Tech Problem Aggregator

HijackThis Log - completed 5 steps

Q: HijackThis Log - completed 5 steps

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01" target="_blank" class="invilink">http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [1c2fb1de] rundll32.exe "C:\WINDOWS\system32\buekatpl.dll",b
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab" target="_blank" class="invilink">https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124628481531
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://brandeewynne.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by141fd.bay141.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\vtsphlxp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9205 bytes

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\buekatpl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtsphlxp.exe
Virus:W32/P2PSimple.C.worm Disinfected C:\Documents and Settings\Brandee\Desktop\Programs\setup.exe
Virus:W32/P2PSimple.C.worm Disinfected C:\Documents and Settings\Brandee\Local Settings\Temp\TMPD8.tmp
Virus:W32/P2PSimple.C.worm Disinfected C:\WINDOWS\Fonts\a.zip[Setup.exe]
Virus:W32/P2PSimple.C.worm Disinfected C:\WINDOWS\Fonts\Setup.exe
Virus:W32/P2PSimple.C.worm Disinfected C:\WINDOWS\Fonts\svchost .exe
Hacktool:Hacktool/Passview.T Not disinfected C:\winlogon.exe

Deckard's System Scanner v20071014.68
Run by Brandee on 2008-01-09 14:27:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
163: 2008-01-09 19:28:10 UTC - RP563 - Deckard's System Scanner Restore Point
162: 2008-01-09 19:11:12 UTC - RP562 - Software Distribution Service 3.0
161: 2008-01-03 18:17:15 UTC - RP561 - Last known good configuration
160: 2008-01-03 18:17:10 UTC - RP560 - Restore Operation
159: 2008-01-03 18:17:09 UTC - RP559 - Last known good configuration

-- First Restore Point --
1: 2008-01-03 18:16:44 UTC - RP401 - Windows Defender Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Brandee.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:41 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Documents and Settings\Brandee\Local Settings\Temporary Internet Files\Content.IE5\RE3GWM9Z\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brandee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D9BFE8-ABD8-4C93-AA6D-A5D987BFE8DA} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {d7b97e11-e80d-3269-7554-07e79aecd398} - {893dcea9-7e70-4557-9623-d08e11e79b7d} - C:\WINDOWS\system32\kfhncrmw.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90F825DF-46E7-497A-A2A3-129741C57B72} - (no file)
O2 - BHO: (no name) - {CC738E39-6CA3-4AC5-804F-3E3BEAAD6320} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [1c2fb1de] rundll32.exe "C:\WINDOWS\system32\amlhvqvf.dll",b
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124628481531
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://brandeewynne.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab55579.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by141fd.bay141.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\vtsphlxp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 10598 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080108-130313-326 O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
backup-20080108-130314-532 O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
backup-20080108-130314-663 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
backup-20080108-130314-803 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
backup-20080108-130314-877 O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
backup-20080108-130314-985 O16 - DPF: {47A0FEE1-62CF-4ED7-9880-157EA709A651} (YouBet Product Viewer) - http://racing.youbet.com/wr_5_0/controls/ybpv.cab
backup-20080108-130315-489 O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_2/controls/ybrequest.cab
backup-20080108-130316-119 O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_0/controls/YBUICtrl.cab

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Roxio; Roxio's CDRAL>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda? Antivirus>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\vtsphlxp.exe /service <Not Verified; ; DDC>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Service: ialm

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DF PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&28F0
Service: Modem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp

2007-04-19 21:00:24 442 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-09 14:22:00 338944 --a------ C:\WINDOWS\system32\vturo.exe
2008-01-09 14:03:25 90176 --a------ C:\WINDOWS\system32\amlhvqvf.dll
2008-01-09 14:00:25 79936 --a------ C:\WINDOWS\system32\kfhncrmw.dll
2008-01-09 13:57:25 74304 --a------ C:\WINDOWS\system32\uvtqplit.exe <Not Verified; ; DDC>
2008-01-08 16:54:18 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-01-08 16:54:17 0 d-------- C:\Program Files\SpywareBlaster
2008-01-08 14:04:12 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda? Antivirus>
2008-01-08 13:26:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 12:18:01 335360 -----n--- C:\WINDOWS\system32\vturo.dll
2008-01-08 11:56:39 77888 --a------ C:\WINDOWS\system32\fxibhuxd.dll
2008-01-08 11:53:39 74304 --a------ C:\WINDOWS\system32\vtsphlxp.exe <Not Verified; ; DDC>
2008-01-07 22:03:14 0 d-------- C:\Program Files\Trend Micro
2008-01-06 22:07:19 0 d-------- C:\VundoFix Backups
2008-01-04 11:32:47 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Lavasoft
2008-01-04 11:25:02 0 dr-h----- C:\Documents and Settings\Administrator.BRAN\SendTo
2008-01-04 11:25:02 0 dr-h----- C:\Documents and Settings\Administrator.BRAN\Recent
2008-01-04 11:25:02 0 d--h----- C:\Documents and Settings\Administrator.BRAN\PrintHood
2008-01-04 11:25:02 0 d--h----- C:\Documents and Settings\Administrator.BRAN\NetHood
2008-01-04 11:25:02 0 dr------- C:\Documents and Settings\Administrator.BRAN\My Documents
2008-01-04 11:25:02 0 d--h----- C:\Documents and Settings\Administrator.BRAN\Local Settings
2008-01-04 11:25:02 0 dr------- C:\Documents and Settings\Administrator.BRAN\Favorites
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Desktop
2008-01-04 11:25:02 0 dr-h----- C:\Documents and Settings\Administrator.BRAN\Application Data
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Sun
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Real
2008-01-04 11:25:02 0 d---s---- C:\Documents and Settings\Administrator.BRAN\Application Data\Microsoft
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Jasc Software Inc
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Identities
2008-01-04 11:25:02 0 d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Gtek
2008-01-04 11:25:01 0 d--h----- C:\Documents and Settings\Administrator.BRAN\Templates
2008-01-04 11:25:01 2097152 --ah----- C:\Documents and Settings\Administrator.BRAN\NTUSER.DAT
2008-01-04 11:01:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-01-04 11:01:33 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-01-03 12:23:03 6291456 --a------ C:\Documents and Settings\Brandee\ntuser.dat
2008-01-03 12:22:11 340875 --ahs---- C:\WINDOWS\system32\orutv.ini2
2008-01-03 12:20:33 0 d-------- C:\Program Files\Temporary
2008-01-03 12:20:33 0 d-------- C:\Program Files\kernel
2008-01-03 12:20:19 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-03 12:17:37 134 --a------ C:\n.bat
2008-01-03 12:17:32 0 d--hs---- C:\WINDOWS\SHVnaCBTdHVsbA
2008-01-03 12:17:28 0 --a------ C:\x.dat
2008-01-03 12:17:23 0 --a------ C:\z.dat
2008-01-03 12:17:15 172032 --a------ C:\winlogon.exe
2008-01-03 12:17:13 0 d-------- C:\WINDOWS\system32\z9
2008-01-03 12:17:13 0 d-------- C:\WINDOWS\system32\z1
2008-01-03 12:17:13 0 d-------- C:\WINDOWS\system32\mr9
2008-01-03 12:17:13 0 d-------- C:\WINDOWS\system32\aj2
2008-01-03 12:17:06 0 d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 14:52:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-31 13:21:20 53760 --a------ C:\WINDOWS\b122.exe
2007-12-30 17:05:28 0 d-------- C:\Program Files\abrViewer.NET
2007-12-27 00:09:38 0 d-------- C:\Program Files\High-Logic
2007-12-27 00:09:38 0 d-------- C:\Documents and Settings\Brandee\Application Data\FontCreator
2007-12-26 03:37:33 0 d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-26 01:15:40 0 d-------- C:\Documents and Settings\Brandee\Application Data\ATI
2007-12-26 01:12:48 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-12-26 01:03:43 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-12-26 01:03:08 0 d-------- C:\Program Files\ATI Technologies
2007-12-26 01:01:26 0 d-------- C:\Diamond
2007-12-25 11:30:45 0 d-------- C:\Documents and Settings\Brandee\Application Data\U3
2007-12-20 01:46:17 0 d-------- C:\Documents and Settings\Brandee\Application Data\Mozilla
2007-12-20 01:45:43 0 d-------- C:\Documents and Settings\Brandee\Application Data\SecondLife
2007-12-20 01:45:09 0 d-------- C:\Program Files\SecondLife
2007-12-20 01:23:37 0 d-------- C:\Documents and Settings\Brandee\Application Data\Move Networks

-- Find3M Report ---------------------------------------------------------------

2008-01-09 14:22:40 0 d-------- C:\Program Files\QuickTime
2008-01-09 14:21:54 466944 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-09 14:21:52 495616 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-09 14:21:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 15:29:01 0 d-------- C:\Program Files\Palm
2008-01-08 15:23:44 0 d-------- C:\Program Files\MSN Messenger
2008-01-08 15:23:32 0 d-------- C:\Program Files\Last.fm
2008-01-08 15:17:52 0 d-------- C:\Program Files\Google
2008-01-07 21:50:34 0 d-------- C:\Documents and Settings\Brandee\Application Data\Adobe
2008-01-03 13:26:43 0 d-------- C:\Program Files\Messenger
2008-01-01 14:47:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-01 14:47:41 0 d-------- C:\Documents and Settings\Brandee\Application Data\AdobeUM
2007-12-28 13:36:41 0 d-------- C:\Documents and Settings\Brandee\Application Data\OpenOffice.org2
2007-12-26 01:03:23 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D9BFE8-ABD8-4C93-AA6D-A5D987BFE8DA}]
01/08/2008 12:18 PM 335360 --------- C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{893dcea9-7e70-4557-9623-d08e11e79b7d}]
01/09/2008 02:00 PM 79936 --a------ C:\WINDOWS\system32\kfhncrmw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F825DF-46E7-497A-A2A3-129741C57B72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/09/2008 02:21 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/09/2008 02:21 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/09/2008 02:21 PM]
"1c2fb1de"="C:\WINDOWS\system32\amlhvqvf.dll" [01/09/2008 02:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [01/09/2008 02:21 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [01/09/2008 02:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/09/2008 02:21 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

DESKTOP.INI [9/3/2002 9:00:00 AM]

DESKTOP.INI [9/3/2002 9:00:00 AM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [6/9/2004 2:27:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/23/2007 05:46 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmpmgr]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McUpdate]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-01-09 14:34:56 ------------

A: HijackThis Log - completed 5 steps

bump

anyone?

19 more replies

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans

I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------

Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

C:\Deckard\System Scanner\main.txt

5 more replies

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation

-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Do not do anything with this yet!

Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Use the arrow key to highlight Safe Mode and press Enter.

SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!

Save it to the Desktop

Double-click combofix.exe to run the program
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~

19 more replies

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint

-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe

A:Completed five steps...here is the log.

Bump!

3 more replies

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and

19 more replies

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location

A:No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe

4 more replies

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies

ok, i know i have malware on my computer. i read the 5 steps to do first....

step one-
i ran ad-aware (i have pro edition), no problems found,
aswell as spy bot s& d and cwschredder, all fine

syep two-i have norton and avg, no problems

step 3-none from that list

step 4-none from that list

step 5-can't update from windows, just get errors

here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:51 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JBOOGY\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\stng260[1].exe
C:\Program Files\a-squared\a2guard.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com

A:ok, difinitely need help. i have completed the five steps

Hi,

Quote:

If you are seeking help for spyware/antivirus issues, or wish to have your Hijack This log checked, please do not post here!

Post it at the HijackThis Log Help section. I think I mod will move this post.

5 more replies

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.

-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tom Roach.exe) -------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe

A:WinAntiVirusPro - 5 steps completed

2. Double click on combofix.exe & follow the prompts.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies

I'm using Windows XP, I installed, Spybot Search and Destroy and Spyware Blaster (basically completed all 5 steps).
The problem that I'm having is that my computer takes forever to turn on. Then there are alot of error messages (windows has encountered a problem in " " program and has to close), there are about 20 of these messages, all referring to windows/system32/XXXX.exe where xxxx are all different program files. Most of this started when my kids were playing an online game called Maple story (from Nexon) and a game called Banned story. I've also deleted a program called Absolute start up (that still seems to be lingering, as well as AOL instant messaging (aol always gives me problems). Also hard to get rid of is Spyware bot (as opposed to Spybot search and destroy). Previous to this mess that you see in my log, I ran my Mcafee virus scan and detected (& removed) several viruses (trojans, worms). I hope you can help me clean my mess! Please let me know if you need more info! I've attached the extra.txt. thank you!!!

Deckard's System Scanner v20070905.67
Run by Sandra on 2007-09-13 15:20:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
44: 2007-09-13 19:20:39 UTC - RP44 - Deckard's System Scann... Read more

A:Computer bogged down, I've completed the 5 steps

Hi.
Quite a bit to tidy up....

Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop g6euuloz4omli7
sc delete g6euuloz4omli7

Type Exit to close.

=================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

File::

C:\WINDOWS\system32\bi.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\zpoaktwskm.exe
C:\WINDOWS\system32\hklsyrutqdfb.exe
C:\WINDOWS\system32\zkxl.exe
C:\WINDOWS\system32\bxhrwlxbmfmk.exe
C:\WINDOWS\system32\snu.exe
C:\WINDOWS\system32\mzzen.exe
C:\WINDOWS\system32\uxlahgmomyk.exe
O C:\WINDOWS\system32\eni.exe
C:\WINDOWS\system32\aoebviepf.exe
C:\WINDOWS\system32\saqxdpoh.exe
C:\WINDOWS\system32\vlxriufvzco.exe
C:\WINDOWS\system32\szwdlrxb.exe
C:\WINDOWS\system32\xijw.exe
C:\WINDOWS\system32\ftmvqslxii.exe
C:\WINDOWS\system32\rlpawdwuggsf.exe
C:\WINDOWS\system32\mih.exe
C:\WINDOWS\system32\kdepcd.exe
C:\WINDOWS\system32\dqwdsti.exe
C:\WINDOWS\system32\dvbeqh.exe

15 more replies

Hi

Just the other night while reading a forum I regularly visit, popups started to happen, a TAG (SearchUs) icon appeared on the desktop, Outerinfo appeared in the task bar, MS Office install window pops up, and a few others.

I have AVG, SpywareBlaster, Spybot, and a few other on my PC. After running them Spybot was able to remove a few but the Smitfraud-C.CoreService remained. All of the above symptoms are still happening about every 15 minutes or so.

I completed the first 5 basic steps from this forum you are supposed to do before posting a log. AdAware detected nothing. Panda detected 1 Virus, 37 Spyware, and 6 Hacking Tools/Rootkits. Hopefully somebody can help me. Here is the info...

PANDA:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vturppm.dll

A:Smitfraud-C.CoreService, completed the 5 STEPS

PS: It took me 5 hours to do the above (yes... 5 hours) and do the 5 steps.

I took the time to follow the forum rules when posting logs and asking for help.

I hope somebody takes the time to help so the hours I invested don't go to waste.

Many thanks.

8 more replies

And by completed the steps i mean i wasnt able to partially do any of the five steps

Step 1: I cant access the add/remove programs option on the control panel, it comes up with this message.

This file does not have a program associated with it for performing this action. Create an association in the folder options control panel.

Step 2: I cant use email on the computer, keeps saying cookies are disabled even though i put it to allow all.

Step 3: Well i never cleaned the system so why bother trying to install these programs? I probably wouldnt be able to install them anyway.

Step 4: When i go to the update site, it says it cant continue because one of the following programs isnt working
BITS
event log
i follow there directions, my computer refuses to allow me to enable automatic updates

Step 5: im not downloading that program because the way it looks im gonna have restore my system

so is my system completly messed up or can you guys help me out?

More replies

I am experiencing Browser hijacking and pop ups in new tabs.
nothing else yet, that I know of, except a ding (like the one we hear when we click on something that won't work) that just sounds for no reason.
Attached is the requested logs. Thank you so much, in advance.
**All scans were done in safe-mode**

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 13:01:21.76 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.363 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

A:First Steps completed, ready for analysis

Hi,

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

12 more replies

Hello and this is my first post.. I'm using an account a friend let me use.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66

A:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies

Hi all,

this is my first post and I wish it was on better terms. I am getting pop ups telling me that I have Win32.trojan.rx My back round on my desk top turned red and I have no access to my task manager.

Things I have already tried (hopes this helps in coming to a quicker resolution)

1) Run Adaware in safe mode
2) Run Spybot in safe mode
3) Run Ez Armor virus scanner in safe mode
4) Run cc Cleaner in safe mode
5) Delete temporary internet files
6) down loaded but have not yet run AVG anti virus.
7) Looked for suppicious items in control panel (ad remove programs) found slotchbar but cannot remove it.

My biggest fear is that this trojan got a hold of my banking and credit information. Is there anyway to confirm?

