1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

NEED HELP NOW.. .scans stop on xpob2res.dll

Discussion in 'Virus & Other Malware Removal' started by wishb0n3, Jan 26, 2007.

Thread Status:
Not open for further replies.
  1. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    All scans i do.. ( avast , trend micro, etc.. ) all freeze on file scan of this file then my comp restarts.. what do i do? cant figure it out dont wanna have to reformat
  2. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002

    go to Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    That file is part of Networking and legitimate, but there may be some problem with it.


    You can scan that one file, or any file one at a time and have it checked by some of the best antimalware scans around at at least two places:

    Go to either site, use the Browse button there, and navigate to the location the of file you want to upload highlight by clicking ONCE on file, and the path will show in the Submit space, then hit the Submit (Upload) button to send it in. You will have an answer in a few seconds. Tell us what it finds, by copying and pasting the results for that file, into a reply here.



    Compare the results from the two, if same send in just one.
  3. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    Thanks for the reply here is my hjt log.. i will do the other now :)

    Logfile of HijackThis v1.99.1
    Scan saved at 5:47:55 PM, on 1/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.denverbroncos.com
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  4. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, The file xpob2res.dll comes with XP Service Pack 2, which you do have installed. I still have not found any good information as to scans freezing on this file.
    I am not sure, but something could have happened to the file, then if you fix that one file, it will find another sometimes to freeze at.

    There could have been a bad Windows Update along the way somewhere, and I use Belarc Advisor to spot those easily.


    Download to the desktop and double click to install it.

    The Advisor is an Internet Explorer page when it opens...scroll down to Windows Update section and see if any are marked "X" which means they have to be reinstalled.

    The Advisor has a link in it, to go right to the particular update that needs to be reinstalled.

    Do NOT copy and paste the entire Advisor information, as it does show some personal information you do not want to display.

    If you copy anything,just copy that one part about the missing or Damaged update.
  5. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    Service Packs and Hotfixes
    Current Service Pack Section Score: 1.25 of 1.25
    1. Latest Service Pack

    Critical and Security Hotfixes Section Score: 1.25 of 1.25
    1. Latest Critical and Security Hotfixes

    Account and Audit Policies
    Password Policies Section Score: 0.00 of 0.83
    1. Current Password Ages

    2. Minimum Password Length

    Audit and Account Policies Section Score: 0.00 of 0.83
    1. Audit Account Logon Events

    2. Audit Account Management

    3. Audit Logon Events

    4. Audit Object Access

    5. Audit Policy Change

    6. Audit Privilege Use

    7. Audit System Events

    8. Minimum Password Age

    9. Maximum Password Age

    10. Password Complexity

    11. Store Passwords using Reversible Encryption

    12. Password History Size

    13. Account Lockout Duration

    14. Account Lockout Threshold

    15. Reset Account Lockout Count Time

    Event Log Policies Section Score: 0.00 of 0.83
    1. Application Event Log: Maximum Size

    2. Application Event Log: Restrict Guest Access

    3. Security Event Log: Maximum Size

    4. Security Event Log: Restrict Guest Access

    5. System Event Log: Maximum Size

    6. System Event Log: Restrict Guest Access

    Security Settings
    Anonymous Account Restrictions Section Score: 0.00 of 0.83
    1. Network Access: Allow Anonymous SID/Name Translation

    2. Network Access: Do not allow Anonymous Enumeration of SAM Accounts

    3. Network Access: Do not allow Anonymous Enumeration of SAM Accounts and Shares

    Security Options Section Score: 0.00 of 0.83
    1. Accounts: Guest Account Status

    2. Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only

    3. Accounts: Rename administrator account

    4. Accounts: Rename guest account

    5. Devices: Allowed to format and eject removable media

    6. Devices: Unsigned Driver Installation Behavior

    7. Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)

    8. Domain Member: Digitally Encrypt Secure Channel Data (When Possible)

    9. Domain Member: Digitally Sign Secure Channel Data (When Possible)

    10. Domain Member: Disable Machine Account Password Changes

    11. Domain Member: Maximum Machine Account Password Age

    12. Interactive Logon: Do Not Display Last User Name

    13. Interactive Logon: Do Not Require CTRL+ALT+DEL

    14. Interactive Logon: Message Text for Users Attempting to Log On

    15. Interactive Logon: Message Title for Users Attempting to Log On

    16. Interactive Logon: Number of Previous Logons to Cache

    17. Interactive Logon: Prompt User to Change Password Before Expiration

    18. Interactive Logon: Smart Card Removal Behavior

    19. Microsoft Network Client: Digitally Sign Communication (if server agrees)

    20. Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server

    21. Microsoft Network Server: Amount of Idle Time Required Before Disconnecting Session

    22. Microsoft Network Server: Digitally Sign Communication (if client agrees)

    23. Microsoft Network Server: Disconnect Clients When Logon Hours Expire

    24. Network Access: Let Everyone Permissions Apply to Anonymous Users

    25. Network Access: Shares that can be accessed anonymously

    26. Network Access: Sharing and Security Model for Local Accounts

    27. Network Security: LAN Manager Authentication Level

    28. Network Security: LDAP Client Signing Requirements

    29. Recovery Console: Allow Automatic Administrative Log On

    30. Shutdown: Allow System to be Shut Down Without Having to Log On

    31. Shutdown: Clear Virtual Memory Pagefile

    32. System Objects: Default Owner for Objects Created by Members of the Administrators Group

    Additional Security Settings Section Score: 0.00 of 0.83
    1. Suppress Dr. Watson Crash Dumps

    2. Disable Automatic Execution of the System Debugger

    3. Disable Autoplay from any Disk Type, Regardless of Application

    4. Disable Autoplay from the Default Profile

    5. Disable Automatic Logon

    6. Disable Automatic Reboots After a Blue Screen of Death

    7. Disable CD Autorun

    8. Protect Against Computer Browser Spoofing Attacks

    9. Protect Against Source-routing Spoofing

    10. Protect the Default Gateway Network Setting

    11. Ensure ICMP Routing via Shortest Path First

    12. Help Protect Against Packet Fragmentation

    13. Manage Keep-alive Times

    14. Protect Against Malicious Name-release Attacks

    15. Ensure Router Discovery is Disabled

    16. Protect Against SYN Flood Attacks

    17. SYN Attack Protection - Manage TCP Maximum Half-open Sockets

    18. SYN Attack Protection - Manage TCP Maximum Half-open Retired Sockets

    19. Enable IPSec to Protect Kerberos RSVP Traffic

    20. Hide Workstation from Network Browser Listing

    21. Enable Safe DLL Search Mode

    Available Services and Other Requirements
    Available Services Section Score: 0.00 of 0.63
    1. Alerter Service Permissions

    2. Clipbook Service Permissions

    3. FTP Publishing Service Permissions

    4. IIS Admin Service Permissions

    5. Messenger Service Permissions

    6. NetMeeting Remote Desktop Sharing Service Permissions

    7. Remote Desktop Help Session Manager Permissions

    8. Routing and Remote Access Service Permissions

    9. SMTP Service Permissions

    10. SNMP Service Permissions

    11. SNMP Trap Permissions

    12. Telnet Service Permissions

    13. World Wide Web Publishing Services Permissions

    User Rights Section Score: 0.00 of 0.63
    1. Access this Computer from the Network

    2. Act as Part of the Operating System

    3. Allow Logon through Terminal Services

    4. Back up Files and Directories

    5. Bypass Traverse Checking

    6. Change the System Time

    7. Create a Pagefile

    8. Create a Token Object

    9. Create Permanent Shared Objects

    10. Debug Programs

    11. Deny Access to this Computer from the Network

    12. Force Shutdown from a Remote System

    13. Generate Security Audits

    14. Increase Scheduling Priority

    15. Load and Unload Device Drivers

    16. Lock Pages in Memory

    17. Log on Locally

    18. Manage Auditing and Security Log

    19. Modify Firmware Environment Values

    20. Perform Volume Maintenance Tasks

    21. Profile Single Process

    22. Profile System Performance

    23. Remove Computer from Docking Station

    24. Replace a Process Level Token

    25. Restore Files and Directories

    26. Shut Down the System

    27. Take Ownership of File or Other Objects

    Other System Requirements Section Score: 0.00 of 0.63
    1. All Local Volumes NTFS

    2. Restricted Group: Remote Desktop Users

    File and Registry Permissions Section Score: 0.00 of 0.63
    1. Permissions for HKLM\software\microsoft\windows\currentversion\installer

    2. Permissions for HKLM\software\microsoft\windows\currentversion\policies

    3. Permissions for HKLM\system\currentcontrolset\enum

    4. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers

    5. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities

    6. Permissions for USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots

    7. Permissions for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit

    8. Permissions for %SystemRoot%\system32\tlntsvr.exe

    9. Permissions for %SystemRoot%\system32\tftp.exe

    10. Permissions for %SystemRoot%\system32\telnet.exe

    11. Permissions for %SystemRoot%\system32\subst.exe

    12. Permissions for %SystemRoot%\system32\sc.exe

    13. Permissions for %SystemRoot%\system32\runas.exe

    14. Permissions for %SystemRoot%\system32\rsh.exe

    15. Permissions for %SystemRoot%\system32\rexec.exe

    16. Permissions for %SystemRoot%\system32\regsvr32.exe

    17. Permissions for %SystemRoot%\system32\regedt32.exe

    18. Permissions for %SystemRoot%\regedit.exe

    19. Permissions for %SystemRoot%\system32\reg.exe

    20. Permissions for %SystemRoot%\system32\rcp.exe

    21. Permissions for %SystemRoot%\system32\netsh.exe

    22. Permissions for %SystemRoot%\system32\net1.exe

    23. Permissions for %SystemRoot%\system32\net.exe

    24. Permissions for %SystemRoot%\system32\ftp.exe

    25. Permissions for %SystemRoot%\system32\eventtriggers.exe

    26. Permissions for %SystemRoot%\system32\eventcreate.exe

    27. Permissions for %SystemRoot%\system32\edlin.exe

    28. Permissions for %SystemRoot%\system32\drwtsn32.exe

    29. Permissions for %SystemRoot%\system32\drwatson.exe

    30. Permissions for %SystemRoot%\system32\debug.exe

    31. Permissions for %SystemRoot%\system32\cacls.exe

    32. Permissions for %SystemRoot%\system32\attrib.exe

    33. Permissions for %SystemRoot%\system32\at.exe

    Why are benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats (IA Newsletters "Security Benchmarks: A Gold Standard." Click here to request a copy.) For our white paper, "Security Within", click here to request a copy.

    What is the Center for Internet Security (CIS)? The CIS is an open association consisting of industry, government and academic members. Its mission is to help IT organizations more effectively manage their risks related to information security. Click here for details.

    What are the CIS Benchmarks? The Benchmarks are developed by CIS members and staff and are consensus based, best-practice security configurations for computers connected to the Internet. Click here for details.

    What is the CIS Benchmark Score? The Belarc Advisor has performed a security audit of your system using the CIS Level-I benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.

    How can you reduce your security vulnerability? The CIS configurations are available as Microsoft security template files from the CIS. Warning: Applying these security templates may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first.
    Click here to download the templates from the CIS (requires registration and acceptance of the CIS license agreement).

    Copyright 2000-6, Belarc, Inc. All rights reserved.
    Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.
  6. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    most of them have x's... what does that mean?
  7. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, The red "x" for updates means they either are not installed correctly, missing or need to be reinstalled.

    In the Belarc Advisor category at the start of the list of hotfixes, check under "Missing Microsoft Security Hotfixes", you can use a link to that hotfix, one at a time, and install them. Running the update will sometimes give a message similar to "You do not need this..." or that it was installed already. So, precheck in your Add/Remove Programs list of updates, but you may have to Unhide them first by

    putting a check-mark into the box "Show Updates" at the top.

    For any updates marked with the "X" click Details, or look for something that tells you it is damaged, or needs reinstalling. There should be a link right around there to go right to the update for download and install. You do want to check in Add/Remove and see if any of them have been installed, and try uninstalling just those that Belarc says are damaged etc.

    After you get those that Belarc says need reinstalling,

    I would visit Windows Updates and see if they offer any.

    Is Automatic Updates on> check by opening the Security Center in your Control Panel. Even if it is set to get Automatic Updates, visit the site by using the Windows Update button from Start menu, or in Internet Explorer> Tools at top of browser window. See if you get any.

    When you are done, run Belarc again, and see how it looks, each time you run the Advisor, it scans and gives the latest info.

    Tip: When you have an IE page open, and open Belarc Advisor, it will use that page ( unless you have IE 7 and tabbed browsing)
    so, when you close Belarc, it will close whatever you had open. It doesn't take too many times before you are wise to this!

    If you do not have tabbed browsing, using IE 6, first open a new IE window, then run Belarc so when you close, it doesn't close a site you had that you need to keep open.
  8. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    under users slot on the belarcs.. local system accounts all have x's except ASPNET

    SP3 has a x.. and try 2 install and it says not found..

    and it says i have all updates when i do windows update\

    system security status has a 2.50 out of 10... everything else is up to date

    and on my stopzilla trial thing pops up i cant get rid of unless i register called

    System Policies.DisableRegistryTools

    says its a Hijacker

    any suggestions bro? thanks alot
  9. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, The user accounts with red "X" is OK, it means the security is OK, the guest account is turned off as it should be.

    I am not sure why you do not have anything for SP3, mine with XP Home, has a lot of entries under SP3. Who knows?

    Are you trying the Express Install when you do Windows Updates manually? If it says you are up to date, leave well enough alone.

    What does the Security Center say for Automatic Updates, is it on or off?
  10. wishb0n3

    wishb0n3 Thread Starter

    Jan 21, 2007
    hey ya its turned on.. and what do u think i should do about that "hijacker" thing that pops up on stopzilla? any ideas? still cant figure out the xpob2ress.dll thing.. still freezes then restarts.. and for like 2 secs a screen pops up saying.. THIER IS A PROBLEM with alot more.. but doesnt give me time to read it all... this before it restarts .. takes me to a blue screen.. after waiting like 5 min being frozen... any ideas bro?
  11. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi. Let's have you try this:


    Download the Malicious Software removal tool to your desktop.

    To start the installation immediately, click Run. or...
    To save the download to your computer for installation at a later time, click Save.

    If your logon account does not have the required permissions, the tool exits. If the tool is not being run in quiet mode, it displays a dialog box that describes the failure.
    • If the computer is not running a required operating system, the tool exits.
    • If the tool is more than 60 days out-of-date, the tool displays a dialog box that recommends that you download the latest version of the tool.
    If the prerequisites are met, the tool displays the EULA. For the tool to continue to run, you must accept the EULA.

    After the EULA has been accepted, the user can select a type of scan to perform. Only users of the Download Center version of the tool will see this screen.
    • A quick scan is the default scan type. Sometimes, if malicious software is found, the user may be prompted to perform a full scan also.

    See if the Quick Scan tells you anything.

    You will have to run the full scan if anythin is found, but I dont expect anything to be found.
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538476

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice