Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan win32genericBT,downloader3.10443,startpage.1505,winlock3251


  • Please log in to reply

#16
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I am in work on the 2 new logs you need. A few questions first.
1) Do you have any idea what is causing the long delay in shutting down?
2) Upon start up, I'm still getting the black screen that asks which item I want to start - it came from the check you asked to look for hidden partitions. How can I go back to a normal start up?
3) You asked for info on my computer. It's an HP Pavilion, 775e, with XP, 2GB RAM, 2GHz AMD chip.
4) As for different drives you asked about, C=main drive, D=extra drive I installed, E=HP recovery drive.

Will get those logs to you asap. Thanks. Eric
  • 0

Advertisements


#17
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Note:When doing the Procexp check, several programs would move in and out of the top spots. Especially adaware and chrome. So, I don't know how accurate this log is since it probably shows the computer at one specific second and not some kind of average over say one minute.

Thanks again. Eric

Attached Files


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Are you talking about the black screen that asks you if you want

Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
Microsoft Windows XP Home Edition

That's just the recovery console it was added by Combofix. Let's leave it until we are done. It's easier to fix things if something goes wrong if the recovery console is there.
(You can go Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from 10 to 2 seconds. OK which will speed up the boot a bit)

Do you know what this is?

[2011/08/30 04:29:43 | 000,004,244 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_D7218W-ABA 775E_YC_Pavi_QMXP325_E32NAheBLU3 _4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.07_T030421_WXH1_L409_M1984_J80_7AMD_8Athlon XP 2400+_92_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE01F0.MRK

Seems a ridiculously long name and .mrk extensions have something to do with photos and don't belong in the C:\Windows\System32\Drivers\



Speccy says your CPU is running at 57 C. That's way too hot for a desktop. (35 is normal) Shut it down, leave it plugged up, open the case and use a vacuum cleaner hose and a small soft brush to clean the dust out. Pay special attention to the heat sink on the CPU. You may need to remove the fan (usually four screws and you can set it aside). Also look at the air intake for the power supply. Turn on the PC and watch the CPU fan. It should get up to speed very quickly and should not make a lot of noise. If you stop it momentarily with the eraser end of a pencil it should start back up immediately. IF not you will need a new fan. You can use speccy to check the temp. On its main page when running it shows the temp of the CPU.

Are you able to get on the internet?


For your slow shutdown:

Start, Run, msconfig, OK

Under Startup, uncheck everything and Apply. Under Services check Hide Microsoft Services then uncheck everything and apply. Reboot. Cancel the msconfig window when it comes up. Shut it down and see how long it takes to shut off. If it improves considerably then one of the things you turned off is slowing you down. It's tedious but you can isolate it by going into MSCONFIG again and checking half of the items you unchecked then Apply. Reboot. Shutdown and if it slows down one of the items you checked was the culprit. If not check half the remaining items and try again. Each time you reboot, run Process Explorer and check this line:

Interrupts n/a 1.56 0 K 0 K Hardware Interrupts and DPCs

Does the 1.56 go down below 1 when everything is unchecked? What makes it jump to 1.56?

Ron
  • 0

#19
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
1) Recovery console, yes I referring to that screen, so I'll leave it be until we finish with this.
2) That really long "key" you asked me about, according to some words there, it sounds like it could be related to the computer itself as it mentions HP, Pavilion, Athon, AMD, 2400+. But I really have no idea what it is.
3) As for the temp, last year I did a really thorough cleaning and even lubricated the main fan. But, I went ahead and cleaned everything again - no lube though, and all 3 of the fans started immediately with no problems. So I have no idea what could be making it run so hot. Old maybe? The computer is kept in a AC room that stays about 75F. It is never in direct sun. It has about 6" of space all around all sides and is not anywhere near anything that also gives off heat (ie, outside wall, other appliance, etc.) Do you have any other ideas?
4) I ran the msconfig you mentioned. Within about 10min, I finished. The computer is back to normal with the shut down screen popping up immediately and the computer shuts down in a normal time. I actually did not run the Process Expl as you suggested and I did not turn on everything until I found the culprit. I finally left unchecked only 4 programs that I know I never use and shouldn't have been checked in the first place. So far, the speed is back to normal. Thanks.
I did run the Process Expl after I turned back on everything except those 4 unneeded items and the interrupts line you mentioned was still at 1.56.
5) Yes, I can connect to the internet, but with some problems including what's below...
6) So, I'm now curious as to my original problems which you can see in the first entry. To recap, they are:
A) Windows updates will not update
B) IE will not install (I connect with Chrome at the moment, but don't like it)
C) I get messages saying that without IE, I cannot manually update the computer from the windows web site.
D) Nothing from Windows office will work, word, excel, etc.
E) WMP, windows media player, will not install
F) I don't know when to reinstall SP3 (SP2 is currently installed)

Note1: ALL of the above worked perfectly up until 2 weeks ago when windows wouldn't start up and I had to do a system recovery. I had IE8, SP3, WMP, all MS Office, and updates happened automatically.

