Can't download updates - Here is my log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:03 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SYSTEM32\OBroker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STEVE\Local Settings\Temporary Internet
Files\Content.IE5\L7AYQ1C6\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = ;127.0.0.1;<local>
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: CitiUS Shared Browser Helper Object -
{387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\PROGRA~1\VIRTUA~1\BhoCitUS.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -
C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} -
C:\WINDOWS\system32\tuvSkJYr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: (no name) - {ABFC1484-083E-4FB9-901E-902580E35EC5} -
C:\WINDOWS\system32\cbXQkjJb.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: {539b43e9-d2ab-bd38-42e4-0d3736a449ac} -
{ca944a63-73d0-4e24-83db-ba2d9e34b935} - C:\WINDOWS\system32\zcfxnd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -
C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100
Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Citi Virtual Account Numbers]
C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [30c3956e] rundll32.exe "C:\WINDOWS\system32\xubpymvw.dll",b
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration]
windir32.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
/startup
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program
Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default
user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Virtual Account Numbers -
{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: www.meebo.com
O15 - Trusted Zone: *.MSNmsgr.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader
5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} -
http://entimg.msn.com/client/msnmusax4227.cab
O20 - AppInit_DLLs: zcfxnd.dll
O20 - Winlogon Notify: tuvSkJYr - C:\WINDOWS\SYSTEM32\tuvSkJYr.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) -
http://i17.ebayimg.com/05/i/000/98/9b/da48_1.JPG
O24 - Desktop Component 1: (no name) -
file:///C:/DOCUME~1/STEVE/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9629 bytes

Repost:

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

PS: Running a crack of Symantec AntiVirus isn't helping matters!
--
~PA Bear

HELP! wrote:
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 1:28:03 PM, on 12/27/2008
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16762)
> Boot mode: Normal
<snip>

PA Bear [MS MVP] wrote:
> Repost:
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
> use (in conjuction with some other utilities). HijackThis will NOT
> fix anything on its own, but it will help you to both identify and
> remove any hijackware/spyware with assistance from an expert. **Post
> your log to
> http://spywarehammer.com/simplemachi...php?board=10.0,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://aumha.net/viewforum.php?f=30, or another appropriate forum for
> review by an expert in such matters, not here.**
> PS: Running a crack of Symantec AntiVirus isn't helping matters!
>
> HELP! wrote:
>> Logfile of Trend Micro HijackThis v2.0.2
>> Scan saved at 1:28:03 PM, on 12/27/2008
>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v7.00 (7.00.6000.16762)
>> Boot mode: Normal
> <snip>

What is with your obsession with this continued dribble about HijackThis?
Give it a rest will you? Just take your meds and maybe a loooong nap, hey?
When all else fails and you have no clue then just don't respond to everyone
with your cut and paste uselessness.

Plaistow wrote:

> What is with your obsession with this continued dribble about HijackThis?
> Give it a rest will you? Just take your meds and maybe a loooong nap, hey?
> When all else fails and you have no clue then just don't respond to everyone
> with your cut and paste uselessness.

Personally I believe the reference to HijackThis is still the best advice that
could be provided to someone likely to be suffering from a severe and
unidentified malware infection. Do you have an alternative suggestion?

Ironically enough, in this particular case the OP was *already* using HijackThis
and PA Bear's reply was simply to point him to the appropriate place to post the
results, i.e., it was the only possible response. Would you have preferred that
everybody ignore the OP entirely?

Harry.