Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Locked up Video Resolution

Started by kneigh , Jun 02 2005 10:47 AM

  • This topic is locked This topic is locked

#1
kneigh
Posted 02 June 2005 - 10:47 AM

kneigh

    New Member

  • Member
  • Pip
  • 8 posts
I'm working on an older Dell Computer L700 CX w/Celeron processor running Windows ME that belongs to my barber. She informed me that all was well until she downloaded a program called "Error Guard", apparently from a pop-up she received. (First Mistake :tazz: )

Since that time, her monitor will only display in the lowest resolution, 640 x 480, the same as "SAFE MODE", and she could no longer connect to the internet. Plus, her system slowed down considerably, which is saying something for an old system. She uninstalled "Error Guard", but the problems persisted. She also tried to run System Restore but if failed.

After trying to correct the problems at her house, I ended up bringing the computer to my house and hooking it up to an extra monitor, mouse and keyboard I have. Same problems, ruling out her monitor. Eventually, with the help of a "connecting to the Internet" guru friend, we got connected to the Internet. Apparently, the TCP/IP parameters got corrupted. Still, VERY slow speeds both on the computer and the Internet.

I have gone into msconfig and unchecked all but a few important Startup processes.

I have disabled "System Restore", but, of course, I cannot delete the folder
C:\_RESTORE\TEMP\, which contains some of the items in the log file.

I have scanned her registry for "ErrorGuard", and the only references to it refer to Epson printers, which she has. I assume these to be a valid registry entries.

I have run a clean Norton Anti-Virus system scan and Norton SystemWorks 2005 various utilities, as well as Ad-Aware and SpyBot. I also was able to install Webroots' "Spy Sweeper", and it found additional goodies. I attempted to run Panda Softwares' "ActiveScan" on line, but it was just so slow it eventually locked up everything.

The first time I ran the Malware programs, they found lots of goodies, as it was the first time they'd been run on the computer.

Since that time, SpyBot has returned a clean report, both in "Safe Mode" and "Normal Mode".

Here is the Ad-Aware log file verbatim. I copied the log file from the bad system and pasted it to this e-mail on my system, as the processing speed of the "infected" system is terrible. Plus, I have cable modem on my system, and there is no facility on the bad system for same.


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, June 02, 2005 11:23:42 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-2-2005 11:17:06 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


6-2-2005 11:19:44 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:129292 kb
Available physical memory:2712 kb
Total page file size:1967856 kb
Available on page file:1773812 kb
Total virtual memory:2093056 kb
Available virtual memory:2044800 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


6-2-2005 11:23:42 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279205097
Threads : 6
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294916617
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294939045
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294855761
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [CCEVTMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 4294853533
Threads : 14
Priority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:6 [CCSETMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 4294863481
Threads : 5
Priority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:7 [SYMTRAY.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\SymTray.exe" "Norton SystemWorks
ProcessID : 4294839717
Threads : 1
Priority : Normal
FileVersion : 2005.8.15
ProductVersion : 2005.8.15
ProductName : Norton SystemWorks
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
LegalCopyright : Copyright © 1997-2005 Symantec Corporation
OriginalFilename : SymTray.exe

#:8 [NPFMNTOR.EXE]
ModuleName : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
Command Line : "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"
ProcessID : 4294847845
Threads : 3
Priority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:9 [NPROTECT.EXE]
ModuleName : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
Command Line : "C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe"
ProcessID : 4294886745
Threads : 3
Priority : Normal
FileVersion : 18.0.3.11
ProductVersion : 18.0.3.11
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2005 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:10 [AOLTSMON.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 4294901437
Threads : 5
Priority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:11 [AOLTPSPD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\WINDOWS\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H4294901437
ProcessID : 4294783625
Threads : 3
Priority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:12 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294721529
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:13 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294953213
Threads : 22
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:14 [CCAPP.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 4294666969
Threads : 36
Priority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:15 [SYMLCSVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
ProcessID : 4294648377
Threads : 1
Priority : Normal
FileVersion : 1, 8, 54, 534
ProductVersion : 1, 8, 54, 534
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:16 [SPYSWEEPER.EXE]
ModuleName : C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
ProcessID : 4294678681
Threads : 7
Priority : Normal
FileVersion : 3.5.0.199
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:17 [WAOL.EXE]
ModuleName : C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
Command Line : "C:\PROGRAM FILES\AMERICA ONLINE 9.0\waol.exe" -b
ProcessID : 4294580565
Threads : 7
Priority : Idle


#:18 [SNDSRVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
Command Line : "C:\PROGRA~1\COMMON~1\SYMANT~1\SndSrvc.exe"
ProcessID : 4294480885
Threads : 7
Priority : Normal
FileVersion : 5.4.2.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:19 [AOLACSD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
ProcessID : 4294410881
Threads : 5
Priority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:20 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294319973
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:21 [SHELLMON.EXE]
ModuleName : C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
Command Line : "C:\PROGRAM FILES\AMERICA ONLINE 9.0\shellmon.exe"
ProcessID : 4294298937
Threads : 1
Priority : Normal


#:22 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE -Embedding
ProcessID : 4294216793
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:23 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4294050269
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:24 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4294175501
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:25 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294065937
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected]@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]@atdmt.com/
Expires : 5-31-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : File
Data : A0004348.1
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.4.1
ProductVersion : 6.0.4.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GMT.exe


SecondThought Object Recognized!
Type : File
Data : A0004461.1
TAC Rating : 4
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 8.0.7.2
ProductVersion : 8.0.7.2
ProductName : Loader
FileDescription : Loader
InternalName : loader
LegalCopyright : Copyright © 2003
OriginalFilename : loader.exe


Lop Object Recognized!
Type : File
Data : A0008198.0
TAC Rating : 7
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



Lop Object Recognized!
Type : File
Data : A0008199.0
TAC Rating : 7
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected]@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected]@atdmt[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SecondThought Object Recognized!
Type : Folder
TAC Rating : 4
Category : Malware
Comment : SecondThought
Object : c:\\temporary

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 7

11:55:49 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:32:06.780
Objects scanned:118243
Objects identified:7
Objects ignored:0
New critical objects:7


End of Log File.

Ad-Aware reports that I have 1 folder in C:\\temporary (and, yes, Ad-Aware shows two \\. A Second Thought folder, so it says. I went to C drive, and there is no C:\\temporary folder. I've already deleted all files in the various Temp and Temporary folders. And, yes, I have checked the parameter to display all hidden folders. Of course, System Restore will not run, and, she is correct, this is one slow system, even for a Celeron 700.

Also, when running Ad-Aware, what I would call "The Phony Norton Error Messages" popped up, saying that such and such had been removed, and it was now safe to run the computer. They have reappeared each time I run Ad-Aware. I've seen these screens on other computers I was cleaning up, and I believe they come from this ErrorGuard program.

I call them "Phony" because they look like no other Norton messages I've ever seen. The top line on the message says "Norton AntiVirus" and the line's blue. Then, in a large green line, there is an icon to the left showing a computer with a monitor in front, and, in Big, Bold Letters "Repair Successful". Then, below that, it says "Norton Anti-Virus has successfully removed the problem. Click "Finish" to resume using your computer".

Again, this occurs each time I run Ad-Aware, and it occurs twice each time. It reported the following two files the last time I ran Ad-Aware:

C:\Windows\Temp\AAWTMP\C2345997\3C344D\A0010921.CPY
C:\Windows\Temp\AAWTMP\C2345997\22CD5A\A0011020.CPY

In prior runs of Ad-Aware, the only variations have been in the folder names of the two folders immediately before the file name.

Normally, I'm pretty good at finding problems, but this has me baffled. I'm wondering if it's a hardware failure that just happened to coincide with her installation of "Error Guard"?, although I suspect it is Malware.

I've suggested to her that she get a new computer, but she said she really just got this one paid for. She's just a casual user, doing the AOL thing, occasional Google and some pictures. She does not do her business books on the system.

Anyway, I still cannot adjust resolution, and the system is incredibly slow.

Any thoughts?? Sorry to be so wordy, but I've been at this thing for some time with very little progress.

Many Thanks!!! Terry Heath in Swartz Creek, MI
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 02 June 2005 - 05:30 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
Guest_Andy_veal_*
Posted 02 June 2005 - 05:32 PM

Guest_Andy_veal_*
  • Guest
Lavasoft Knowledge Base Article 03041901
Virus Found While Scanning With Ad-aware
http://www.lavasofth...03/04/1901.html

SYMPTOM
While performing a scan with Ad-aware, a background antivirus monitor may issue an alert, stating that a virus has been found in a subfolder of the Ad-aware folder.

CAUSE
During a scan, Ad-aware will temporarily decompress files to scan their contents. Some antivirus applications include an option to quarantine infected files, and when Ad-aware decompresses these quarantined files, the antivirus background scanner detects the virus moving outside the quarantine area.

RESOLUTION
Either remove the quarantined files via your antivirus application, or have Ad-aware ignore the antivirus program's quarantine folders/files during a scan.



©2003 Lavasoft. All rights reserved.


A possible solution.

You may want to try and scan with free online AV scanners and post your results here


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Keep us updated

Thanks

Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP