HJ this help

Hey, just a quicky, we'll see if I still need to do the whole shebang tomorrow after I get some sleep.

My question is this: I've got a dialer that mcafee removes, but it comes back. I've disabled startup in a squared and msconfig, so that is a temp fix.

I'm wondering about this: the following three items should be removed, since they are the ones causing problems. I'm just not sure about the fourth.

O4 - HKLM\..\Run: [rscn] C:\WINDOWS\system32\bum27.exe ymmud
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Here's the one I'm not sure about.

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

any help would be great.
thanks

do you guys think this will fix it? (the first three, poss. the fourth) or will I have to do the whole safe mode thing?

thanks

 

Yes, Fix the below lines.

No, don't fix this line. That is a legit entry.

You should run through the steps here.

READ & RUN ME FIRST Before Asking for Support

 

thanks for your help.

This also popped up when I was fiddleing with stuff.

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

It just runs msconfig at startup, but doesn't really do anything except give me the message that it ran it, that's it. It wasn't there before, does it need to be there now?

Thanks,
Tate

PS- I ran CWShredder in safe mode, and it said something about finding something in MSConfig, that might have something to do with it.

 

Tha means that something is disable in MSCongig. Run MSConfig, and make sure everything is enabled to run at system start.

 

Under general, startup selection is set to selective startup, not normal startup, could that be it?

Under startup, everything is checked.

Task manager is disabled, though. I just remembered that. It says task manager has been disabled by my admin. I ain't got no stinkin' admin.

thanks.

 

Yup, enable everything. You may have to log into the actual administrators account. IF this is XP Home the administrator account is only accessible from Safe Mode.

 

Thanks.

Yes, it's xp home. What do I do once I boot into safe/admin mode?

thanks for your help.

 

Can you change the settings from the Administrator account in safe mode?

 

Don't know. Which settings?

 

In MSConfig and permissions for Task Manager

 

I don't see it. What exactly do I need to look for?

thanks.

 

Run through the tutorial and post the logs after you have finished.

 

Thanks, I needed that. I was wanting to do it anyways, but I don't know if I would have, cause I thought it was fixed. Microsoft Anti-spy found stuff, Spybot did, and Bitdefender. I had noticed the puter running kind of slow, but I just figured it was time to get more memory. I'll do the panda tomorrow when I get some sleep.

Thanks again.

 

OK, did panda. Sorry, I didn't notice the part where I was supposed to remember exactly what was found, here's the spybot stuff that's saved in spybot, plus attachments. I ran CWS again, not in safe, I'm pretty sure I did that last night, and it says no cws present.

thanks again.

 

Boot to Safe Mode and delete teh following:
C:\messanger.ini
C:\WINDOWS\system32\IdleUI.dll

What's that Windows Security Center Stuff?

The rest is probably pretty save to remove from Spybot backup.

Your HijackThis log is clean.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Exactly...I have no idea :]

I deleted the messanger.ini file, the .dll didn't show up. All folders are showing.

thanks

 

Your WinPFind log looks OK.

If you are not having problems, with the Windows Security Center, then I would say that you can get rid of that in the Spybot backups.

 

Thanks for all your help. I never could have done it without ya.