Listed below is my Hijack this log. I know you are all very busy and appreciate your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:34:58 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE

A:Win32.trojan.rx Need help (completed basic steps)

Update:

I also ran SmitFraudFix and had it clean files as well.

I dont know if the problem is fixed but I now have access to my back round and task manager. My computer is also NOT alerting me any more telling me I have a virus.

Im skeptical to think I am cured but I posted both the smitfraud fix log and a new Hijackthis log below. Please review and let me know. Thanks for your help.

SmitFraudFix v2.194[/B]

Scan done at 15:10:25.20, Sat 06/09/2007
Run from C:\Documents and Settings\John Pagnotta\Desktop\Antivirus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

???????????????????????? Killing process

???????????????????????? hosts

127.0.0.1 localhost

???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri

???????????????????????? Deleting infected files

C:\WINDOWS\susp.exe Deleted

???????????????????????? DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7

14 more replies

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:43 PM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exeC:\Program Files\Common Files\AOL\1133363615\ee\AOLSoftware.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\CreataCard\Gold\FMRemind.exeC:\Prog... Read more

A:Hijack This Report-prior Steps Completed

Hello bigdaddy43 and welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log.Please tell me what is wrong with this computer. Thank you for your patience.

6 more replies

Hi,

I have picked up a virus that has deleted my anti-virus programs and prevents me from installing any new ones. I can install them, but the "exe" file is immediately deleted. I am also prevented from booting into safe mode-I get a message that states there have been hardware or software changes that prevent this. I am also unable to activate my firewall protection. I would certainly appreciate any assistance!!!

Deckard's System Scanner v20070809.63
Run by rickir on 2007-08-15 at 07:28:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
97: 2007-08-15 12:28:55 UTC - RP796 - Deckard's System Scanner Restore Point
96: 2007-08-14 19:18:09 UTC - RP795 - Installed AVG 7.5
95: 2007-08-14 19:05:17 UTC - RP794 - Installed AVG 7.5
94: 2007-08-14 18:48:19 UTC - RP793 - Installed AVG 7.5
93: 2007-08-14 18:43:12 UTC - RP792 - Installed AVG 7.5

-- First Restore Point --
1: 2007-05-17 22:53:35 UTC - RP700 - Installed WordPerfect Lightning.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as rickir.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:39 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

A:Virus deletes antivius progs-steps 1-5 completed

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I'd advise you to first back up any valued data now. If you really have a file infector, your OS may be in serious jeopardy. That said, you were able to run DSS, so it may just be that the infection is disabling the AV, not deleting it. I still see services from Avast in your logs.

---------------------------------------------------------------------------------------------

Please disable Winpatrol, as it may hinder the removal of some entries. You can re-enable it after you're clean.
Right click the running icon of winpatrol, and choose exit.

---------------------------------------------------------------------------------------------

Open HijackThis and click o... Read more

15 more replies

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
69: 2008-01-31 01:28:43 UTC - RP952 - Deckard's System Scanner Restore Point
68: 2008-01-30 17:13:30 UTC - RP951 - Software Distribution Service 3.0
67: 2008-01-29 04:16:44 UTC - RP950 - System Checkpoint
66: 2008-01-28 02:45:48 UTC - RP949 - Installed Ad-Aware 2007
65: 2008-01-27 08:45:23 UTC - RP948 - System Checkpoint

-- First Restore Point --
1: 2008-01-23 03:35:38 UTC - RP884 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 127 MiB (512 MiB recommended).
System Drive C: has 2.41 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-30 19:33:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

A:Spyware and viruses slowing computer (completed all five steps)

BUMP

Did I do something wrong? This is my third post and nobody has answered, I really need help.

2 more replies

Deckard's System Scanner v20071014.68
Run by David Anderson on 2008-01-27 11:16:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
16: 2008-01-27 18:13:39 UTC - RP1115 - Software Distribution Service 3.0
15: 2008-01-27 17:26:16 UTC - RP1114 - Software Distribution Service 3.0
14: 2008-01-26 23:57:46 UTC - RP1113 - Software Distribution Service 3.0
13: 2008-01-26 23:04:19 UTC - RP1112 - Software Distribution Service 3.0
12: 2008-01-26 22:56:02 UTC - RP1111 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-01-11 13:37:32 UTC - RP1100 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-27 11:39:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:spyguard pro infection (steps completed and logs are included)

Bump!

2 more replies

Hi all,

Both firefox and ie are not working for many websites. Google search being diverted to ad sites. I have followed the 5 steps process and attached panda results and extra.txt files are attached. Main.txt contents is pasted below. Thanks a lot in advance for helping me.

Deckard's System Scanner v20071014.68
Run by KAravind on 2008-06-22 18:01:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-06-22 22:01:17 UTC - RP44 - Deckard's System Scanner Restore Point
1: 2008-06-22 07:24:21 UTC - RP43 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as KAravind.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe

A:IE popups + Google search not working in firefox - 5 steps completed

Hi, welcome to tsf!

sorry for the delay.

if you still need assistance, please post a fresh main.txt log.

1 more replies

Please help my laptop keep telling me i have worm.win32.netsky all 5 steps completed. Main.txt below and extra attached. Thanks for all the advice - newbie with no clue

Deckard's System Scanner v20071014.68
Run by Davinia on 2007-11-23 17:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
64: 2007-11-23 17:26:44 UTC - RP170 - Deckard's System Scanner Restore Point
63: 2007-11-22 21:44:56 UTC - RP169 - System Checkpoint
62: 2007-11-18 19:34:31 UTC - RP168 - Removed LiveUpdate Notice (Symantec Corporation)
61: 2007-11-15 13:27:46 UTC - RP167 - Software Distribution Service 3.0
60: 2007-11-13 16:15:21 UTC - RP166 - System Checkpoint

-- First Restore Point --
1: 2007-08-25 10:58:20 UTC - RP107 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 17:29:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe

A:laptop popup says it has worm.win32.netsky all 5 steps completed.

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.

Extract the files to the Desktop

~~~~
Start the computer in Safe Mode:When the machine reboots, tap the F8 key before Windows starts
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Restart the computer to complete the removal process.

~~~~
Save it to the Desktop

Double-click combofix.exe to run the program
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~

4 more replies

Hello
I have been having an issue with Winantivirus pop-ups which have led to various spyware and adware infections. I have seen many variations to the pop-up including winantivius, winantiviruspro, errorprotection, winantispyware, as well as many pop-up and new browser window ads. I have also noticed minor degradation in system performance.

I have completed the 5 steps and have all logs from scans available.
Below is the main text file and attached is the extra text file from the Deckard scan.

I am not sure what additional information would be helpful to the analyst. One concern i have is that SP2 has already been installed. If anyone could assist I would greatly appreciate it.

Thanks
Matt

Deckard's System Scanner v20070905.67
Run by Matthew on 2007-09-07 18:52:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2007-09-07 22:52:52 UTC - RP217 - Deckard's System Scanner Restore Point
3: 2007-09-07 22:30:56 UTC - RP216 - Software Distribution Service 3.0
2: 2007-09-07 18:22:20 UTC - RP215 - Removed Get High Speed Internet!
1: 2007-09-07 16:32:35 UTC - RP214 - Installed Windows Internet Explorer 7.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Matthew.exe) ------... Read more

A:Winantivirus and related PUP adware spyware issues. 5 steps completed

Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

==============================

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

9 more replies

I haven't really scanned this computer ever, but the school I went to offered free antivirus software called Counterspy which I've used to scan recently. It detected a whole lot (with updated definitions) such as various pieces of spyware, and some trojans in my Outlook email, which I just ended up deleting as a whole, but I had a feeling there is much more going on.

I followed the steps and the only thing notable to point out about step 1 is that I had the viewpoint media player, which I uninstalled. I have no clue how that even got installed.

Here are the logs:

dss main.txt:
Deckard's System Scanner v20070826.66
Run by Admin on 2007-09-05 13:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.71 GiB (less than 15%) free.

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:00 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

A:Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

================================

Install it and double-click the icon on your desktop to run it.
? It will ask if you want to update the program definitions, click Yes.
? Under Configuration and Preferences, click the Preferences button.
? Click the Scanning Control tab.
? Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
? On the main screen, under Scan for Harmful Software click Scan your computer.
? On the left check C:\Fixed Drive.
? On the right, under Complete Scan, choose Perform Complete Scan.
? Click Next to start the scan. Please be patient while it scans your computer.
? After the scan is complete a summary box will appear. Click OK.
? Make sure everything in the white box has a check next to it, then click Next.
? It will quarantine what it found and if it asks if ... Read more

5 more replies

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

A:Antispyware Soft Infection: Removal steps completed but still having issues....

13 more replies

Thanks for your help. Chrome stalls and when closed it takes 5 or 6 tries to re-open. Start-up is also VERY slow? I completed the logs you need, I don't have a Windows Install disc or a Boot CD, but I have made a backup. thanks, - Jason

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Jason at 14:00:44 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1656 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

A:Completed initial scans/steps -- browser stalls and slow start-up

3 more replies

A:Unknown malware or trojan - initial steps completed per initial posting instruction

2 more replies

The cpu is running 98 to 100% most of the time. i was chasing "Rogue.WinSpywareProtect" for weeks. Found the guide and did it .Step seven request I post two reports "Deckard's System Scan and Kaspersky OnLine Scanner".Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft? Windows Vista? Home Basic (build 6001) SP 1.0Architecture: X86; Language: EnglishCPU 0: AMD Sempron™ Processor 3200+Percentage of Memory in Use: 77%Physical Memory (total/avail): 445.76 MiB / 101.65 MiBPagefile Memory (total/avail): 1436.62 MiB / 310.11 MiBVirtual Memory (total/avail): 2047.88 MiB / 1778.3 MiBC: is Fixed (NTFS) - 39.78 GiB total, 1.14 GiB free. D: is CDROM (No Media)E: is Fixed (NTFS) - 4.88 GiB total, 4.79 GiB free. F: is Removable (No Media)G: is Removable (No Media)H: is Removable (No Media)I: is Removable (No Media)J: is Fixed (NTFS) - 0.98 GiB total, 0.94 GiB free. K: is Fixed (NTFS) - 28.89 GiB total, 27.24 GiB free. \\.\PHYSICALDRIVE0 - WDC WD80 0BD-22MRA1 SCSI Disk Device - 74.53 GiB - 4 partitions \PARTITION0 (bootable) - Installable File System - 39.78 GiB - C: \PARTITION1 - Installable File System - 4.88 GiB - E: \PARTITION2 - Installable File System - 1000 MiB - J: \PARTITION3 - Extended w/Extended In... Read more

A:I Just Completed The "preparation Guide For Use Before Posting A Hijackthis Log"

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

First
Seeing its been a number of days since your original scanning with HJT could you please run HJT now and post a fresh HJT log back to this topic please.

Next

Start HijackThis Click on the Config button Click on the Misc Tools button Click on the Open Uninstall Manager button. You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking o... Read more

2 more replies

can I do all these in safe mode with the exact same results?? Its pretty difficult fixing the problems when you have multiple malware programs popping up.

A:the first 5 steps and hijackthis

I see you're receiving help from shaferintl already...but to answer your question, and anyone else who may read this...we do take this scenario into account in Step 1.

http://www.techsupportforum.com/secu...oval-help.html

Quote:

It is appreciated that the level of infection may not allow you to complete all these steps. Therefore, if for some reason you cannot perform one of the steps, move on to the next step and advise the Analyst accordingly when you post the requested logs.

So, you do what you can.

Safe mode will not produce the exact same results, as many processes are not running in Safe Mode. One should not connect to the internet while using Safe Mode if infected (except in extreme situations), as most protection applications are not active in Safe Mode.

A set of logs from Deckard's System Scanner (DSS), as shown in Step 5, is usually pretty easy to get even if there are popups, and it's more comprehensive than HijackThis alone is.

1 more replies

Hi, my system has been infiltrated with about:blank. I am running Windows XP Pro. I viewed some of the other posts and did the following so far:

CWShredder - updated and ran
-- restarted comp
-- restarted comp
Spybot S&D - updated and ran
-- restarted comp

after each restart I was getting error messages like,
Windows cannot find C:\WINDOWS\javahi.exe
Windows cannot find C:\WINDOWS\system32\iptx32.exe
Windows cannot find C:\WINDOWS\crmm32.exe

after the last restart I tried to run the online virus check at Trendmicro but it kept crashing the browser ;(

here is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:18:52 PM, on 4/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\msxr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntmf.exe

10 more replies

Hi ,
I ran the Hijackthis tool on system.
Enclosed the log file generated.
please verify the log once & mail me the process of removing malicious virueses/spyware/malware.

plz find log @ "Folder Options" Missing Under "View"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:19 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
c:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\heap41a\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\WLTRAY.exe

A:Please Verify my Hijackthis log of my system & adivse the steps to be done

Hi

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

1 more replies

Hiya guys, been googling for solutions 5 hours / scanning / deleting / removing programs. I had an old java version sitting on the cpu, probly allowed this crap in and my sister on the cpu (whos internet-safety-intellectually-deficient) who tends to click on "yes" for stuff.

Problem: WinAntiVirusPro Popups come up in droves, but randomly. Four hours of nothing, then one after another..like a porn ad / popup, if you close it the next page comes up, turning into a loop. Just in the last little bit: Drive Cleaner popups like madwhich replace whatever browser im currently typing (this is my second time typing this post).

Can't get rid of it. Help me out

My system / tools / what I've run:
Zonelabs freeware firewall, AVG Free, SpyBot, Panda Virus Scan, Trend Micro freeware scanner / blocker, SpyCatcher (by Tenebril). Those last three I just installed / ran today because some other forums had results with that.

I've run VundoFix.exe as such: (advice from the spybot forums I think):
>>>
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please restart your computer into Safe Mode.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
A command window will open and it should look like this:

VundoFix V2.15 by Atri
By pressing enter you agree that you... Read more

A:Hijackthis: did readme steps, WinantiVirusPro popups / DriveCleaner

Hello and welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies

My computer had something called either "winantiviruspro2007" or "winantivirus2007," I can't remember which.

I went through the removal instructions located here:
http://www.pchell.com/support/smitfraud.shtml

My popups seem to be gone, but my computer still takes a whopping 14 minutes to load, instead of my customary 3-5. I suspect that there are remnants of the spyware left on my computer that are interfering with my computer's activity.

Here is my HijackThis log. Thanks in advance for any help and assistance you can provide! I truly appreciate it!

---------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:35:15 AM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\RunDll32.exe

A:Did steps to remove "winantivirus" - computer still slow! *HijackThis log included.*

Oh no, no posts or answers! Am I incurable?

1 more replies

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.

5 more replies

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

A:Installation not completed

6 more replies

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John

A:Synchronization Cannot be Completed..

6 more replies

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:

Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs

When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.

7 more replies

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------

3 more replies

Model HP 15 notebook PCProduct no. J8B82PA#ACJRam 4gbHard disk 1tb HDDProcessor Intel core i3 1.70 GHzWin does 8.1 64 bit

More replies

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

More replies

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:

Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies

I had a problem with my yoga 700 11". The laptop freezes every so often (3-6 hours). At first I thought it's the drivers that need to be updated, then Windows 10 updates, then BIOS update.I tried all of that but the problem still persisted. I did the recovery reset but still the same... I created Linux system on USB flash drive and booted the laptop with it. Even under Linux the laptop was freezing.I contacted lenovo support team and they said the laptop needs to be repaired and they send me the return free postage vocher. I put my laptop in the original box and posted it as I was instructed (for some reason it was send to Germany). The company name that issued me with the postage slip was MEDION AG - A Lenovo CompanyAfter 13 days I got an email saying:"...After assessing your device, the repair center has deemed that a repair cannot be completed under the manufacturer?s warranty due the case of the device showing signs of inappropriate treatment. ..." There were two pdf documents attached to the email. one with the detailed photos of the damage ( see photo attached) and the other one, the cost estimate document. In the document I was given two options:1. accept the cost of repair (£54.65)2. not accept and the laptop would be return to me (I would be still charged fat price of £44.07)My reply was that I do not recall the laptop having this damage and I always looked after it. I was suprised when I saw the photo. I also added that my main concern was that th... Read more

More replies

Dear Broni and All,

I have completed all steps, and ran the security programmes recommended in this thread:

http://www.techspot.com/community/topics/keep-getting-stupid-shopping-malware-installed.208648/

However, I am still getting pop-ups and adware related problems, which means that the underlying problem has not been resolved.
These are the programmes that I have run (today, 18/05/2015):
-RogueKiller
-Mbar
-AdwCleaner (it removed NickelBlock, AllCheeiaPPPriCe, DowwnSaave, SaVieNeewaApupoz)
-Junkware Remover
-Farbar Recovery Tool
-Farbar Security Scanner
-Security Check
-Tempfile Cleaner

I am currently running Sophos.
My laptop runs Windows 8.1, and Combofix does not support it.
The antivirus that I have is Kaspersky (I previously had Microsoft Security Essential), and Windows Defender. The malware was not detected by a Kaspersky and Spybot full scan a few days ago. However, on the 26th of April, I manually uninstalled some adware, and then ran full scans, which showed nothing.

As you can imagine, I don't think I have many options left, and formatting my laptop is a dreadful prospect. I was wondering if you could give me some advice.
I have kept all logs of the security programmes that I've run.

Thank you in advance, and looking forward to hearing from you.

A:Completed all instructions, but still getting adware pop-ups

Welcome aboard

Never follow steps from other topics. Every computer is unique.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

57 more replies

The action can?t be completed because the folder or a file in it is open in another program. I suspect that my anti virus, Norton 360, is stopping me from deleting a specific folder, it happens only in one specific folder.
When I restart my computer, it takes time to the regular background tasks to "wake up", so I can delete it once the computer turns on, but then something stops me from deleting the folder. I am not sure if it is Norton 360, or another problem.
Would it be a Malware?

A:The action can’t be completed because the folder or a f...

not positive what it could be ,anything knowing computers .
to see if its Norton 360. disconnect from intern ,disable Norton360 temporally ,how to do so will be in the settings of Norton , after its disable try deleting file.

just found this in google ,how to disable Norton temporally .

Try right clicking on the 360 icon in your notification area. You should be able to disable protection features for a specified time. Remember that you are unprotected while doing this, so you should disconnect from the Internet while doing this. Remember to reset the protection when you are finished.

6 more replies

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService

A:Infected PC with some Removal Completed

Attached file ...

3 more replies

Not sure if this is the correct forum to post this in but..

Have installed Windows 8 64bit on three computers, all similar spec (amd a8 processors and gigabyte f2 motherboards with 8gig ram.)

Windows seems to be ok in every other respect other than I am getting an error in the metro store. When trying to install any app I get the error:

I have searched the internet for this error, and although I can find similar errors, I can see no one else having the error code with the same scrambled type.

We got around the error by signing in to a microsoft account, but then we are unable to create a pin for said account (the cursor just spins).

This happens on all three computers.

Any help greatly appreciated.

Have you tried copying & pasting the error code in Google ?

I find that helps.

EDIT--

Perhaps this phone number will help.
I've used it & got good help from Microsoft.

Microsoft Product Support Customer Phone Number | Shortest Wait | Best Support | GetHuman.com

2 more replies

I'll give some background.

I have a tri-boot setup. Windows 8 one ssd, windows 7 pro on a second ssd and ubuntu 13.04 on a partition on a 2 gig raid 1. The boot partition is on the windows 7 ssd. All drives are on the same Intel controller. Prior to the 8.1 attempt it worked. I'd boot the w7 ssd and a black win7 style boot screen would appear with the 3 OS choices. I'd been using win 8 as primary since it's release with no real issues.

I updated through the store early today and the process had a hitch after the first reboot but I rebooted and it completed the install. Windows 8.1 started and walked me though an initial setup. Once in, all looked pretty much unchanged. The only issued was it asked me to reinstall some XLan software.

I rebooted to check my other OS's and the problems began. I boot up, it loaded the blue win8 boot screen with all 3 OS present when I attempted to boot ubuntu it went to a black screen with no possible input. Hard rebooting brought up the grub bootloader (not win8 bootscreen) and I was able to enter ubuntu. Same thing happened with win 7 pro. I soft rebooted and the win 8 bootscreen appeared. Choosing win 7 took me to a hung black screen - hard reboot directly started up win 7. Restarting to win 8 bootscreen again and choosing win8.1 took me to another black screen - Hard reboot from there started up a win 8 repair process.

This is always the case with each of the 3 OS's. I have found that I can get into win8 if I enter through safe mode ... Read more

A:8.1 update completed but problematic

I have the exact same problem. I even had the XLan error you described. Once I restarted the computer, it always go to a black screen. I do not have multiple OS's to boot into, but the black screen always comes up after the little blue windows 8 loading screen.

Update:

When I tried your suggestion of enabling Debugging, it loaded up. However, 1-2 minutes later it would freeze and I would have to push the reset button on the machine. In Safe Mode, I didn't have any of the freezing, but when I tried to uninstall Norton Internet Security, it would freeze. After a restart, I downloaded the Norton Removal Tool, and removed Norton. At this point, starting Windows 8.1 with Debugging allows me to stay freeze-free. However, trying to start up without Debugging gives me the same black screen.

Another thing to note is that when I have all non-Microsoft services stopped, I still get the black screen upon bootup. I'm not quite sure what Debugging mode does in terms of bootup, but its definitely a workaround for now. I used msconfig.exe to keep debugging turned on for now.

Again, if someone figures out the fix, report back.

2 more replies

I got my P50 a few weeks ago and yesterday its LCD went half black. OK, this happens.I turned it into authorized premium repair center and they got LCD replaced (as my P50 is under warranty). No big deal.However, they could not re-calibrate the new LCD screen because I do not run Windows on my P50 (running Kubuntu).It would not be a big deal either (the Panel Replacement Utility they have does not run on Linux, but I can live without that), however there is one worrying thing: by my request, they printed Lenove repair instructions for me where it is stated, that "Failing to run the Panel Replacement Utility program will require another LCD panel replacement". Please note "will require". My interpretation of this statement is that LCD will fail again unless I run this Panel Replacement Utility which requires Windows (not Linux version exists). Repair guys could not comment on that in either direction.REALLY????So, despite the fact that nor P50 user guide nor warranty description limit me from using non-Windows OS, the P50 cannot be repaired to be used in full capacity unless I use Windows.Do I miss anything? Is this an official position of Lenovo on non-Windows OS use on ThinkPad P50?

More replies

I've run CHKDSK on a couple of laptops today, and in each case, after hanging for ages around 10-11%, the laptop rebooted while my back was turned. (The process was run at boot and the internet was not connected at the time.)

Is there a way to check if the process completed and what it did?

There is a CBS log with today's date, with entries that correspond time-wise to the CHKDSK activity, but I don't understand them. At the end there are several entries like this:

Can anyone explain what this means please, and if I have a problem?

Coincidentally (or not) There are similar 'Failed to internally open....' entries in the CBS log from when I turned the laptop back on later in the morning.

A:How do I know if CHKDSK completed successfully?

Hi, check this tutorials CHKDSK - Check a Drive for Errors in Windows 8 and Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums to see if they will help you.

Good luck, werty

3 more replies

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

A:Completed all self-help tutorials, still have rootkit

22 more replies

G'day, I'm running Windows 7 Home premium on a Dell Inspiron laptop.

When I am trying to organise my music files and folders in my music Library I randomly get this error:

The action can't be completed because the folder or a file in it is open in another program.

But there can be nothing else open, no media player, (neither WMP or Media Monkey which I usually use), or any other window open at all. This is intermittent. Sometimes it works sometimes it doesn't.

For example; I just discovered that I have a Chris De Burgh folder with a couple albums in it and another folder titled Chris De Burgh - Greatest Hits. I decided to move the latter into the former and rename the latter to simply Greatest Hits. At first it wouldn't copy into the Chris de Burgh folder at all and the dreaded error came up. I clicked on another folder, went back and tried again and it worked. After putting the CDB-GH folder into the CDB one I tried to rename it, (without opening it). The action can't be completed blah blah blah. Retry doesn't work. This time I had to close windows explorer and open it again and browse to the folder and rename it.

Sometimes it works first go, sometimes you have to click elsewhere then come back to it, sometimes you have to close explorer, sometimes it simply refuses until I restart the pooter. I've tried deleting everything in the temp folder, (%temp%) but there are files in here which won't delete either coming up with the same message. I guarantee that the f... Read more

More replies

After the automatic update this morning my desktop shows normal - BUT NO MOUSE. A warning pops out in the lower right corner that says something about the update did not complete - Click for details, But I can't click on anything!!!

A:W10 Update not completed - No Mouse

Can you use the cursor arrows to navigate there?

2 more replies

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Applicat... Read more

A:Combofix completed - need help with log file

2 more replies

I just started using Microsoft 2010 and in the Outlook tasks I have created recurring tasks. In the old XP version when I completed a recurring task, the completed task would move to the top of the list. Now, it just puts it below the original task. Is there a way to automatically move completed tasks to the top of the page?

More replies

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..

- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.

i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..

i hope you can help me about how to proceed.

thanks++
iggy

ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

3 more replies

I apologize if this forum is meant for tech people as I'm a novice computer user, but I really need help.  I have Windows 7 x64 and I used RoboCopy for the first time, and have messed up royally.  I was trying to copy folders and files from my
computer to an external hard drive.  My external hard drive had important files and folders on it already, and I thought that copying more data using RoboCopy would just add to it, but it deleted everything that was on the external hard drive when it
Can I undo what just happened?  Is there any way to revert?  Or maybe there's some way to recover that deleted data?
I used:  Robocopy C:\Users\Name\Documents F:/MIR /dcopy:T
I would be really grateful to be helped.  Thanks in advance.

More replies

Hi, I just built a new computer, and it's running XP Pro 64-bit. It ran fine for the first week, but now I'm getting a problem everytime I open "My Computer". Instead of showing my drives, it does the search animation. After a minute or two, it will either find all the drives, or it will say something like "This operation could not be completed because (something) is being used by another program." and gives me two options: "Retry", or "Switch To". When I click "Switch To" it opens my "Start" menu.

A (possibly) related problem is when I open IE, I get shown a set-up menu, but when I click "Save Changes" the webpage hangs. I can bypass this and use the internet fine though. Also, my computer randomly hangs sometimes when playing games.

I'm pretty disappointed with all these errors on what was supposed to be my fresh computer... Any help is appreciated.

More replies

I am using SQL Server 7.0.
I have databases DB1 (only current values) and DB2 (both current and old - keeps history). When I update (or insert), on DB1, a copy of the row I am working on has to be sent to DB2 using a trigger. What gets completed first? The update process on DB1 or the action started by the trigger? I am asking this because of what I found at this site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_da_1tup.asp

…..
You can use the FOR clause to specify when a trigger is executed:
AFTER
The trigger executes after the statement that triggered it completes. If the statement fails with an error, such as a constraint violation or syntax error, the trigger is not executed. AFTER triggers cannot be specified for views, they can only be specified for tables. You can specify multiple AFTER triggers for each triggering action (INSERT, UPDATE, or DELETE). If you have multiple AFTER triggers for a table, you can use sp_settriggerorder to define which AFTER trigger fires first and which fires last. All other AFTER triggers besides the first and last fire in an undefined order which you cannot control.

AFTER is the default in SQL Server 2000. You could not specify AFTER or INSTEAD OF in SQL Server version 7.0 or earlier, all triggers in those versions operated as AFTER triggers.

…..

This statement sounds confusing?

A:Which is completed 1st? a transaction or a trigger?

Microsoft® SQL Server™ 2000 provides two primary mechanisms for enforcing business rules and data integrity: constraints and triggers. A trigger is a special type of stored procedure that automatically takes effect when the data in a specified table is modified. A trigger is invoked in response to an INSERT, UPDATE, or DELETE statement. A trigger can query other tables and can include complex Transact-SQL statements. The trigger and the statement that fires it are treated as a single transaction, which can be rolled back from within the trigger. If a severe error is detected (for example, insufficient disk space), the entire transaction automatically rolls back.
This means that the trigger completes before the transaction, you can rollback a transaction within a trigger as mentioned above so in your case the action started by the trigger completes before the update action.

2 more replies

Hello TSF -

Recently, i have had a problem with my system restore. After i attempt a restore, the computer reboots fine and acts as if it did the restore, but when i sign it, i get a messege saying system restore incomplete, or something along those lines. I decided to check the sr.inf file, right clicked and clicked install, but it said i need a windows XP sp3 cd, and i only have the original SP2 cd, not Sp3. Also i'm not sure if that will even fix the probem, has anyone else seen this problem? any help would be greatly appreciated!

-Thank you.

More replies

Hello,

This is a follow-up to my original thread here -

http://www.sevenforums.com/crashes-d...ease-help.html

I completed 1 RMA with HP and the teleplan service center guys sent me the machine back with the note - no issues found, reloaded OS. This time they loaded the OS with SATA controller as IDE as opposed to the default RAID setting that had come when I had purchased the system.

I let it run overnight hoping for the best but see the BSOD error in morning - I would really appreciate if somebody can pin point the issue so in the next RMA I can advise HP Teleplan guys about it - they seem to not spend great deal of time researching the issue but try to do a quick fix that obviously didn't work.

PS - my System specs -

System Manufacturer/Model Number HP Pavilion Elite HPE-210F
OS Windows 7 Home Premium 64 Bit
CPU AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core
Motherboard H-RS880-uATX (Aloe)
Memory 8 GB PC3-10600 MB/sec (message as PC3-8500)
Graphics Card ATI Radeon HD 5450
Sound Card Integrated Realtec ALC888S Audio
Monitor(s) Displays Acer? H243H
Screen Resolution 1920 x 1080
Keyboard HP USB
Mouse Microsoft Compact Optical Mouse Model: 1016
PSU Bestec 300W
Case Mid-size ATX
Hard Drives Western Digital Caviar Green WD10EADS-65M28X
Internet Speed ATT DSL 6 MBPS

A:1st RMA completed - still random BSOD

Your dumps indicate conflicts and memory corruption. Uninstall Symantec using this removal tool: Tool. Many third party security programs create conflicts with Win 7 and Norton is no exception. Norton was involved in one of the crashes. Download and install Microsoft Security Essentials. It will not cause conflicts. Make sure Windows firewall is turned on.

Uninstall or upgrade CyberLink. Its driver, 000.fcl, Fri Sep 26 09:11:22 2008, is out of date. Outdated drivers can and do cause conflicts and BSOD's.

I find another slightly out of date driver loaded on your system. Update this driver from the link provided.

Quote:
usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers). http://support.amd.com/us/Pages/AMDSupportHub.aspx. Update this driver.

Follow these suggestion, reboot and let's see if your system is more stable. Post back and let us know. If you get anohter BSOD, upload it and we will go from there.

Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff80002804000 PsLoadedModuleList = 0xfffff80002a41e50
Debug session time: Thu Dec 16 09:41:31.624 2010 (GMT-5)
System Uptime: 0 days 8:53:11.013
...............................................................

8 more replies

Hi, I have already run Ad-aware using the required settings multiple times and removed everything I can on my own. Ad-aware could not remove iboboi.dll and I believe that is the root of my problem. But on startup that file is gone.

Here is my hijack this log, with the analyzer. Thank you in advance for the help!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVir... Read more

A:Urllogic Pop-ups, completed all prereqs

Let's see if these logs will show us anything:

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet.

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer (unless the instructions say so). If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Open up HijackThis and go to Config->Misc Tools and check the first two boxes there. Now click on the Generate StartupList log button. Post that log in your next post.

Right click on this link and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on Silent Runners to run it. This will take a few minutes. It will create a file called Startup Programs followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download Find-qoologic. Unzip the files to your Desktop. Open the qoologic folder and run the qoologic.bat file. Wait a few minutes for it to finish. When the dos window disappears, go to your C: drive and open up the log.txt file. Copy and p... Read more

7 more replies

Recently installed kaspersky pure 2. 0 .Getting error message that backup task has not been completed. I have read that this is a known issue. Is there a solution to correct this problem? Thanks.

A:backup task has not been completed

Welcome to Seven Forumsnancy159. As you say, this is a known issue

Quote:
5. Main known issues

The maximum size limit for Quarantine and Backup and Restore does not work.
Some application windows do not correspond to Microsoft computer management from keyboard standards.
Groups of windows cannot be closed through Windows 7 taskbar.
Application window cannot be closed through Windows 7 taskbar preview.
"A backup task has not been completed" status is displayed in the general protection status and in the Backup and Restore section when backup tasks are performed.
Protection parameters cannot be reverted to default values.
AVZ reports cannot be created under 64-bit operating systems.
In some cases, characters cannot be entered using the Virtual Keyboard in entry fields of web browsers or applications.
When in Safe Run mode, Microsoft Outlook Express (Windows Mail) email client may fail to display some email messages received from the standard Microsoft Windows environment.

Kaspersky PURE 2.0: commercial release (build 12.0.1.288)

Have you tried creating a backup task?

How to create a backup task in Kaspersky PURE 2.0?

A Guy

1 more replies

Hi

Looking for some help resolving this issue. Computer was acting strange. Scanned with Norton 360 and Malwarebytes and found nothing. Ran TDSSkiller, found and removed a rootkit. Now, when I try to  run Combofix, it stops at Stage 48. The hard drive light is solid, so I figured it would eventually complete, but it does not.

Can you help?

thanks

drobtoy

A:stuck on 'Completed Stage_48'

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

19 more replies

Thanks a lot to everybody who paid attention to my problems with windows 7 installation.

Finally I went to my university and took from their a windows 7 pro dvd and everything worked perfect. I also managed to install the windows over both windows XP and 7 thanks to your advices and tutorials.
Thanks a lot once again from the not so hot now Greece

A:Installation completed with success!!!!

You're welcome! Thanks for posting back. It means a lot to those that have worked hard to help others when they come back with thanks.

2 more replies

Hi I just completed my second homebuild, I installed windows 7 pro and have been running it for over two weeks now, (got it pre release from msdna for free, thats right free, gotta love being a student, as many copies of 7, vista, xp and visual studio, and tons of other cool software for nada.)

anyway:
asus m4a78-e mobo
8gb (4x2gb) ddr3 ram
amd phenom II 945 3.0ghz quad core processor.
xfx hd 4850 1gb gddr3 gpu 256 bit with 512mb onboard already
2 x 500gb hitachi deskstar hdd's
sunbeam acb9 acrylic green led pc case (12 green leds, with 5 80mm green led fans, and custom fan grills.)
19" tft
650tx corsair psu
onboard sound and networking

it works great, so far I haven't seen the cpu go over 8% you through stuff at it it gives you a blank look and shrugs, it took a virus scan, dreamweaver, word and a few web pages (chrome) at 8% for god's sake. Anyway i'm very pleased with it.

BUT it only lists one hdd in the my computer section and that is the drive that i installed windows on, I don't know if the other one is formatted or not, I would say not, the bios recognises both of them, but my computer displays only one, i have not used raid in any form. Whats the solution?

Thanks alot, bob.

A:New build completed, but second hdd not recognised by os?

you shoud try this :
On "My Computer" Icon right click it and click MANAGE, click on DIsk Management..you may find your C: drive as Disc 0. Then look if you find drives that is unallocated..if you find it, click on the on it, right click and format the drive and click ok..just wait to make a 100% and you should after that it is healthy and formatted and you should the other drives now..try this tnx

3 more replies

hi guys,

every single time I try to rename a folder the boring message "The action can't be completed because the folder or the file is in use" appears even if apparently neither the folder or a file in it is in use.

What I have to do is: Task Manager > Explorer.exe > End Process > File > New Task > Explorer.exe and I am able to rename the folder.

It is a really boring process and I find this process really stupid. The folders I am trying to rename are full of pictures, I think it is something related to the Thumbs files.

Anybody of you have the same issue? Any possible solution?

Thanks

OpenedFilesView - View opened/locked files in your system (sharing violation issues)
What file is opened by explorer.exe in that folder?

9 more replies

Trying to restart will not allow me to login, keeps telling me wrong pass word, (didn't think i had setone yet)think its microsoft thats causing the problem, it says i need a removeable media, what the hell is one ofthem. i'm already on line at home.     Can anyone help me please

A:New netbook setup not completed,

Hello, Thank you for posting in the HP Support forum. Is this re. Windows login ? You can't login to Windows? If yes, I have encounter such a problem once only but was with Win 8. Anyway - if this is a new computer you can revert the software back to factory default settings. Eventually you should create a local account (not login with Microsoft account). At the end, you can always migrate the local account to Microsoft account. If this is not re. Windows login, please provide back details.

1 more replies

My computer keeps getting stuck whenever I try to turn it on. It gets stuck on the page that says " Usn journal varification completed "

I can never get off this page and I haven't beed able to get on the computer in two weeks

Does anyone know how to fix it??

A:USN journal verification completed. STUCK >:(

Press F8 at bootup. In the Advanced Boot menu try Safe Mode. Then you can do a System Restore to a time before this happened. If this also fails, if you have an XP CD boot off of that and get to the Recovery Console here type chkdsk /R and press enter. Check Disk will test the integrity of the HDD and files. It may take a while.
If you don't have an XP CD on another computer, download the ISO image for Seatools in my signature. Burn the image to CD using IMGBurn also in my signature. Boot off of the newly created CD and run the quick and long test on the HDD. If either test fails, the HDD needs to be replaced.

1 more replies

------------------------------
REGEDIT4

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

A:Smitrem And Rogue Scan Completed... Still Need Help.

1 more replies

I have installed vista in safe mode when it restarted as finalization of installed then its not running. again Tried to install in safe mode. The message appeared " Windows did not completed installed, please restart . . . . I restarted , but it can not running windows, it hanged. please help me

A:Windows did not completed installation, please restart

Welcome to Vista Forums!

I must say you have me somewhat confused. I need your help clarifying the situation with more information and by answering some questions.

How exactly did you "install" Vista from safe mode? What exactly did you do (and what exactly are you trying to do and why are you trying to do it)? I don't quite understand the situation. Could you please explain in detail exactly what you are attempting, why you are attempting it, how you are attempting it, and the situation at the moment. What are you using to do the installation (a genuine Vista Installation CD, a Recovery Disk, a Recovery Partition, or what)? What method of installation are you using? What type of installation are you trying to do? Why are you trying to do it from Safe Mode (and can you get into safe mode now or are you unable to do so any longer)?

Thanks!

6 more replies

After the installation of Avast Antivirus, something like this appeared
What do I do??

A:Avast installation didn't completed

Quote: Originally Posted by Binish Joshi

After the installation of Avast Antivirus, something like this appeared
What do I do??

1.Click on "view setup logs" and take a pic of it and upload here
3.Have you had installed any antivirus before Avast?

1 more replies

I posted this in the previous thread in the networking section and was advised to follow the 5 step guide and post the logs in here.

This is the previous post and the logs.

I have had a read of the alot of forums including this one and noticed a few people having similar issues however no solid solutions have been offered.
Many claim the problem relates to malware but i see no evidence of that.

The Situation.
I have recently moved into a new place and have connected to a freedom plus cable internet account with Optus in Australia, They have supplied me with a wireless netgear cable modem (CG814Wg v3) and a Netgear Wireless USB adapter (WG111 v2) However I am currently connected to the modem with an Ethernet cable. To try and Diagnose my problem.

The Issue
Upon starting the computer all software has access to the internet without hitch however after a short period of time (Between 5mins and 30mins) All software will lose access to the internet. MSN messenger will say it cannot establish a conection, Mozilla FF will show a blank page with "Done" in the loading progress bar displayed, IE will say it can not access the webpage and games will stay at the connecting phase indefinetly. Windows will claim the connection is still active and pinging google via command prompt returns positive results with no loss. Repairing the connection does nothing, the only thing that allows me access again is to restart the computer. The same issue occurs regardless of wea... Read more

A:Completed the 5 step Logging Procedure Now after your help :)

During boot up this morning I opened device manager and ended the process tree on
Explorer.exe and then started it again. Since doing so I have not dropped out yet, However the net is still running rather slow.

3 more replies

Just installed new 48 speed burner--newly completed CD's when played on a multi disc STEREO, upon completion just stops and will not move automatically to play the next cd. I am using another writer (16 speed ) as a CD ROM and when cd's are made on that writer , it works correctly. Existing CD's move properly .

Speed works properly except that it only gives me options up to 40 speed even when I insert a 46 speed media-- that's not a big problem unless it relates to the above major problem---

I am using ROXIO 5 software on XP with 2.4 g cpu

Help would be greatly appreciated. Thanks Ralph

A:Completed burned CD Play PROBLEM

Make sure you set it up to close the disk.

It isn’t that unusual for the burner to analyze the CD and decide it shouldn’t be burned at the speed on the CD media box. It would be unusual if the media was Taiyo Yuden, Sony or Fuji, but not so for rebadgers who grab whatever is cheap like TDK, Imation, Maxell or a long list of discounted El Cheapos.

2 more replies

Hi Jason,

I have followed the steps outlined in the Malware Prep Guide. I was able to run both the DDS and GMER scans. The GMER scan completed with the message 'Warning, GMER has found system modification caused by ROOTKIT activity'.

FYI, I was unable to run Defogger - after downloading, received the message 'unable to open file'. I'm not exactly sure what disk emulation software is, but I am pretty sure that I have never intentionally loaded any.

I appreciate your time and support. One thing I have not found on the site is info on what this virus maybe doing while living on my machine. Is it safe to use IE? I'm avoiding important and high-risk things like banking and other financial transactions. Are there other risks?

Thanks again,

Jane

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jane at 17:39:04 on 2012-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.292 [GMT -4:00]
.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\install... Read more

A:Redirect Virus - scans completed

Original post was in 'Am I Infected' forum, dated 3/13, 9:46 am.

17 more replies

When I try to delete a few videos on my desktop it will not allow me by saying that they are use by another program. The other program has been uninstalled a little while back so I am not sure how to fix. I've checked several places and it's not on my computer any longer. How do I get this stuff deleted

A:The action can't be completed bec the folder/file is in use by another

Can you delete them after a reboot?

Can you delete them after a reboot into safe mode?

2 more replies

I am really liking the expanded "notifications" section of Windows 10. Is there anything out there that allows for you to get OS operation notification E.G. File copy completed notification, and so on. It looks like right now it is only based on if the installed app supports it. I do a ton of file copying and moving and it would be nice to get it popping up and dinging saying it has completed.

More replies

I ran the scan and will now try to send.

Thank You

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see the dds logs in order to help you.

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

2 more replies

Hi everyone. For the past three days I have been receiving this message that crawl could not be completed on content source <winrt://{S-1-5-21-3185794972-1365723474-11604058-1002}/>. Can someone please tell me what this mean and how to fix it.
Thank you
rcap50

More replies

I am using outlook 2003 with an exchange server. I use my task list as a todo list. When I mark something as complete I see it has a strike through. The next day I come to my computer and the item that I checked of and had a strike through is gone. Does any body know where this went? I would like to keep these items as a reminder for when I fill out my timesheet.

thanx

6 more replies

I have an Excel work book used to track purchase orders that are to be shipped and received. We have 4 sheets "To Be Received" "Received" To Be Shipped" "Shipped" What I want to be able to do is select an entire row and cut and paste it to the other sheet (ie. "To Be Shipped" sheet to "Shipped" sheet) I am having trouble getting it to work on active rows. Any help would be very much appreciated

A:Move a completed order from one worksheet to a second

nogdolan said:

I am having trouble getting it to work on active rows. Click to expand...

What trouble exactly? does the original row contain formulas?

1 more replies

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 4087 Mb
Graphics Card: ATI Radeon HD 4350, 512 Mb
Hard Drives: C: Total - 305142 MB, Free - 269645 MB; E: Total - 238472 MB, Free - 151405 MB;
Motherboard: Gigabyte Technology Co., Ltd., P55-USB3, x.x,
Antivirus: None

I am new user so please forgive if I do not do this well. Problem is in excel I have my formulas entered just fine (simple, like C5*D5). however if I change valu in C5, the correct value is not displayed immediately, not until I hit save. It would be great if someone could explain this. Thanks

A:excel- have to hit save to see operations completed

1st aid:
From menu select : Tools -> Options
Select Calculation tab
It should be set to Automatic, and I suspect yours is set to Manual.

HTH

Jimmy

3 more replies

How do I get game results after they are posted. In a close game, I don't even know who won!

A:EA Scrabble--don't get completed game info.

1 more replies

I completed Microbell's five step process. I am here because spybot found torpig but couldn't remove it. I could not update to SP1a or SP2, I received a set-up error noting it could not complete the install. Below is the main text file from dss with the extra text file attached. I am looking to clean out the torpig trojan and any other additional virus's. I would also appreciate any help on why I cannot update to SP1a or SP2
Deckard's System Scanner v20070426.43
Run by Unger's on 2007-05-17 at 22:58:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
68: 2007-05-18 03:58:32 UTC - RP383 - Deckard's System Scanner Restore Point
67: 2007-05-18 03:49:00 UTC - RP382 - Installed Windows XP Service Pack 1.
66: 2007-05-18 01:34:58 UTC - RP381 - Installed Windows Media Player 10 KB917734_WMP10.
65: 2007-05-18 01:33:23 UTC - RP380 - Installed Windows XP KB899587.
64: 2007-05-18 01:32:16 UTC - RP379 - Installed Windows XP KB924191.

-- First Restore Point --
1: 2007-02-17 12:38:29 UTC - RP316 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Unger's.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:02:22 PM, on 5/17/2007

A:Help with Torpig trojan, completed 5 step

Here is the info from the Panda log

Incident Status Location

7 more replies

I'm installing some adobe software, which, for some reason, requires chrome to close.

When I close chrome.exe, I get this error:

This only happens to the main chrome.exe process, not the browser, extensions, etc.

I've tried restarting my computer, but it runs at startup and I still can't stop it.

A:Chrome.exe force close could not be completed.

try

Force browser processes to close
If a tab, window, or extension is not working properly, you can use the task manager in either Chrome or Windows to force it to close. Chrome uses a "multiple processes architecture", which means its processes are designed to work independent of one another. So issues in one tab shouldn’t affect the performance of other tabs or the overall responsiveness of the browser.

In many ways, the task manager is like a hospital monitor: you can use it to track the performance of its internal processes. If the browser seems to be sluggish, open the task manager to find details about each active process and close the one that seems to be using up a lot of resources.

Click the Chrome menu on the browser toolbar.
Select Tools.
In the dialog that appears, select the process you want to close. You’ll find five types of processes listed:
Browser: This process manages all your open tabs and windows and monitors them for suspicious activity. Close this process if you want to force everything in the browser to end.
Renderers: Each of the tabs and apps listed represents a renderer process. Close a tab or app if it isn’t displaying properly.
Plug-ins: If a webpage uses a special process to display rich content on its page, the process, also known as a plug-in, will be listed. Common types of plug-ins include Flash, Quicktime, an... Read more

2 more replies

Just got this message no matter how many times I ran backup today.

I've run it every Sunday afternoon since June of 2012 and never got the message before.
edit: Backup encountered a problem while backing up file C:\Users\Joseph T. Adinolf\Contacts. ErrorThe system cannot find the file specified. (0x80070002))

Am I just wasting my time?

Using an external hard drive.

A:Backup completed but some files were skipped

Hello Joseph,

This error means that one or more folders that you selected to be included when you setup Windows Backup is no longer available to be backed up. Thus, it was skipped while backing up the others.

You can use step 4 in the tutorial below to "Change settings" in your Windows Backup to uncheck any included (checked) folders that have been deleted or moved.

Afterwards, you should stop getting this error.

Backup User and System Files

Hope this helps,
Shawn

6 more replies

I used to have two desktops A & B, they have internet sharing and printer sharing , they were working fine.

Desktop A XP Professional SP2 PC has got two printers (HP and Samsung) connected directly (USB cable), and Printer sharing is turned on .

I bought another Desktop to replace B, because B is an old PC.

From the Desktop B (XP Professional SP2), when attempting to chose the option :
A network printer, or a printer attached to another computer Click to expand...

, to add a shared printer , I can browse and see the printers name (hp and Samsung), however, when I attempt to
connect both of them, I get the following error:
cannot connect to the printer operation could not be completed errorClick to expand...

Do I need to have admin account with their passwords on both Desktop to be able to share the printers ?

I have seen this, but I could not find as solution to my case.

http://forums.techguy.org/windows-vista/525885-cannot-connect-printer-operation-could-2.html

A:Cannot connect to the printer operation could not be completed

Both PCs have XP prof SP2, and both of them on the same workgroup name (MSHOME).

There are no firewalls running on both PCs

1 more replies

Hi All,

I am in the process of repairing a clients Win7 Home Premium SP1 PC, initial complaint "PC hangs on windows boot screen". After confirming not boot I was able to boot to safe mode and reviewed the error logs. With nothing jumping out immediately as a problem I began to suspect malware and began a run of malwarebytes which hung halfway through requiring a hard reboot.

Following hard reboot it would now not boot at all. Running a pre-startup drive scan found a faulty data HDD, removed and was able to boot only to "last known good config". Once booted I noticed three separate AV's installed and removed the free versions and rebooted. PC still was chugging along and look at running processes revealed Bit Defender AV pegging CPU at 100% with nothing apparent running. Uninstalled Bit Defender and several apps that were clearly adware that had been installed.

After another reboot began a sweep with CCleaner for good measure an app popped up an installer that force installed "Free Ride Games". After several attempts was able to uninstall using Revo, however malware not clearly suspected. Thus I downloaded Combofix and began run. It has not been stuck at "Completed step_50" for about 2 hours. I can hear (and see) continue drive activity and I am unclear if i should simply let it continue or stop Combofix and try an alternate route pending input and instructs from the talented BleepingComputer Community/Folks?!

A:Combofix Stuck At "Completed Stage_50"

I would wait as you know stopping combofix can damage the machine more. if the HDD indicator is flashing its probobly still working its majic. I had one machine that hung for over an hour but never as long as two hours so that is slightly concerning. With all the issues you mentioned in your post i would probobly consider rebuilding the machine if combofix fails.

1 more replies