Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Registry error popups


  • Please log in to reply

#1
bkeasley

bkeasley

    New Member

  • Member
  • Pip
  • 4 posts
Every 10 secs i get a popup saying that there is a problem in the registry go to a random website like... www.reg-doctor.com, www.regfix.com, www.win-fix.com and its like a random message everytime with an ok button and that is it... i've ran the following utilities and its still there:

spybot, adaware(all runs even for ADS), spy sweeper, trojan hunter and still can't get it to go away... i have this same problem on my other machine which is a totally different OS.

edit: both computers are xp

Edited by bkeasley, 21 May 2005 - 07:07 AM.

  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Start here and Post a HijackThis log please!

http://www.geekstogo..._Log-t2852.html
  • 0

#3
bkeasley

bkeasley

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:58:59 AM, on 5/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://ka.bar.need2f...earch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,Is the Norton Antivirus Subscription still valid on this PC?

If Not,Have a Visit to Grisoft and Download>Install>Update>AVG 7
http://www.grisoft.c...ng/us/tpl/tpl01

Are the 2 Computers Routed together?

If so you will want to change that until this PC is Clean other wise you stand a better than Average chance of these Infections bouncing back and forth!

Visit the Microsoft Site and Get Windows to Atleast SP1!

Anything we try to do is futile without these Crirical Updates Installed ReInfection is almost Guaranteed!

You may want to Print out or Copy&Paste to Notepad and Save to the Desktop,All the Instructions below since I will ask you to peform all scans in Safe Mode!

Download: http://www.mvps.org/.../DelDomains.inf
To use "Right-click" and select "Install"

Please double check that Ad Aware is Updated and Configured like this

Configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the General window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the Scanning button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on Select drives & folders to scan and select your hard drive(s). Then click the Advanced button on the left-hand side and make sure all the options under Log-file Detail Level are selected. Next, click the Tweak button on the left-hand side. Click on Scanning Engine and make sure the following options are selected:

1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on Cleaning Engine and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on Safety Settings and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

* Click on Proceed to save the preferences. Then please click the Start button on the bottom right side to begin a scan. Select Use custom scanning options and then click Next. Ad-Aware will then scan for malware.
* Save the log file when it asks and then click Finish

Wait for Safe Mode to run it!

Please Download F-Secure Blacklight Rootkit Elimination

Technology
http://www.f-secure....light/try.shtml

Once at the page,Click "I Accept"

Then Click Download,which sits right under "Graphical user

interface version:"

Once Downloaded,Double Click blbeta.exe to Start it,then

Click "I accept the agreement" and click "Next"

Now Click "Expert Mode" and then"Scan" and let it do its

thing,if it finds anything,it will automatically tell you and go to

Step 2 to begin the cleaning process,if not post back and let

me know ASAP!!

If all went well,look back in the folder that blbeta.exe resides

in,there you should see "fsbl.log"

If Blacklight identified anything,it will be in that log,I will need

to see those Results!

Again,please wait for Safe Mode to run this!

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
ewido security suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net...wnload/updates/

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

Once in Safe Mode,Scan the system with F-Secure Blacklight>then Ewido Security Suite>Ad Aware SE!

Save the reports from F-Secure Blacklight(If one is generated)and Ewido!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with a Fresh HijackThis log>Ewido log>F-Secure log and Panda Active Scan log!

You may just want to follow these Instructions for the Second PC and get a fresh scan with HijackThis>Send that log to me in a Private Message here at the board and I will start a new thread for us to clean that one up so as to avoid the confusion of getting help from more than one person!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP