any suggestions?
Infection Popup At Bootup [Solved]
Started by
rshaffer61
, Mar 12 2009 07:17 AM
#16
Posted 13 March 2009 - 01:27 PM
any suggestions?
#18
Posted 13 March 2009 - 01:47 PM
Here u go. it's on mediafire. The link is
http://www.mediafire...04e75f6e8ebb871
Also I right clicked on autoexec.bat>>>edit.... empty
http://www.mediafire...04e75f6e8ebb871
Also I right clicked on autoexec.bat>>>edit.... empty
#19
Posted 13 March 2009 - 02:49 PM
OK that is the normal windows folder. I have so far tried every trick that I could find - but there must be a solution somewhere, it is just a matter of finding it
I will continue my search
I will continue my search
#20
Posted 13 March 2009 - 02:56 PM
ok thank you. I will wait for your reply
#21
Posted 13 March 2009 - 03:00 PM
OK another thought could you locate the following file and copy/paste the contents again right click and select edit
c:\windows\system.ini
c:\windows\system.ini
#22
Posted 13 March 2009 - 03:09 PM
ok here is my system.ini file. I just opened with notepad and copied and pasted here
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[NotBoosted]
Dummy.Dummy=1
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[NotBoosted]
Dummy.Dummy=1
#23
Posted 13 March 2009 - 03:31 PM
Another one to try
In the explorer window, go to Tools / Options / View tab / uncheck Restore previous folder windows at logon.
In the explorer window, go to Tools / Options / View tab / uncheck Restore previous folder windows at logon.
#24
Posted 13 March 2009 - 03:55 PM
It's already unchecked
#25
Posted 13 March 2009 - 04:38 PM
Not sure if this will show you anything but I did a rooter log. Not sure but there seems to be a couple of strange process's in the first couple of lines. The ones that have ?? at the beginning of them. The ftp stuff I have deleted so it doesn't exist on my system now. I took this scan about 5 1\2 hours ago
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:78520 Mo/Free:3509 Mo)
D:\ [Fixed] - NTFS - (Total:78528 Mo/Free:475 Mo)
E:\ [Fixed] - NTFS - (Total:238472 Mo/Free:3878 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Thu 03/12/2009|12:13
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
---------- C:\Program Files\Google\Quick Search Box\qsb.exe
---------- C:\IObit\Advanced SystemCare 3\AWC.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
---------- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
---------- C:\ICQ\ICQ.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Mozilla Firefox\firefox.exe
---------- C:\Winamp\winamp.exe
---------- C:\Documents and Settings\Elvis\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Elvis\Recent\BulletProof FTP Client & Server v2.4.3 (inc crack & upgrade).rar.lnk
C:\DOCUME~1\Elvis\Recent\BulletProof.FTP.Client.v2.59.0.51.Incl.Keygen.WinAll-BRD.rar.lnk
C:\DOCUME~1\Elvis\Recent\keygen.rar.lnk
1 - "C:\Rooter$\Rooter_1.txt" - Thu 03/12/2009|12:12
2 - "C:\Rooter$\Rooter_2.txt" - Thu 03/12/2009|12:13
----------------------\\ Scan completed at 12:13
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:78520 Mo/Free:3509 Mo)
D:\ [Fixed] - NTFS - (Total:78528 Mo/Free:475 Mo)
E:\ [Fixed] - NTFS - (Total:238472 Mo/Free:3878 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Thu 03/12/2009|12:13
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
---------- C:\Program Files\Google\Quick Search Box\qsb.exe
---------- C:\IObit\Advanced SystemCare 3\AWC.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
---------- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
---------- C:\ICQ\ICQ.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Mozilla Firefox\firefox.exe
---------- C:\Winamp\winamp.exe
---------- C:\Documents and Settings\Elvis\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Elvis\Recent\BulletProof FTP Client & Server v2.4.3 (inc crack & upgrade).rar.lnk
C:\DOCUME~1\Elvis\Recent\BulletProof.FTP.Client.v2.59.0.51.Incl.Keygen.WinAll-BRD.rar.lnk
C:\DOCUME~1\Elvis\Recent\keygen.rar.lnk
1 - "C:\Rooter$\Rooter_1.txt" - Thu 03/12/2009|12:12
2 - "C:\Rooter$\Rooter_2.txt" - Thu 03/12/2009|12:13
----------------------\\ Scan completed at 12:13
#26
Posted 13 March 2009 - 04:59 PM
No they are legitimate - and you can see where the infections come from
#27
Posted 13 March 2009 - 05:27 PM
Yes I can see that also. Just wondering why its not showing up what it changed to cause the popup when windows bootsup. I'm investigating on my side also but not having much luck. Everything says its a registry problem but I can't find anything in the registry where its saying to look. Hopefully you can have better luck then I am.
#28
Posted 14 March 2009 - 06:41 AM
I think I will have to send you back to the real experts here as I have reached the limit of my system knowledge. But, you are now free of malware. If you post back in your original thread and let them know that we have looked at the usual registry areas for this error and have been unable to resolve it then they may have a better idea of where to go from here. I have found a fix for the system32 popup on Kellys Korner No 260 right but that is cured now I believe
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Please download JavaRa to your desktop and unzip it to its own folder
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
- Select Start > All Programs > Accessories > System tools > System Restore.
- On the dialogue box that appears select Create a Restore Point
- Click NEXT
- Enter a name e.g. Clean
- Click CREATE
- Select Start > All Programs > Accessories > System tools > Disk Cleanup.
- In the Drop down box that appears select your main drive e.g. C
- Click OK
- The System will do some calculation and the display a dialogue box with TABS
- Select the More Options Tab.
- At the bottom will be a system restore box with a CLEANUP button click this
- Accept the Warning and select OK again, the program will close and you are done
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SuperAntispyware Run weekly to keep your system clean
To keep your operating system up to date visit
- Secunia Software inspector To check your programme update status
- Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#29
Posted 14 March 2009 - 06:48 AM
Ok I have created new system restor.
I have newest java
I started superantispyware
I have avast running also
I wanted to thank you again for all your help. I do recommend Geekstogo.com to all my friends and I especially tell everyone how helpful you have been and your patience and knowledge of fixing infections in my system. Thank you so much and have a great day.
Ron
I have newest java
I started superantispyware
I have avast running also
I wanted to thank you again for all your help. I do recommend Geekstogo.com to all my friends and I especially tell everyone how helpful you have been and your patience and knowledge of fixing infections in my system. Thank you so much and have a great day.
Ron
#30
Posted 14 March 2009 - 07:17 AM
Cheers Ron my pleasure
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users