Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Alert System Tray, Task Manager Disabled, Registry Editing Disab


  • This topic is locked This topic is locked

#16
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I feel really dumb Mike. U asked about my other thread if that was the same tower. Due to my brain issues, yes that was actually the same tower that I could not reinstall microsoft windows on again. Nor could I reformat, I will msg 123runner and let him/her know and apologize since all I did was switch the dvd writer and harddrive from other pc to this one.

It would load the necessary drivers, but as soon as it would try to load "setup for windows" that is when it would auto restart.

here is the log u asked about though.

Here is the last HiJack Log that you also had asked for...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:24, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://notoriousguk....ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4972 bytes


I noticed I believe two instances of Nod/Eset each with "no file", that I was sure I could fix but wasn't going to touch anything before i posted.

Going for my physio now, will post the other log when I return.

Tanx.

Attached Files


Edited by MossGeek, 05 August 2008 - 08:28 AM.

  • 0

Advertisements


#17
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

I'll wait on the Online scan results :) I think you may have misunderstood about ComboFix - I would like to see what this file says C:\qoobox\combofix.txt

So browse to that file, through windows explorer (windows key + R) and open it up and post the contents here :)
  • 0

#18
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry about that Mike, I will search for that file. I didn't see that exact one when I was looking earlier, perhaps I missed it.

I tried the online scanner and just like the other one, it started and I left it so it could do its job and next thing I know I come back and its in a never ending loop.

Starting to think that some of the hardware isn't all that great working.

I notice it gets quite warm right around the spot of the video card.
  • 0

#19
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
OK, we will leave the online scan then - just get me this log! C:\qoobox\combofix.txt

I'll wait on your reply :)
  • 0

#20
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
There is no such file by that name, here all are the logs....txt files in that folder in fact...

The scanlogl.txt 11.25kb i believe is the latest or last combofix log that i have

not sure if i have uploaded that one or not, not sure if that is the one u were asking about...


but no Combofixlog.txt in C:\Qoobox

Attached Files


Edited by Mike, 06 August 2008 - 01:19 PM.

  • 0

#21
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there, I edited your post to get rid of some of the attached files - you got the right one though, the name isn't what I expected it to be.. Sorry for putting you on a wild goose chase.

I'll post back soon with instructions.
  • 0

#22
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

You can fix these lines with Hijack this.
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)


Did you install Mypops and MSTpscre? If not, uninstall them and delete these two folders:

C:\Program Files\Mypops
C:\Program Files\MSTpscre

Post back with a new Hijack This log please, also tell me of any problems you are still having, describe it a bit so I can determine whether it may be a hardware issue :)
  • 0

#23
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Yes that Was me that installed those programs. They are uninstalled now.

Seems that after i ran the hijack this log, and fixed those Eset Instances, my puter did the looping retart magic act for the next little while after restarting.

So I gave the computer, and myself a little time before logging back in figuring since it worked before it might again. And so it did.

here is the newest HiJack Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://notoriousguk....ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5208 bytes



Seems even though I checked Fix Check on both...

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

they are wanting to show themselves continually...
should i manually go into the registry and delete everything of Eset? Is that wise? It is what I would do in the past, but now i'm wondering if that is where I would go wrong, or if there is just an easier way? I don't mind the registry it has been a friend to me for a while now...
  • 0

#24
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Do it like this - messing with the registry is extremely dangerous and we have an easier way :)

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following

@ECHO off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn
del %0


In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat.

Other than that your logs look clean to me, the rest I believe is hardware related, but I want to make sure so let's get one last scan in.

Please download OTScanIt.exe to your Desktop.
Double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close all other programs.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
  • (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the file in your next post, do not try to copy/paste it into the post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#25
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok here is the OTScan it Log...



Attached File  OTScanIt.Txt   241.3KB   111 downloads



Attached File  OTScanIt.Txt   241.3KB   111 downloads
  • 0

Advertisements


#26
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Still nothing apparent.

Did you uninstall NOD32, the drivers are still running...

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Driver Services - Non-Microsoft Only]
YY -> (eamon) eamon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\eamon.sys
YY -> (easdrv) easdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\easdrv.sys
[Registry - Non-Microsoft Only]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 997 domain(s) found.
YN ->   .[msn] -> My Computer
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found.
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{57E91B47-F40A-11D1-B792-444553540011} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &ICQ Toolbar Search -> Reg Error: Value  does not exist or could not be read.
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.]
YN -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Tell me how it goes :)
  • 0

#27
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, I ran OTSCANIT,

copied and pasted the code where it says to paste the fix here... And clicked on Run Fix...

It ran for approximately 2-4 minutes and then i heard a funny sound coming from the computer, and auto restarted into a loop. Had to give it 15 mins standby time otherwise would just start and restart into loop.


Waited the 15 tried it again, and same results.

Seems someones been on the computer since I was before this too...
under Other Devices on my Device Manager

I have 3 question marks...
1. Multimedia Audio Controller...I don't know exact sound blaster version it is , so i'm gonna need to find the serial number off the card
2. Multimedia Audio Controller
3. PCI Input Device, which i thought was mouse but it works just fine...awkward...

I know the above comments go on another forum thread, I thought I would just mention it....
  • 0

#28
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

There was nothing in the above fix that was malicious, it was more of a cleanup - from your last statements I've gotta say that I believe it is hardware related.

The only thing that should go are those two drivers from NOD32, since they are still present I believe it didn't uninstall properly or you've done something in the while.

So from the malware side of things you look clean to me! Try following up in the OS forums/Hardware Forums for your other problems :)

Click START then RUN
Now type Combofix /u in the runbox and click OK
Posted Image
Notice the space between the x and / -- That needs to be there.

&

Now please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer.

MBAM will need to be uninstalled separately through add or remove programs.



Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to avoid downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#29
MossGeek

MossGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I uninstalled through Control Panel ...add/remove programs...

I haven't reinstalled it if that is what ur wondering...system seems to be working fine now....


used OTClean it to finish up and remove all the programs, sort of like the mbam, is fine to keep this one?

Sorry i know, more questions haha....

I always use firefox instead of ie, perhaps I will take a look at Opera as well.

Other than that, good to go ...

btw, thanks again Mike, helped me big time~
  • 0

#30
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
MBAM is a great tool to have, there is no harm in keeping it.

Glad to hear everything is OK :)

Take care and have a great day still!

Mike
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP