Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help and Support not opening


  • This topic is locked This topic is locked
7 replies to this topic

#1 almagg

almagg

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 18 May 2010 - 08:10 PM

WinXP Home SP3

when i click on Help and Support i just get a flicker of the hourglass then nothing
the helpctr.exe file is in the pchealth/system/binaries folder as i believe it should be.
i ran FixWinXPHelp.exe from http://www.dougknox.com/index.html
and it says the registry entries are correct. i did see the helpctr.exe entry in the registry.
i ran HouseCall and no problems
ran MalwareByte's and no problems
i even rebooted
this is a newdrive put in abut two weeks ago and this is the first time i opened Help and Support

DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 18:45:52.78 on Tue 05/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.199 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winmx\WinMX.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [CARPService] carpserv.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273260317104
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\protection\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ncfil5e2.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-9 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-9 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-9 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-9 56816]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2010-5-6 26624]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\protection\sasdifsv.sys --> c:\program files\protection\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\protection\saskutil.sys --> c:\program files\protection\SASKUTIL.SYS [?]
S3 SASENUM;SASENUM;\??\c:\program files\protection\sasenum.sys --> c:\program files\protection\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-05-17 01:29:15 0 d-----w- c:\documents and settings\owner\dwhelper
2010-05-13 19:04:27 0 d-----w- c:\program files\uTorrent
2010-05-13 19:03:50 0 d-----w- c:\docume~1\owner\applic~1\uTorrent
2010-05-13 17:15:18 0 d-----w- c:\docume~1\owner\applic~1\GrabIt
2010-05-11 08:46:05 0 d-----w- c:\windows\system32\scripting
2010-05-11 08:46:05 0 d-----w- c:\windows\l2schemas
2010-05-11 08:46:04 0 d-----w- c:\windows\system32\en
2010-05-11 08:46:04 0 d-----w- c:\windows\system32\bits
2010-05-11 08:40:02 0 d-----w- c:\windows\network diagnostic
2010-05-11 08:35:10 0 d-----w- c:\windows\EHome
2010-05-11 07:42:34 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-05-11 06:17:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-11 06:12:21 0 d-----w- c:\windows\pss
2010-05-09 20:58:26 0 d-----w- c:\program files\Winmx
2010-05-09 05:14:59 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-09 05:14:56 0 d-----w- c:\program files\Avira
2010-05-09 05:14:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-05-09 01:26:33 116 ----a-w- c:\windows\NeroDigital.ini
2010-05-08 05:16:41 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-05-08 05:16:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 05:16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 05:16:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 05:10:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-08 05:10:39 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-05-08 05:10:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-08 04:54:58 0 d-----w- c:\program files\Search Toolbar
2010-05-08 04:53:26 0 d-----w- c:\program files\MediaApps
2010-05-08 04:53:16 0 d-----w- c:\program files\MusicApps
2010-05-07 22:39:36 0 d-----w- c:\program files\Protection
2010-05-07 22:33:46 0 d-----w- c:\documents and settings\owner\SmitfraudFix
2010-05-07 22:24:13 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caee3405c44a90.mof
2010-05-07 22:15:34 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-07 22:15:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-07 20:56:58 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-05-07 20:55:02 64352 ------w- c:\windows\system32\drivers\ativmc20.cod
2010-05-07 20:28:11 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-05-07 20:26:46 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-05-07 20:15:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 20:15:20 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-07 20:15:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-07 20:15:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 20:15:20 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-07 20:15:20 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-07 20:15:16 0 d-----w- c:\windows\ie8updates
2010-05-07 20:15:12 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 20:13:37 0 dc-h--w- c:\windows\ie8
2010-05-07 20:07:03 0 d-----w- c:\windows\ServicePackFiles
2010-05-07 19:53:56 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-07 19:52:24 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-07 19:52:24 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-07 19:52:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-07 19:50:11 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-05-07 19:45:27 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-07 19:45:07 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-05-07 19:44:50 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-07 19:44:49 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-07 19:44:47 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-07 19:35:45 0 d-----w- c:\docume~1\owner\applic~1\FinalMediaPlayer
2010-05-07 19:35:28 0 d-----w- c:\program files\Yahoo!
2010-05-07 19:30:51 0 d-----w- c:\windows\system32\PreInstall
2010-05-07 19:30:50 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-07 19:30:49 0 d--h--w- c:\windows\$hf_mig$
2010-05-07 19:21:43 0 d-sh--w- c:\documents and settings\owner\UserData
2010-05-07 18:17:12 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-05-07 18:17:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-07 18:17:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-07 17:26:20 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-07 15:53:22 0 d-----w- c:\documents and settings\owner\Tracing
2010-05-07 15:51:32 0 d-----w- c:\program files\Microsoft
2010-05-07 15:51:05 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-07 15:47:23 0 d-----w- c:\program files\common files\Windows Live
2010-05-07 15:42:57 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-05-07 15:42:57 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-05-07 15:42:31 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-05-07 15:42:30 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-05-07 15:42:30 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-05-07 15:42:30 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-05-07 15:42:30 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-05-07 15:42:30 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-05-07 15:40:02 221215 ------w- c:\windows\system32\Divxdec.ax
2010-05-07 15:21:49 376 ----a-w- c:\windows\ODBC.INI
2010-05-07 15:21:45 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-05-07 15:20:25 0 d-----w- c:\windows\SHELLNEW
2010-05-07 15:12:43 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-07 15:12:28 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-05-07 15:09:19 69632 ----a-w- c:\windows\system32\bcmwlD2K.EXE
2010-05-07 15:09:19 176128 ----a-w- c:\windows\system32\bcmwlu00.EXE
2010-05-07 15:09:17 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2010-05-07 15:08:43 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-05-07 15:08:42 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-07 15:08:42 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-05-07 15:08:42 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-07 15:08:42 186016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-07 15:08:42 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-07 15:08:41 0 d-----w- c:\program files\Synaptics
2010-05-07 15:08:13 0 d-----w- c:\program files\HP
2010-05-07 15:08:10 0 d-----w- c:\windows\Downloaded Installations
2010-05-07 15:07:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-05-07 15:07:49 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-05-07 15:07:06 0 d-----w- c:\program files\CONEXANT
2010-05-07 15:06:58 65536 ----a-w- c:\windows\system32\carpdll.dll
2010-05-07 15:06:58 4608 ----a-w- c:\windows\system32\carpserv.exe
2010-05-07 15:06:58 30592 ----a-w- c:\windows\system32\drivers\strmdisp.sys
2010-05-07 15:06:58 258325 ----a-w- c:\windows\system32\drivers\hpd002x.cty
2010-05-07 15:06:58 179712 ----a-w- c:\windows\system32\drivers\HSFHWALI.sys
2010-05-07 15:06:57 90112 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-05-07 15:06:57 631296 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-05-07 15:06:57 27765 ----a-w- c:\windows\system32\HSFCI006.dll
2010-05-07 15:06:57 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-05-07 15:06:57 1063040 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-05-07 15:06:25 0 d-----w- c:\windows\system32\ReinstallBackups
2010-05-07 14:01:54 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-05-07 13:47:55 0 d-s---w- c:\windows\system32\Microsoft
2010-05-07 13:44:57 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-05-07 13:42:52 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-05-07 13:41:58 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-05-07 13:41:58 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-07 13:41:57 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-05-07 13:41:18 0 d-sh--w- c:\documents and settings\all users\DRM
2010-05-07 13:40:16 0 d-----w- c:\windows\Registration
2010-05-07 09:27:30 0 d-----r- c:\documents and settings\all users\Documents
2010-05-06 23:03:33 0 d--h--w- c:\program files\WindowsUpdate
2010-05-06 23:02:15 0 d-----w- c:\program files\common files\MSSoap
2010-05-06 22:59:57 0 d-----w- c:\program files\Online Services
2010-05-06 22:59:49 0 d-----w- c:\program files\Messenger
2010-05-06 22:59:44 0 d-----w- c:\program files\MSN Gaming Zone
2010-05-06 22:58:50 0 d-----w- c:\program files\Windows NT
2010-05-06 18:49:54 0 d-----w- c:\program files\common files\ODBC
2010-05-06 18:49:49 0 d-----w- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2010-05-07 13:40:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12:17 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 18:46:23.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:42 PM

Posted 20 May 2010 - 07:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 almagg

almagg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 20 May 2010 - 09:28 PM

ok mole i am here and tracking
thanks

#4 almagg

almagg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 20 May 2010 - 09:30 PM

oh by the way
i have installed BS.player and k-lite codec pack

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:42 PM

Posted 21 May 2010 - 05:03 PM

This doesn't look anything like a malware issue, almagg

Apart from the Help and Support issue is there anything that makes you suspect infection?
Posted Image
m0le is a proud member of UNITE

#6 almagg

almagg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 21 May 2010 - 05:36 PM

i wasn't thinking infection.
from what i've read some cleanup programs remove items they shouldn't.
i use CCleaner and recently CleanUp.
i have never had any problem with CCleaner and maybe CleanUP removed something.
when i go into the binaries and try to open the helpctr.exe file it does not open.
just a flicker of the hourglass and that is it.

the individual .chm help files in the Windows\Help directory open up

there are three items i can try at your recommendation:
SystemFileChecker
RegistryBooster
SpeedyPCInstaller

the bottom line, i hardly use the help and support.
i went in there looking into remote computing when i discovered the problem.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:42 PM

Posted 21 May 2010 - 06:53 PM

This is a Virus, Trojan and Malware Removal forum so I think you've posted in the wrong forum.

What I will say is registry cleaners are bad news.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
Please post on a more appropriate forum such as XP

Good luck solving the problem thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:42 PM

Posted 27 May 2010 - 05:06 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users