Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AntiVirus Gold.


  • Please log in to reply

#16
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
How is it running?
  • 0

Advertisements


#17
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Its running good, The only problem is that my windows
dont open up to full screen. I have to click on maximize.
Display properties has defualt blue back on it. It had
disappered. Desktop is normal. I uninstalled a couple of
things I never really used the amber alert, it was just
there.
I do still have this. I says I ignore it but I do delete it.
It just keeps coming back. I click delete and go into the
registry and see that it is gone. Run another scan and
it isnt there. A little later I run another scan and its
back. Maybe its a faults report in the scanner. But I
also didnt start having trouble untill I found it.


Scan of 06/28/2005 7:09:46 AM
Pests found: 1
Area scanned: C:\
User Name: Tom Owner
MAC Address: 00-0C-41-E6-68-C8
Computer Name: TOM------------
Volume Name:
File System Name: NTFS
Volume Serial No: 3356106351
Windows Version: Windows XP
Product Edition: Standard
SpywareXterminator.exe: 12/27/2004 4.4.4.81
PPClean.exe: 06/24/2005 4.5.9.5
Pest Database: 06/23/2005
SpywareXterminatorCL.exe: 12/15/2004 4.4.4.80

Pest: AntivirusGold
Pest Info: Category: Trojan Author:[ICommerce Solutions S.A.] Release Date: 6/8/2005 0:00:00 Background Info: Click here
File Info: In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Productivity, Liability Risk: Low. Advice: Delete or ignore
Action: Ignored

I deleted it many times.
Also ! When I go to my computer and click on local disk C and it says
(These files are hidden). The screen color used to be blue now it is white but I can live with that as long as it dont effect my computer.

Thanks Cranky !!!


I just ran another scan.


Scan of 06/28/2005 7:51:19 AM
Pests found: 0
Area scanned: C:\
User Name: Tom Owner
MAC Address: 00-0C-41-E6-68-C8
Computer Name: TOM------------
Volume Name:
File System Name: NTFS
Volume Serial No: 3356106351
Windows Version: Windows XP
Product Edition: Standard
SpywareXterminator.exe: 12/27/2004 4.4.4.81
PPClean.exe: 06/24/2005 4.5.9.5
Pest Database: 06/23/2005
SpywareXterminatorCL.exe: 12/15/2004 4.4.4.80

No pests found. :tazz:



Third scan.
Notice the times !!



Scan of 06/28/2005 8:45:29 AM
Pests found: 1
Area scanned: C:\
User Name: Tom Owner
MAC Address: 00-0C-41-E6-68-C8
Computer Name: TOM------------
Volume Name:
File System Name: NTFS
Volume Serial No: 3356106351
Windows Version: Windows XP
Product Edition: Standard
SpywareXterminator.exe: 12/27/2004 4.4.4.81
PPClean.exe: 06/24/2005 4.5.9.5
Pest Database: 06/23/2005
SpywareXterminatorCL.exe: 12/15/2004 4.4.4.80

Pest: AntivirusGold
Pest Info: Category: Trojan Author:[ICommerce Solutions S.A.] Release Date: 6/8/2005 0:00:00 Background Info: Click here
File Info: In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Productivity, Liability Risk: Low. Advice: Delete or ignore
Action: Ignored

I figured out why it shows Ignored. I clicked save before I Deleted it. OOPs !!!

Thanks Cranky (HAVE A GOOD DAY) ;)

Edited by Cranky, 28 June 2005 - 07:13 AM.

  • 0

#18
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
We need to make things go back to normal. Let me look at it for awhile. I'll ask one of my geekmates to take a look at it also. :tazz:
  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please make sure you disable all the programs I asked you to do earlier.


Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid
PSGuard
AdwareDelete


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\zloader3.exe
C:\Windows\System32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\wp.bmp
C:\Windows\System32\perfcii.ini
C:\Windows\System32\oleadm.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\system32\oleadm32.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\LogFiles
C:\Program Files\Security IGuard
C:\Program Files\PSGuard
C:\Program Files\AdwareDelete

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED:

O4 - HKLM\..\Run: [cat] C:\Program Files\CAT\cat.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#20
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Windows open up smaller than they were. (about 4"X 6") now



When I go to my computer and click on local disk C and it says
(These files are hidden). The screen color used to be blue now it is white

(Still white)
=========

I tried to show screenShots of both but I couldnt get them to upload.
I clicked Browse and Add this attachment but it just sit there for awile.
My screen flinched and attachment was gone.

====================================================

ActiveScan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Virus:Eicar.Mod No disinfected C:\Program Files\StompSoft\Spyware X-terminator\Help.chm[HowCanITestDetection.html]

====================================================




Logfile of HijackThis v1.99.1
Scan saved at 2:02:15 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\tom owner\My Documents\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Cranky, 29 June 2005 - 06:26 PM.

  • 0

#21
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please disable Pestpatrol, I think it's keeping us from cleaning. I'm almost quite certain it's a false-postive.

The Virus:Eicar.Mod is detected in a part of pestpatrol. Leave that.


Copy the bold text below(in between the lines only) into Notepad and save it as AVGoldfix.reg
Set Filetype to All Files and save it to your desktop. We will use it later.

..............................................................

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel system tool"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]

.........................................................................


*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Windows\System32\hookdump.exe
C:\Windows\System32\winnook.exe
C:\Windows\desktop.html
C:\Windows\screen.html
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt if you get one.
*If the computer does not reboot by itself, do it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Doubleclick the AVGoldfix.reg we made earlier.Agree to merge it into the registry.
Still in safe mode use the disk cleanup tool to empty all your Temp folders.

Delete the entire folder C:\Program Files\AntiVirusGold<-FOLDER

In the Control Panel click Display>Desktop>Customize desktop>Web tab> Uncheck "Security Info"

Then boot back to normal.


Download and install RegistarLite.

Let's go search the Registry for
72267f6a-a6f9-11d0-bc94-00c04fb67863

Please be very carefull what you do. A corrupt Registry is a broken down machine.

Doubleclick the file you just downloaded.
An Installshield will appear. Follow the instructions.

Go to start - programs - RegistrarLite - Registrar Lite
Since it's the first time you open it, the program will finish the installation.

Press the magnifying glass
In the box 'text to search for' paste

72267f6a-a6f9-11d0-bc94-00c04fb67863
press 'enter'. The program will search the Registry looking for items.

When it's done searching you will see a window pointing to the row Pestpatrol found
(HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\72267f6a-a6f9-11d0-bc94-00c04fb67863).
Click that row once to select it.
Than, at the bottom you see a red X. Press it and choose 'delete key and value'.

Close registrar lite.

The key has been removed from the Registry.
  • 0

#22
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Hi.
Well I did everything requested.
My windows open up all the way. ( I used my mouse and dragged
one open to full screen and all of them open all the way now).

Click on my computer Local Disk C (These files are hidden.)
and its still white.
====================

Scanned 3 times last night with Spyware X Terminator and came
up clean. Scanned this morning and it was back.

Scan of 06/30/2005 9:34:45 AM
Pests found: 1
Area scanned: C:\
User Name: Tom Owner
MAC Address: 00-0C-41-E6-68-C8
Computer Name: TOM------------
Volume Name:
File System Name: NTFS
Volume Serial No: 3356106351
Windows Version: Windows XP
Product Edition: Standard
SpywareXterminator.exe: 12/27/2004 4.4.4.81
PPClean.exe: 06/24/2005 4.5.9.5
Pest Database: 06/23/2005
SpywareXterminatorCL.exe: 12/15/2004 4.4.4.80

Pest: AntivirusGold
Pest Info: Category: Trojan Author:[ICommerce Solutions S.A.] Release Date: 6/8/2005 0:00:00 Background Info: Click here
File Info: In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Deleted

I e-mailed X Terminator to ask them about it but heard nothing yet.
If this program is still causing a problem I can uninstall it. I disable it by
going to task manager and ending the proccess.
===========================

I did find one more problem. When I go to start,all programs,accessories,
system tools,system information it comes up with ( help and support).
I've never had that happen before.
I found out about this before I ran all the test yesterday.
===========================

Just did an activeScan again.

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Virus:Eicar.Mod No disinfected C:\Program Files\StompSoft\Spyware X-terminator\Help.chm[HowCanITestDetection.html]

Eicar.ModThreat Level:
Damage:
Distribution:


Common name: Eicar.Mod

Technical name: Eicar.Mod

Threat level: Low

Type: Virus

Affected platforms: MS-DOS


First detected on: July 18, 2003

Detection updated on: March 23, 2005

In circulation? No
============

Brief Description

Eicar.Mod is a modified version of the test file Eicar. The test file Eicar is not a real virus, but a program for MS-DOS that is used to check the effectiveness and quality of antivirus programs and tools for detecting viruses. Panda Antivirus detects this test file as EICAR-AV-TEST-FILE.

The test file Eicar was created by the Eicar international organization, and it was updated on May 1, 2003 in order to guarantee a better effectiveness.

Being Eicar.Mod a modified version of the real test file Eicar, it coud contain some viral code.


Visible Symptoms

When the test file Eicar is run, it displays the following message on screen:

EICAR-STANDARD-ANTIVIRUS-TEST-FILE!

However, being Eicar.Mod a modified version of the test file Eicar, it could show the same message or others.



Last updated: March 23, 2005

Edited by Cranky, 30 June 2005 - 08:53 AM.

  • 0

#23
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Do you have your windows xp disc?
  • 0

#24
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Yes I do.

Just did sfc /scannow

No help.
  • 0

#25
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets make sure SFC has a chance to run first!

Click Start>>Run>>Type in CMD and Click OK!

Type "SFC /purgecache" and click enter!
This will force Windows to purge its DLL cache and repopulate with clean system files!

Type "SFC /Enable" and click enter!
This will make sure that your OS has its System File Checker enabled!

Type "SFC /scannow" and click enter!
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem!

If there are errors running "Scannow", these links may be helpful:
http://www.updatexp....cannow-sfc.html
http://support.micro...om/?kbid=310747
http://www.techadvic...m/w98/S/SFC.htm
  • 0

Advertisements


#26
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Good morning, Cranky here.

Ran
killbox
AVGoldfix.reg
Ran SFC /scannow and I see no change.
This came back 72267f6a-a6f9-11d0-bc94-00c04fb67863 so I ran
Spyware X Terminator again and got rid of it then I uninstalled X Terminator
It was back again this morning so I ran Registrar Lite again and deleted it.
Just looked into Registry and it was there again.
I dont know if it is good or bad.
Ran SFC /scannow again this morning with same results.

Try to go to System Information and get Help and Support.


Update
I can only bring up system information by running one of these.

Examples

To open System Information in History view, type:
msinfo32 /pch

To create an .nfo file in the folder C:\TEMP with a name of TEST.NFO, type:
msinfo32 /nfo C:\TEMP\TEST.NFO

To create a .TXT file in the folder C:\TEMP with a name of TEST.TXT, type:
msinfo32 /report C:\TEMP\TEST.NFO

To view System Information from a remote computer with a UNC name of BIGSERVER, type:
msinfo32 /computer BIGSERVER

To list the available category IDs, type:
msinfo32 /showcategories

To start System Information with all available information displayed, except Loaded Modules, type:
msinfo32 /categories +all -loadedmodules

To create an .nfo file called SYSSUM.NFO in the C:\TEMP folder that contains information in the System Summary category, type:
msinfo32 /nfo C:\TEMP\SYSSUM.NFO /categories +systemsummary

To create a .NFO file called CONFLICTS.NFO in the C:\TEMP folder that contains information about resource conflicts, type:
msinfo32 /nfo C:\TEMP\CONFLICTS.NFO /categories +componentsproblemdevices+resourcesconflicts+resourcesforcedhardware



Doesnt Microsoft have a fix for System Information ?
I am thinking about running a repair to see if that works.
What do you think ?
Ran all my other scans and came up clean except a cookie.
ActiveScan came up clean. Didnt run Ewido but will in a minute.
I dont know all about it but my hijackthis log didnt seem to look
bad yesterday.

Thanks for all your help. I know this is taking up alot of your time. :tazz:


Update !!

I shut off system restore, showed hidden files (they were
aready showing). Went into safe mode with networking I think its
called.

Ran
ewide--clean
activescan--SaveNow (had this for a long time).
norton--clean
A2--clean
spybot--clean
adaware--clean
spywareblaster--clean
aboutbuster--clean
Ran cleanup
went to Internet options and deleted files and cookies.
and history.
ran disk clean up.
I dont think I left anything out.
Rebooted and turned system restore back on.

The only thing I see wrong is My computer disk C
is still white (should be blue) and My system information
wont come up. I get help and support.
I dont know what else to do.


I dont know if this is anything bad or not. ;)

Just found in
HKey_Classes_Root (Trojfile)

In right pane it says

Name----------------Type---------------- Data
==================================================
(Default)----------REG_SZ---------Trojan Infested File

Edited by Cranky, 01 July 2005 - 09:02 PM.

  • 0

#27
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please stop running Spyware exterminator.

I really don't know what to tell you any more. I think your machine is fine.

Crete might find soemthing else, but let it go for a couple of days and just use it instead of trying to fix it. See if everything is going OK. If it isn't, let us know and we'll try to figure something out.

Enjoy your weekend. :tazz:
  • 0

#28
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
In my last post. ( I uninstalled X Terminator)
-------------------------------------------------------


Try to go to System Information and get Help and Support.

As long as I can get into it as explained ( In my last post)
I'll figure it out sooner or later.
-----------------------------------------------------------------------


(Should this be there )??

Just found in
HKey_Classes_Root (Trojfile)

In right pane it says

Name----------------Type---------------- Data
==================================================
(Default)----------REG_SZ---------Trojan Infested File ;)


Thanks for all your help. I know this is taking up alot of your time. :tazz:
  • 0

#29
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download and run this.

http://www.f-secure.com/blacklight/
  • 0

#30
Cranky

Cranky

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Thank you very much for all your help.
I know this has taken alot of your time. ;) :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP