Having problems w/programs, homepage redirected [Hijackthis log & Getlog xp listed]

Please download and scan with F-Secure Blacklight. Let us know the results.

 

The blacklight scan showed that there was nothing. Could Norton System Works be preventing me from installing software. It is an inherited computer, and I am not familiar with system works.

 

I believe this is a result of the infections you had. Please download the newbat.zip attached to this post. Rename it if necessary. Extract to the desktop and run the batch file, then post the log it creates.

Oh, I'd also like you to check your Add/Remove for Security IGuard, Virtual Maid and Search Maid. Uninstall if present. Check C:\Program Files for related folders and delete if present. Let me know what you find please.

 

I'd also like for you to scan C:\Windows\explorer.exe with this online malware scanner an post the results.

 

I couldn't find any trace of "Security IGuard, Virtual Maid and Search Maid" Here is the log from the newbat.zip. I will run the I will post the online scanner results when it finishes up.


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ
DeviceNotSelectedTimeout REG_SZ 15
GDIProcessHandleQuota REG_DWORD 0x2710
Spooler REG_SZ yes
swapdisk REG_SZ
TransmissionRetryTimeout REG_SZ 90
USERProcessHandleQuota REG_DWORD 0x2710

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Device REG_SZ HP OfficeJet V40xi,winspool,Ne00:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
DisableSR REG_DWORD 0x1
CreateFirstRunRp REG_DWORD 0x1
DSMin REG_DWORD 0xc8
DSMax REG_DWORD 0x190
RPSessionInterval REG_DWORD 0x0
RPGlobalInterval REG_DWORD 0x15180
RPLifeInterval REG_DWORD 0x76a700
CompressionBurst REG_DWORD 0x3c
TimerInterval REG_DWORD 0x78
DiskPercent REG_DWORD 0xc
ThawInterval REG_DWORD 0x384
RestoreDiskSpaceError REG_DWORD 0x0
RestoreStatus REG_DWORD 0x1
RestoreSafeModeStatus REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall REG_DWORD 0x0

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall REG_DWORD 0x0

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
DoNotAllowXPSP2 REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
FirstRun REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirewallOverride REG_DWORD 0x1
AntiVirusOverride REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x1
UpdatesDisableNotify REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
<NO NAME> REG_SZ Microsoft VM
ComponentID REG_SZ JAVAVM
IsInstalled REG_BINARY 01000000
KeyFileName REG_SZ C:\WINDOWS\System32\msjava.dll
Locale REG_SZ EN
Version REG_SZ 5,0,3810,0

 

The online malware scanner said that the file was ok. However, I hit browse, rather than submit by mistake. I found a file that looked out of place "23990098.$$$" . Is this something I should be concerned about?

 

Did you turn off System Restore? Can you turn it back on? Are you comfortable with regedit? Do you normally use the XP SP2 Security Center to monitor your AV/Firewall? Check the properties of that file and let us know what all you find.

 

23990098.$$$ is located under the search assistant on the registry editor. I also found that there is "search maid, Security IGuard and virtual maid" listed in the same folder. I could not find it under a regular search. I checked for them in the add/remove and they were not there. I have just recently installed the service pack 2, the main reason was for the firewall. I turned system restore back on . I don't know why it was off. As far as the properties of the 23990098.$$ file, it is a "$$$ File" located in c:\ with a size of 0 bytes and it was created May 11, 2005. I don't nkow uch about registry edit, so I don't know if I should be afraid of using it or not.

 

I got curious and looked up the extension online and this is the definition "Used by OS/2 to keep track of archived files "

 

Navigate to each of the following keys. Right click the values and select modify. Change the 1s to zeros and the zeros to 1s. Close and reboot. Let us know if your AV, Firewall, Security Center and antispyware apps work then.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirewallOverride REG_DWORD 0x1
AntiVirusOverride REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x1
UpdatesDisableNotify REG_DWORD 0x1

 

I completed the task and rebooted. I tried to install my antispyware software and I am still not allowed. I also tried to turn my firewall on and am not allowed to enable it either.

 

Click Start>run and type services.msc then hit enter. Locate Security Center and Windows Firewall/Internet Connection Sharing. If not set to automatic, right click and choose properties. Set to automatic, click Apply and close. Reboot.

 

I ran services.msc and I don't have Windows Firewall/Internet Connection Sharing. The security center was up and running, but I could not locate the firewall . When I use the security center , it says that my firewall is not enabled, when I try to enable it through the security center it says it can not enable it and to go to my control panel to access it directly and enable it from there, but it does not work.

 

Please copy the command below and paste it into the run dialog box, then hit enter.

regedit.exe /e c:\services.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services "

It will create services.reg in Local Disk C:
Please zip a copy of that and attach to an email to me here. Put WindowsBBS services in the subject line.

 

New Hijackthis log.

My browser has been hijacked again. It is getting to the point where I don't want to go online anymore untill I am able to use some sort of antispyware software and firewall. Here is my new Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:02 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\intmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Documents and Settings\Jim\Desktop\HIJACK THIS\HijackThis.exe
C:\WINDOWS\WEBSHOTS.SCR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\system32\hp738E.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1116442197142
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

I am also getting a small icon that has a yelow triangle with an "!" inside, when I double click it I get a new explorer window that is titled as "MS Help Desk" with to options to choose for purchasing (I assume) software, not from Microsoft.

 

Not sure when you last downloaded the smitfraud tool, but you are again infected with it, and I have updated the tool a few times to reflect new information. Please delete the smitfraud.zip and extracted smitfraud folder you currently have, then re-download and extract to it's own folder.

smitfraud.zip

Boot to safe mode and run the RunThis.bat file. Then open HijackThis and fix any of the following enries if present.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\system32\hp738E.tmp

Try getting the registry export while in safe mode.

Reboot and post a new HijackThis log.

Download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

 

Heres my new Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:05 AM, on 5/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Jim\Desktop\HIJACK THIS\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1116442197142
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

I have downloaded spywareblaster, updated and enabled all protections, again. I also uninstalled and redownloaded iespyad and installed. I tried to enable my firewall again, with no luck. I have also been trying to manually check for updates to windows. I get to the point where I get an installation option (custom or express) and when I click either option, I get an error where the download can not proceed and to try back again later. I have tried multiple times over the last few days and still get the same results.

 

I got your services export and am looking through it. Are any of your security programs working.....AntiVirus, Anti-spyware? Can you update them? If not, I'd like for you to try something. Open the task manager and end task on explorer.exe
Now click File>New Task and browse to the executable of any security app, such as C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE or C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe and hit enter. Let us know if it runs. You could also try updating the apps this way if need be. You can restart explorer by typing explorer in the new task>run box.

Fix the following entries with HijackThis.

O9 - Extra button: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {292AC9D6-6228-480F-830E-A09C252EEA76} - (no file) (HKCU)