIM6
2008-04-23 09:13:18 0 d-------- C:\a2bd86825e028ed0ef4935
2008-04-23 08:48:21 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-22 14:34:10 0 d-------- C:\Program Files\ACW
2008-04-22 12:17:40 0 d-------- C:\a65667b093a8a88292b5fef4210102
2008-04-22 11:07:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 11:06:18 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-22 11:06:18 0 d-------- C:\Documents and Settings\Lauren\Application Data\IObit
2008-04-22 11:06:16 0 d-------- C:\Program Files\IObit
2008-04-22 11:04:52 516096 --a------ C:\WINDOWS\system32\ExTab.dll <Not Verified; Exontrol Inc.; ExTab Module>
2008-04-22 11:04:52 307200 --a------ C:\WINDOWS\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2008-04-22 11:04:52 602112 --a------ C:\WINDOWS\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2008-04-22 11:04:52 1753088 --a------ C:\WINDOWS\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-04-22 11:04:52 614400 --a------ C:\WINDOWS\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2008-04-22 11:04:51 118784 --a------ C:\WINDOWS\system32\eWebControl.dll <Not Verified; eSellerate Inc.; >
2008-04-22 11:04:51 356352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-22 11:04:50 0 d-------- C:\Program Files\AnswersThatWork
2008-04-22 10:33:38 0 d-------- C:\Documents and Settings\Lauren\Application Data\ErrorSmart
2008-04-18 14:23:08 0 d-------- C:\WINDOWS\McAfee.com
2008-04-18 13:42:12 0 d-------- C:\Program Files\PCPitstop
2008-04-18 09:16:27 0 d-------- C:\8d6a9fb9fa34e8c379e1c4dd07d7
2008-04-18 08:55:42 0 d-------- C:\WINDOWS\Prefetch
2008-04-17 16:20:24 0 d-------- C:\WINDOWS\SoftwareDistribution.old
2008-04-17 15:47:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-17 14:19:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-17 13:55:37 0 d-------- C:\Documents and Settings\Lauren\Application Data\RegistrySmart
2008-04-16 14:18:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-16 14:02:41 0 d-------- C:\Program Files\RegistrySmart
2008-04-16 13:46:10 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 13:46:10 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-16 13:46:10 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-16 13:46:10 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-16 10:38:59 0 d-------- C:\WINDOWS\setupupd
2008-04-16 09:32:15 0 d-------- C:\Documents and Settings\Lauren\Application Data\Yahoo!
2008-04-16 09:30:49 0 d-------- C:\Program Files\a-squared Free
2008-04-16 09:17:46 0 dr-h----- C:\Documents and Settings\Lauren\Recent
2008-04-16 09:17:45 0 d-------- C:\Program Files\AdwareSpywareScannerDeleter
2008-04-16 09:17:37 0 d-------- C:\Documents and Settings\Lauren\Application Data\HouseCall 6.6
2008-04-16 09:17:29 0 d-------- C:\Program Files\Avira
2008-04-14 16:30:28 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 15:40:07 6553600 --a------ C:\Documents and Settings\Lauren\ntuser.dat
2008-04-14 15:40:06 651264 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-14 14:16:10 0 d-------- C:\Program Files\CCleaner
2008-04-14 14:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-14 13:29:59 0 d-------- C:\WINDOWS\ERUNT
2008-04-14 11:56:43 0 d-------- C:\Program Files\Trend Micro
2008-04-14 10:53:33 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-14 09:59:21 68096 --a------ C:\WINDOWS\zip.exe
2008-04-14 09:59:21 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-14 09:59:21 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-14 09:59:21 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-14 09:59:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-14 09:59:21 98816 --a------ C:\WINDOWS\sed.exe
2008-04-14 09:59:21 80412 --a------ C:\WINDOWS\grep.exe
2008-04-14 09:59:21 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >


-- Find3M Report ---------------------------------------------------------------

2008-04-23 12:15:35 1336 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-22 15:15:35 0 d-------- C:\Documents and Settings\Lauren\Application Data\Help
2008-04-22 12:38:23 0 d-------- C:\Program Files\Yahoo!
2008-04-22 12:37:44 0 d-------- C:\Program Files\Common Files
2008-04-18 13:41:05 0 --a------ C:\AUTOEXEC.BAT
2008-04-18 09:34:49 0 d-------- C:\Documents and Settings\Lauren\Application Data\Adobe
2008-04-17 16:40:11 0 d-------- C:\Program Files\Messenger
2008-04-17 16:39:51 0 d-------- C:\Program Files\Movie Maker
2008-04-17 16:36:19 0 d-------- C:\Program Files\Windows NT
2008-04-16 09:17:40 0 d-------- C:\Program Files\Google
2008-04-14 16:23:36 0 d-------- C:\Program Files\Online Services
2008-04-14 11:48:59 0 d-------- C:\Program Files\3B Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/04/2004 12:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoPopUpsOnBoot"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 03/09/2006 01:46 PM 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\System32\srr scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
iexplore.exe http://iesettingsupdate

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSoftware]
C:\Program Files\Common Files\AOL\1155749647\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_RegCleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgcc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgemc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgregcl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ca]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Registry Fix]
"C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155749647\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSASCui]
C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRegScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mstds]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mstds.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wallpaper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Clean-Up Pro]
C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-23 13:13:48 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 23 April 2008 - 05:50 PM

Please post the other log also. It should be named extra.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 24 April 2008 - 07:25 AM

That appears to be the only log it made.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 24 April 2008 - 09:07 AM

I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 24 April 2008 - 09:28 AM

Add/Remove Pro (Freeware)
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Type Manager 4.0
Advanced WindowsCare 3 Beta
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
a-squared Free 3.5
Avira AntiVir PersonalEdition Classic
Bonjour
CCleaner (remove only)
CCScore
Dell ResourceCD
DellTouch
Easy CD Creator 5 Basic
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
HouseCall 6.6
Intel® PRO Ethernet Adapter and Software
iPod for Windows 2005-09-23
iPod for Windows 2005-11-17
iTunes
J2SE Runtime Environment 5.0 Update 9
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LG USB Drivers
LimeWire 4.12.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Quicken 2005
RealPlayer
RegistrySmart
RegScrubXP 3.25
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB928843)
SFR
SHASTA
SKIN0001
SKINXSDK
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
TaxCut Standard 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP1) [See Q282784 for more information]
Windows XP Service Pack 2
WinZip
WIRELESS
Yahoo! Messenger
Yahoo! Search Suggest Add-on for IE7

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 24 April 2008 - 07:02 PM

Click Start > Run and type these commands hitting enter after each one:

sc stop UmxAgent

sc delete UmxAgent

sc stop UmxCfg

sc delete UmxCfg

sc stop UmxFwHlp

sc delete UmxFwHlp

sc stop UmxPol

sc delete UmxPol




Check for Windows updates again now and let me know if you still get the same error.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 April 2008 - 07:45 AM

Unfortunately, yes. It checked for 30 minutes for updates then threw out the 0x80072EFD error. Now what? This is crazy...lol

Added: I downloaded Microsoft Baseline Security Analyzer and the report showed -

Security Updates Cannot load security CAB file.

Edited by LaurenCP, 25 April 2008 - 08:24 AM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 25 April 2008 - 01:41 PM

I am assuming that you've already tried everything that was suggested at this page?

http://support.microsoft.com/kb/836941

If you have, then go ahead and proceed with this next procedure.


============


1. Click Start, Run, type: cmd and press Enter.
Please run the following command in the opened window.

Net stop WuAuServ

2. Click Start, Run, type: %windir% and press Enter.
3. In the opened folder, rename the folder SoftwareDistribution to Sdold.
4. Click Start, Run, type: cmd and press Enter. Please run the following
command in the opened window.

Net start WuAuServ

Please visit the Windows Update site to test the issue again.
Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 25 April 2008 - 02:45 PM

Nothing...could it be anything in my registry settings?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 26 April 2008 - 01:53 AM

Sure it could have something to do with your registry. I see a lot of registry tools in your log, so evidently you've done some things there. But I still think you've got a firewall issue.

Can you post a fresh log from DSS?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 28 April 2008 - 12:21 PM

Here it is

Deckard's System Scanner v20071014.68
Run by Lauren on 2008-04-28 13:14:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:01 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lauren\Desktop\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lauren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...279/mcfscan.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nhksrv - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVSvc - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3624 bytes

-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 10:57:00 0 d-------- C:\Program Files\Mgutil
2008-04-25 16:40:43 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-04-25 16:39:27 0 d-------- C:\WINDOWS\Prefetch
2008-04-24 10:05:11 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-24 09:19:38 0 d-------- C:\Documents and Settings\Lauren\SecurityScans
2008-04-24 09:19:23 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-04-24 08:59:04 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-24 08:58:38 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 08:31:31 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-04-24 08:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-23 14:35:17 0 d-------- C:\Documents and Settings\Lauren\Application Data\OfficeUpdate12
2008-04-23 12:11:02 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-23 10:54:02 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 10:53:07 0 d-------- C:\Program Files\AIM6
2008-04-23 09:13:18 0 d-------- C:\a2bd86825e028ed0ef4935
2008-04-23 08:48:21 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-22 14:34:10 0 d-------- C:\Program Files\ACW
2008-04-22 12:17:40 0 d-------- C:\a65667b093a8a88292b5fef4210102
2008-04-22 11:07:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 11:06:18 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-22 11:06:18 0 d-------- C:\Documents and Settings\Lauren\Application Data\IObit
2008-04-22 11:06:16 0 d-------- C:\Program Files\IObit
2008-04-22 11:04:52 516096 --a------ C:\WINDOWS\system32\ExTab.dll <Not Verified; Exontrol Inc.; ExTab Module>
2008-04-22 11:04:52 307200 --a------ C:\WINDOWS\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2008-04-22 11:04:52 602112 --a------ C:\WINDOWS\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2008-04-22 11:04:52 1753088 --a------ C:\WINDOWS\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-04-22 11:04:52 614400 --a------ C:\WINDOWS\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2008-04-22 11:04:51 118784 --a------ C:\WINDOWS\system32\eWebControl.dll <Not Verified; eSellerate Inc.; >
2008-04-22 11:04:51 356352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-18 14:23:08 0 d-------- C:\WINDOWS\McAfee.com
2008-04-18 13:42:12 0 d-------- C:\Program Files\PCPitstop
2008-04-18 09:16:27 0 d-------- C:\8d6a9fb9fa34e8c379e1c4dd07d7
2008-04-17 16:20:24 0 d-------- C:\WINDOWS\SoftwareDistribution.old
2008-04-17 15:47:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-16 14:18:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-16 13:46:10 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 13:46:10 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-16 13:46:10 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-16 13:46:10 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-16 10:38:59 0 d-------- C:\WINDOWS\setupupd
2008-04-16 09:32:15 0 d-------- C:\Documents and Settings\Lauren\Application Data\Yahoo!
2008-04-16 09:30:49 0 d-------- C:\Program Files\a-squared Free
2008-04-16 09:17:46 0 dr-h----- C:\Documents and Settings\Lauren\Recent
2008-04-16 09:17:29 0 d-------- C:\Program Files\Avira
2008-04-14 16:30:28 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 15:40:07 7077888 --a------ C:\Documents and Settings\Lauren\ntuser.dat
2008-04-14 15:40:06 651264 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-14 14:16:10 0 d-------- C:\Program Files\CCleaner
2008-04-14 14:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-14 13:29:59 0 d-------- C:\WINDOWS\ERUNT
2008-04-14 11:56:43 0 d-------- C:\Program Files\Trend Micro
2008-04-14 10:53:33 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-14 09:59:21 68096 --a------ C:\WINDOWS\zip.exe
2008-04-14 09:59:21 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-14 09:59:21 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-14 09:59:21 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-14 09:59:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-14 09:59:21 98816 --a------ C:\WINDOWS\sed.exe
2008-04-14 09:59:21 80412 --a------ C:\WINDOWS\grep.exe
2008-04-14 09:59:21 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >


-- Find3M Report ---------------------------------------------------------------

2008-04-28 11:13:46 0 d-------- C:\Documents and Settings\Lauren\Application Data\Google
2008-04-28 11:08:54 0 d-------- C:\Program Files\Incomplete
2008-04-28 10:44:03 0 d-------- C:\Program Files\3B Software
2008-04-28 09:51:39 0 d-------- C:\Program Files\LimeWire
2008-04-25 16:28:43 0 d-------- C:\Program Files\Messenger
2008-04-25 16:28:22 0 d-------- C:\Program Files\Movie Maker
2008-04-25 16:24:43 0 d-------- C:\Program Files\Windows NT
2008-04-24 15:33:59 0 d-------- C:\Program Files\Common Files
2008-04-23 16:04:15 0 d-------- C:\Documents and Settings\Lauren\Application Data\AdobeUM
2008-04-23 15:33:58 0 d-------- C:\Program Files\Yahoo!
2008-04-23 15:33:58 0 d-------- C:\Program Files\Google
2008-04-23 12:15:35 1336 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-22 15:15:35 0 d-------- C:\Documents and Settings\Lauren\Application Data\Help
2008-04-18 13:41:05 0 --a------ C:\AUTOEXEC.BAT
2008-04-18 09:34:49 0 d-------- C:\Documents and Settings\Lauren\Application Data\Adobe
2008-04-14 16:23:36 0 d-------- C:\Program Files\Online Services


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\Lauren\Start Menu\Programs\Startup\
Registry Repair Pro.lnk - C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [4/28/2008 10:44:03 AM]
Scheduler.lnk - C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe [4/28/2008 10:44:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoPopUpsOnBoot"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 03/09/2006 01:46 PM 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\System32\srr scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
iexplore.exe http://iesettingsupdate

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSoftware]
C:\Program Files\Common Files\AOL\1155749647\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_RegCleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgcc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgemc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgregcl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ca]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Registry Fix]
"C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155749647\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSASCui]
C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRegScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mstds]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mstds.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wallpaper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Clean-Up Pro]
C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto




-- End of Deckard's System Scanner: finished at 2008-04-28 13:18:00 ------------

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:37 AM

Posted 28 April 2008 - 02:13 PM

Did you set all these policies?

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoPopUpsOnBoot"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)


Was this computer upgraded to XP from Windows 2000?


=================


Let's take a look at this file.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:



    C:\WINDOWS\system32\vobis32.dll


  • Click on the submit button
  • Please post the results in your next reply.

================


I see that you have Windows set up for automatic updating. How is that working? What kind of issue are getting there?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 LaurenCP

LaurenCP
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 28 April 2008 - 03:10 PM

Here are the results..

Scanner results
Scan taken on 28 Apr 2008 20:06:51 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


I haven't set any policies anywhere..this pc was upgraded to Windows XP from Windows 98 I believe..heck, I can't remember to tell the truth.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users