Note2: In my original post, I mentioned that Int Options was not in the control panel. It has reappeared as of about 1.5 weeks ago.

Note3: I have not tried to reinstall or work on anything from the above list A-F since you started helping me.

Do you now know what caused the above mentioned problems or how to fix them?

Thanks again for all your time with is. Also, fyi, on late Monday night, I'll be leaving on a 3 week trip. Since this is my desktop, it obviously will not be coming with. If the problems are not fixed before I leave, then I'll contact you when I return. I want to reiterate that I do not have anyone else to help me and will still your help when I return. I apologize for this as I'm sure its a problem to revisit an old case after 3 weeks of getting cold.
Eric

Edited by luminix, 11 September 2011 - 08:29 AM.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Some computers are built with a thermal pad between the CPU and the heatsink. This makes it quicker to install but over time the pad dries out and things start running hot. The fix is to remove the heat sink, remove the pad, clean heat sink and CPU surfaces and then put a thin layer of Arctic Silver between them. See:
http://www.arcticsil...om/methods.html Probably wouldn't hurt to replace the fan first as it is a simpler operation and fans are cheap.

I've also seen systems which had a separate video card overheat because of the fan failing on the video card. Apparently the fan is not easily seen on some cards as it is inside a shroud.

What were the 4 programs that were slowing things down? Is it perhaps running cooler now that they are gone?

Speccy did not think much of your Internet connection. Said there was an internal error in wininit. See if the following help:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

ipconfig /flushdns

netsh  winsock  reset  catalog

netsh  int  ip reset  reset.log


(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:

Download, Save and Run WinsockXPFix
http://majorgeeks.co...f302c260093894b

Reboot and test. If it still doesn't work:

Try SmitFraudFix from:

http://www.bleepingc...mitfraudfix.php

It will check some of your critical files and replace them if necessary. Haven't used in in several years but as far as I know it still works.

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test.

For your updates:

Start, Run, cmd, OK then type:

net  start  >  \junk.txt

notepad  \junk.txt




Ron
  • 0

#21
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for replying on Sunday. If you're still on, maybe you can answer a question.

You gave instructions for the "internet connection" and how to fix it, mentioning wininit. You say that I should reboot and if it doesn't "fix it", then try the other solutions. I don't understand what I'm trying to fix or how I'm supposed to check if it is fixed. My internet connection is, as far as know, ok. So, what am I checking and how to I check it.

I did a little searching for the wininit. Here are 2 posts I found. What do you think of them? (Of course, I'm running Xp andnot Vista)
---------------------------------
Running Vista:
WinInit.exe is a system critical process, even though some malware scanners identify it as a bad apple. This file should exist in C:\Windows\system32 (or more accurately - %windir%\system32)

Details (Windows Vista Home Premium) as of Today:

File Description: Windows Start-Up Application
File Version: 6.0.6000.16386
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E

Pre-Vista Windows:
Trust your AntiMalware Software.

Anyone with other versions of Windows... see if your wininit.exe is the same (I'm assuming they all are, but if it's different... please post the version of Vista and the MD5 Hash... Thanks.

---------------------------------------
The bymer uses the wininit.exe file to play with your computer. There is a legitimate wininit.exe in the windows folder but if there is a wininit.exe in the windows/system folder then you have the virus. If you delete the wininit.exe in the windows folder your computer WILL NOT BOOT.

----------------------------------------
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
You can check speccy to see if it worked. At the bottom of the file you created for me with speccy there is currently a section that says:

"Network
You are not connected to the internet
Computer Name
NetBIOS Name YOUR-RVLNHR6V8D
DNS Name your-rvlnhr6v8d
Domain Name YOUR-RVLNHR6V8D
Remote Desktop
Console
State Active
Domain YOUR-RVLNHR6V8D
WinInet Info
An internal error occurred.
Wi-Fi Info
Wi-Fi not enabled
..."

This is not normal.

Wininet is a critical file used by IE. We are actually talking about wininet.dll not .exe. Chrome may not use it. Don't know much about Chrome.

Ron

PS I'm retired. Every day is Sunday.
  • 0

#23
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for the quick reply again. Especially being, uh-hem, Sunday.

Your explanation helps a lot. The answer is that I routinly disconnect the inet from my desktop to use my laptop. Especially when I'm running virus checks, or other programs, as I feel my computer may still be vulnerable without the updates and SP3. I do not have wireless router so I have to physically unplus the inet cable to plug in my laptop. How does that answer the problem? Should it read something different even though its unplugged from the inet?

I haven't tried your fix for the updates you wrote about. I've been waiting on the answer for the inet connection fix first. So now, should I go ahead and try to fix the windows update? As I understand it, I need to install IE 7 or 8 before i can download all the updates. Is this true? Also, you mentioned that the wininet file is critical for IE, which is precisely one of my worst problems at the moment. 2 weeks ago, when I tried to install the updates, it told me I needed IE. Then when I tried to install IE, it DL ok, went through the installation process, but then at the very end, told me it was unnsuccesful. I'll wait for your answer before proceeding as I'm still not sure which problem I should try to fix first. DL IE and install again, or use your instructions to fix the updates problem.


Thanks again for the fast reply. Eric

PS - Ill comment on the temperture and shut down problem later. Those are turning into to being perhaps more complicated than I thought. But, since they are most likely seperate from the above problems, I'd prefer to fix the above problems first and then turn my attention to the temp and shut down issues.

Edited by luminix, 12 September 2011 - 06:12 AM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Plug up the computer to the internet and run speccy again then generate a report as before but don't post the whole thing. Open it up and find the section on Network near the bottom and copy and paste that. Then I can see what is going on.

Pleases do the net start thing so I can see what is going wrong with your automatic updates.


Microsoft lost a court battle and you shouldn't need IE to download specific updates any more. You should be able to download SP3 from Microsoft.
First you need the AMD patch
http://www.microsoft...ang=en&id=23751
Then Sp3
http://www.microsoft...ails.aspx?id=24

Ron
  • 0

#25
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Here's the cmd report you asked for wrt the updates.

Here's the speccy report2 now connected to the net.
Network
You are connected to the internet
Connected through NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
IP Address 222.125.112.192
Subnet mask 255.255.248.0
Gateway server 222.125.112.1
Preferred DNS server 211.148.192.141
Alternate DNS server 211.148.192.151
DHCP Enabled
DHCP server 192.168.222.107
External IP Address 222.125.112.192
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name YOUR-RVLNHR6V8D
DNS Name your-rvlnhr6v8d
Domain Name YOUR-RVLNHR6V8D
Remote Desktop
Console
State Active
Domain YOUR-RVLNHR6V8D
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
IP Address 222.125.112.192
Subnet mask 255.255.248.0
Gateway server 222.125.112.1
Network Shares
No network shares

Attached Files


  • 0

Advertisements


#26
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Update:
I went ahead and tried DL IE7 again. I went to:
http://www.microsoft...tion.aspx?id=2.
It DL'ed and installed with the following message:
"setup was unable to install the latest windows inernet explorer updates. After you restart your computer, open internet explorer, click the tools button, and click windows update."

I rebooted, launched and ran windows update. Currently, IE7 launched and is on the update page.
Interesting note however, after installing IE7, "Internet Options" has disappeared once again from control panel.

If the computer will update everything, then that problem will have been solved. I still need to get SP3 (thanks for the instructions), but I also would like to upgrade to IE8 or IE9. Do I need to get SP3 before getting either of those? Do you know why Int Opts is appearing and disappearing?

Eric
  • 0

#27
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Update 2:
After DLing those updates, I rebooted. Upon restart, the auto update icon popped up in the task panel, yellow shield, and said it had found 1 update I needed so it's DLing right now.

However, the bad news is that I also tried to launch IE and it wouldn't. I just get the little hourglass for about 1-2seconds and it disappears. There is defintely something wrong still. In my previous update, I never actually launched IE. I launched control panel checking for IntOpt (which is still disappeared), and on the left, there is a link that says windows update. I clicked that and THEN IE launched directly to the windows update site and began checking for updates.

What do you make of all this? Thanks. Eric
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
The network looks OK now so we can forget the wininet stuff.

net start says BITS isn't running.

Start, Run, services.msc , OK then find Background Intelligent Transfer Service (BITS) and right click. Select Properties. If the Startup Type: does not say Automatic then change it to Automatic and Apply. Try to START the service. Do you get an error message? What does it say?

I'm not sure why the Internet Options icon disappeared from Control Panel. It looks like the same thing you get if you run IE and do Tools, Internet Options. Does that work?

Ron
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
If you right click on the IE icon on your desktop and select Properties does that work? It should be the same stuff as Internet Options.

Also try starting IE without add-ons. Right click on the IE Icon and select: Start without Add-ons Does that work?
  • 0

#30
luminix

luminix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
BITS was in fact on manual. So I changed to auto. Clicked apply. It successfully changed to automatic but nothing else happened. It said that it was already running so only "STOP" was available to click. i just clicked ok and it closed.

right clicking IE icon doesn't show "start without add-ons". I know, its weird, but it's not there. Clicking properties opens the property box, but its nothing like Int Options. IE is still not launching.

The machine is currently installing some update, so I can't reboot yet. It must have been a big update. Its been DLing and installing for almost an hour.

Edited by luminix, 12 September 2011 - 10:28 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP