gerbil,
the tone of the last response received from you had a hint of frustration attached. I apologize for any inconvenience that I caused you by doing what was alleged I did. What you could not have known is that I could not get my browser to work, nor could I get online to respond to your messages. I was fundamentally at whit's end... so whatever I'm accused of doing that disrupted the resolution of my Wife's and my computer virus problems I take full responsibility. It should be stated that I could not have gotten some semblence of computer/internet/www usage without my stuggle to get rid of what was negating me from the access we both so desparately need to do our research. It was not my intetnt to create a problem from the problem at-hand. If I'd had your email address I would have kept you in the loop symptom-wise. No one is more frustrated than my Wife and I... and still we're not out of the woods so to speak. 1. emails only come in with attachments and no information in the email body... 2. browser hangs intermittently and requires sending a report to Microsoft and ultimately a reboot... So again, kindly forgive me but I did what I did so that I could once again communicate on DaniWeb. We're not getting much else done on the WWW. Let's acll it a day, as I do not desire to cause you any more frustration, as you …
gerbil (FYI),
Just to test the MS Word line-spacing and space removal technique i/c/w the "Code" snippet (Alt-I) and then Alt+S Reply to this Discussion process... I'm happy to say it worked again with no drama. :-)
Are you receiving the log posts and/or zip files? They may have looked like they worked but if you do not get them it's obvious we'll have to try another method.
---rabbie
gerbil
1. did you receive the zipfile with Prevx and OTL logs in it?
2. HiJackThis follows
1. Logfile of Trend Micro HijackThis v2.0.4
2. Scan saved at 1:45:19 PM, on 8/28/2012
3. Platform: Windows XP SP3 (WinNT 5.01.2600)
4. MSIE: Unable to get Internet Explorer version!
5. Boot mode: Normal
6. .
7. Running processes:
8. C:\WINDOWS\System32\smss.exe
9. C:\WINDOWS\system32\winlogon.exe
10. C:\WINDOWS\system32\services.exe
11. C:\WINDOWS\system32\lsass.exe
12. C:\WINDOWS\system32\Ati2evxx.exe
13. C:\WINDOWS\system32\svchost.exe
14. C:\WINDOWS\System32\svchost.exe
15. C:\WINDOWS\system32\Ati2evxx.exe
16. C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17. C:\WINDOWS\system32\spoolsv.exe
18. C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19. C:\Program Files\Java\jre6\bin\jqs.exe
20. C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21. C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22. C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
23. C:\Program Files\Macrium\Reflect\ReflectService.exe
24. C:\Program Files\Microsoft\BingBar\SeaPort.EXE
25. C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
26. C:\WINDOWS\system32\tcpsvcs.exe
27. C:\WINDOWS\system32\svchost.exe
28. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
29. C:\WINDOWS\system32\mqsvc.exe
30. C:\WINDOWS\system32\mqtgsvc.exe
31. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
32. C:\Program Files\Google\Update\GoogleUpdate.exe
33. C:\WINDOWS\Explorer.EXE
34. C:\WINDOWS\SOUNDMAN.EXE
35. C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
36. C:\Program Files\Common Files\Java\Java Update\jusched.exe
37. C:\WINDOWS\zHotkey.exe
38. C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
39. C:\Program Files\AVAST Software\Avast\avastUI.exe
40. C:\Program Files\Microsoft IntelliType Pro\type32.exe
41. C:\Program Files\Digital Media Reader\shwiconem.exe
42. C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
43. C:\WINDOWS\system32\ctfmon.exe
44. C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
45. C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
46. C:\Program Files\Microsoft IntelliPoint\IPoint.exe
47. c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
48. C:\HJT\HijackThis.exe
49. .
50. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
51. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
52. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
53. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
54. O2 - BHO: (no name) - AutorunsDisabled - (no file)
55. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common …gerbil,
Be on the lookout for a zip file with a name similar to SecureeAnywhere 1208DD or a variation thereof. It will contain several Prevx/Webroot and OTL logs all dated for your convenience; in the format YYMMDD. Hope I've not inundated you. The Daniweb post process is currently having challenges as you know, and I thought the multi-logs might assist.
Thank You,
---rabbie
Since KAS n Prevx (Webroot) were not necessary...
[uninstalled] KAS (Kss.exe) and
Prevx (Webroot) [exited process but did not uninstall]
gerbil,
I formatted the combofix quarantine file using Word numbering and line-spacing removals, then control-v into "Code". It seemed to have worked much better, just thought I'd pass that on for future reference.
gerbil... Here is the ComboFix-quarantined-files
.
1. 2012-08-15 04:31:32 . 2012-08-15 04:31:32 1,162 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-DefaultTab.reg.dat
2. 2012-08-15 04:31:13 . 2012-08-15 04:31:13 963 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01}.reg.dat
3. 2012-08-15 04:31:12 . 2012-08-15 04:31:12 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}.reg.dat
4. 2012-08-15 04:23:02 . 2012-08-15 04:23:02 224 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DefaultTabUpdate.reg.dat
5. 2012-08-15 04:23:01 . 2012-08-15 04:23:01 870 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DefaultTabUpdate.reg.dat
6. 2012-08-15 01:52:01 . 2012-07-02 17:49:32 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DF.tmp.vir
7. 2012-08-15 01:52:00 . 2012-07-02 17:49:33 206,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DB.tmp.vir
8. 2012-08-15 01:52:00 . 2012-07-02 17:49:33 105,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DA.tmp.vir
9. 2012-08-15 01:52:00 . 2012-07-02 17:49:32 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4EB.tmp.vir
10. 2012-08-15 01:52:00 . 2012-07-02 17:49:33 12,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4E9.tmp.vir
11. 2012-08-15 01:51:59 . 2012-07-02 17:49:32 184,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E5.tmp.vir
12. 2012-08-15 01:51:59 . 2012-07-02 17:49:33 916,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D8.tmp.vir
13. 2012-08-15 01:51:58 . 2012-07-02 17:49:32 629,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E0.tmp.vir
14. 2012-08-15 01:51:57 . 2012-07-02 17:49:32 2,000,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E4.tmp.vir
15. 2012-08-15 01:51:57 . 2012-07-02 17:49:33 1,212,416 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D9.tmp.vir
16. 2012-08-15 01:51:56 . 2012-07-02 17:49:32 6,008,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DE.tmp.vir
17. 2012-08-04 19:25:24 . 2012-08-15 04:05:46 1,150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\twitter_ie.ico.vir
18. 2012-08-04 19:25:24 . 2012-08-15 04:05:46 318 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico.vir
19. 2012-08-04 19:25:24 . 2012-08-15 04:05:46 1,150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\amazon_ie.ico.vir
20. 2012-08-04 19:25:24 . 2012-08-15 04:05:45 1,150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\youtube_ie.ico.vir
21. 2012-08-04 19:25:24 . 2012-08-15 04:05:45 1,150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\facebook_ie.ico.vir
22. 2012-08-04 19:25:24 . 2012-08-15 04:05:45 1,406 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\search_here_ie.ico.vir
23. 2012-08-04 19:24:08 . 2012-08-04 19:24:08 1,150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\searchhere.ico.vir
24. 2012-08-04 19:24:08 . 2012-08-04 …gerbil,
At my last login I posted, or thought I'd posted, both the Prevx/Webroot and OTL logs. Now I'm here at the post area and do not see them as they were when I logged out of Daniweb. What is going on? I opended "Code" control-v each log independent of the other, with idea of creating 2 separate posts... or so I thought. I then Alt-I and then Alt+S to save the posted logs. I can see here and now that did not happen. So... what I will now do is zip them and try to upload them to either this post using "Files" area or the Private Messages area.
---Rabbie
gerbil attached please find screen prints of my running Taskmgr apps.
08-27-2012 performance of gerbil instructions
Posted the ComboFix in Private Message area
1. Created a restore point before changes
2. Exported a registry copy before changes
3. rechecked all MSCONFIG startups and services
4. Deletion Attempts
a. did not delete yet - c:\1081a87273cf5e78fa = holds the installation of WinXP Service Pack 3 (SP3)... gerbil... should I still delete this even though it's for WinXP SvcPk3?
b. (access denied CANNOT delete) - c:\program files\DefaultTab
c. deleted - c:\documents and settings\a boze\application data\DefaultTab
gerbil, I re-checked those startup and services that were unchecked and lost my system (not my Wife's) until now. It's difficult to explain the symptoms. But I saw a number of applications in Taskmgr I'd not seen before. I couldn't get on the net to reply to you. So I re-unchecked those items in both our systems and ran Norton Eraser, Malwarebytes and ZoneAlarm scans. Also some of my programs I need to be productive stopped working, but have slowly come back as I identified registry problems via Glary Utilities Reg Scan. I was deeply concerned that I'd lost everything ( I didn't panic ). Do you think I should delete C:\1081a87273cf5e78fa4. and Delete these two:c:\program files\DefaultTab and c:\documents and settings\A Boze\Application Data\Def?
I'm curious, did the aswMBR show you anything? Let me know and I'll go back and complete the list of things to do.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-25 15:49:46
-----------------------------
15:49:46.187 OS Version: Windows 5.1.2600 Service Pack 3
15:49:46.187 Number of processors: 1 586 0x1F00
15:49:46.187 ComputerName: MTNNJ70 UserName: A Boze
15:49:47.906 Initialize success
15:49:48.171 AVAST engine defs: 12082501
15:50:02.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
15:50:02.687 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 152627MB BusType: 3
15:50:02.718 Disk 1 \Device\Harddisk1\DR2 -> \Device\Parallel0.5
15:50:02.718 Disk 1 Vendor: IOMEGA__ K.05 Size: 152627MB BusType: 1
15:50:02.718 Disk 0 MBR read successfully
15:50:02.718 Disk 0 MBR scan
15:50:02.734 Disk 0 Windows XP default MBR code
15:50:02.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:50:02.734 Disk 0 scanning sectors +312576705
15:50:02.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:50:09.734 Service scanning
15:50:21.750 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
15:50:23.046 Modules scanning
15:50:47.234 Disk 0 trace - called modules:
15:50:47.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:50:47.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a651ab8]
15:50:47.265 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a6549e8]
15:50:47.265 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1f[0x8a6c7d98]
15:50:47.671 AVAST engine scan C:\WINDOWS
15:50:53.828 AVAST engine scan C:\WINDOWS\system32
15:52:45.031 AVAST engine scan C:\WINDOWS\system32\drivers
15:52:52.968 AVAST engine scan C:\Documents and Settings\A Boze
15:58:19.734 AVAST engine scan C:\Documents and Settings\All Users
16:00:22.531 Scan finished successfully
16:17:30.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\A Boze\Desktop\ANN'S System Attack\asw mbr\MBR.dat"
16:17:30.765 The log file has been saved successfully to "C:\Documents and Settings\A Boze\Desktop\ANN'S System Attack\asw mbr\aswMBR.txt"
gerbil... I posted aswMBR at the "Private" location as instructed, and have left the aswMBR completed successfully scan screen open on my desktop.
---rabbie
Greetings gerbil,
First allow me to articulate I have high esteem for you, your patience and definitely your professionalism. Second, allow me to THANK YOU for everything you are doing to get my Wife and I productive again. You're amazing!!!
Third, I have copied and pasted your instructions to a Word docx file to print and save for future reference, as well as, for guidance in following the instructions so carefully outlined. Again... we can't thank you enough.
Have a Wonderfully Peaceful Day,
---Rabbie and his Soul Mate
ComboFix 12-08-14.03 - A Boze 08/15/2012 0:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1399 [GMT -4:00]
Running from: c:\documents and settings\A Boze\My Documents\Downloads\ComboFix is FREE\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\bing.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\google.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\yahoo.ico
c:\documents and settings\A Boze\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\program files\Internet Explorer\SET2E.tmp
c:\program files\Internet Explorer\SET2F.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET4E9.tmp
c:\program files\Internet Explorer\SET4EB.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SET9DE.tmp
c:\program files\Internet Explorer\SET9DF.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\MailSwitch.ocx
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp …gerbil thank you for the heads up on Teredo. I'm at wits end this evening as I'm sure you are, witth your other newbies like me :-). The reports can be attached to an email. Do you have a "just-for-junk" email acount I can send the attachments to? I even thought of creating a Yahoo group just for the exchange of files like these. But even there I could not create an new group. Our systems are truly nastied to the Nth degree. The screenprints of the ram problem have also mysteriously gone into oblivion. This is an attack like none other. There must be a way for me to get combofix and otl reports to you. I remember some years ago there were FTP servers... are they still in around?
The OTL was run... but I'm having trouble pasting the report output!
Each time I try to save the report ALT-S the following message comes up: "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces." I don't have a clue how I can get you the combofix and the OTL reports.
Rabbie
gerbil,
can yo see the combofix report recently inserted into forum?
gerbil,
I hope the Combofix attaches to this post
---rabbie
We've never had a virus attack like this one. Ah finally I'm able to get to Daniweb. Our systems had been taken over by a plethora of these vermin. I was able to run something called (prevx/webroot) on my system to delete some nasties and here I am finally on Daniweb again. I will get the combofix file of her system for you, but I'm not sure of what UFD stands for. Please forgive my ignorance.
gerbil...
A. The dougknox.com zipfile download worked
B. when I click on the URL below in #1 the URL in #2 popsup
1. http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
2. POPUP
jar:file:///C:/Program%20Files/Mozilla%
20Firefox/omni.ja!/chrome/browser/content/browser/undefinedliveupdate.msi.com
.twautobios/LOnline/install.cab
gerbil I aoologize... it seems my mouse and keyboard are conspiring against
me LOL (I'm seriously believing their drivers are affected by the nasties as
well). I cannot get the 8/14-15/2012 ComboFix report to post at the moment.
So, Iim going to try one more thing. I will create a new report file and name
it something else and attach it.
gerbil I aoologize... it seems my mouse and keyboard are conspiring against me LOL (I'm seriously believing their drivers are affected by the nasties as well). I cannot get the 8/14-15/2012 ComboFix report to post at the moment. So, Iim going to try one more thing. I will create a new report file and name it something else and attach it.
Thank you much gerbil
.
When I try to post the ComboFix info I get a message that tells me to use the Code button.
I do that and it stll does not work. How do I get you the data?
.
As far as I remember I did not place those msi files in the Security tab.
I do not know how or why they got there. Is this an indicator of the problem?
.
The following URL gives me an oops can't find this site address message.
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
I just want to ensure my understanding of your directions so I may follow them:
In taking note of the .LNK association site it indicates VISTA 64-bit and
I'm running Win XP 32-bit. Will it matter if I run the VISTA association reg file against Win XP? http:/
Greetings gerbil,
Sorry it took so long to get back to you. This system is so bogged down with nasties
it is rather difficult to get the necessary information requested, which results in my
having to find the work-arounds to provide the requests.
I took your advice and removed the ghost AVG -
AVG was uninstalled months ago before Avast was installed -
However,
AVG's Removal tool ran successfully
Norton's Removal tool ran successfully
McAfee's Removal tool ran successfully
.
I uninstalled Ad-Aware and kept MBAM
.
In IE options, I tried to clear out all trusted zone entries, including the MSIs
but none of the following MSIs would stay removed
http://asia.msi.com.tw - http://gobal.msi.com/tw - http://www.msi.com.tw
.
Acronis, Paramount, Macrium and Easeus? That's a collection
I wasn't sure of what you desired me to do with these... however,
EaseUS was uninstalled because it would not allow me to SAFEBOOT it always
(hung at EUBAKUP)
Acronis I believe is not necessary. It shows up in Device Manager with
exclamation points and can, I believe be removed
Macrium Reflect is what I use to create "just-in-case" image and clone files
I do not know what Paramount is. It no longer show up in Program Files or Add/Remove
Little Registry Cleaner, you're right I'm not sure if I could tell the difference after …
How kind of you gerbil to respond. I will follow your directions to the "T" and will post what you have requested. Again thank you for Y-O-U, your time and your expertise.
---RAB
foxkueh,
There obviously a number of reasons as to why there is no internet access... however I've seen instances where utilities will indicate a good "hadnshake" with a device but the device was not functioning at its optimum. In your case there are several vendors who provide USB antennas that will get you productive until what's going on is figured out. The antenna that I used for my high school was made by Belkin. In light of the prvious my laptop's mobo had challenges brought on by electrical storms and power outages. Let me know how you make out!
---RAB
Ben... kindly elaborate on "forget iv, back the lot up and wipe it".
Thanks,
---Rob
MBAM, DDS, and ATTACH files
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.17.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
A Boze :: MTNNJ70 [administrator]
8/17/2012 2:03:52 PM
mbam-log-2012-08-17 (14-03-52).txt
Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308545
Time elapsed: 1 hour(s), 9 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by A Boze at 16:06:12 on 2012-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1588 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
svchost.exe
C:Program FilesAVAST SoftwareAvastAvastSvc.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesEaseUSTodo BackupbinAgent.exe
C:Program FilesEaseUSTodo BackupbinGuardAgent.exe
C:Program FilesKaspersky LabKaspersky Security Scan 2.0kss.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:WINDOWSzHotkey.exe
C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe
C:Program FilesAVAST SoftwareAvastavastUI.exe
C:Program FilesEaseUSTodo BackupbinEuWatch.exe
C:Program FilesMacriumReflectReflectService.exe
C:Program FilesEaseUSTodo BackupbinTrayNotify.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesKaspersky LabKaspersky Security Scan 2.0kss.exe
C:WINDOWSsystem32svchost.exe -k imgsvc …Downloaded and installed MBAM, with SETUP error messages (5) received stated: CoCreateInstance failed; Code 0x80040154 Class not registered. Each time I clicked OK another popped up... this occurred 5 times. MBAM was run anyway, since I believe those errors are possibly related to the 1909 .LNK errors received on the installation of other applications.
---Rob
As an addition... my emails do not show information in the body of the email. And when we try to install program applications we receive 1909 errors the tell us a .LNK could not be created on the desktop, in Program Files and in the Start Menu areas.
GMERONE
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-17 12:20:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f Maxtor_6Y160P0 rev.YAR41BW0
Running: 6g2ifgus.exe; Driver: C:\DOCUME~1\ABOZE~1\LOCALS~1\Temp\agldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0E1C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0E1BFCD]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0E9C744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
GMERTWO
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-17 12:24:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f Maxtor_6Y160P0 rev.YAR41BW0
Running: 6g2ifgus.exe; Driver: C:\DOCUME~1\ABOZE~1\LOCALS~1\Temp\agldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! …
Greetings... I am a new member to DaniWeb. My Wife's system began its current symptoms about a week ago 08-10-2012. First sporadically, then seemed to escalate exponentially until 08-12-2012 when she could no longer:
1. double-click on her icons in... (we must right-click and choose OPEN)
a. the START menu
b. desktop
c. Quick Launch (which disappears after each reboot after we have clicked to have it display)
2. We could no longer move icons on the desktop to another location until I ran
a. regsvr32 ole32.dll and
b. regsvr32 /i shell32.dll
c. It solved the problem of icon movement, but still cannot double-click icons to execute applications
3. At one point we'd lost the ability to get into MSCONFIG
a. I used the entire pathname temporarily
b. I then downloaded the MSCONFIG app and placed it in the correct location (it is working now)
4. During an AVAST scan several blocks of ram display with (Trj) errors (I created screenprints if you need them)
5. 08-17-2012 I have run per readme instructions: MS Malicious Software Removal Tool, ATF Cleaner and GMER (2ce)
6. I have the following files/scans for submission
a. 08-16-2012 ComboFix... etc.
b. 08-17-2012 GMERONE (GMERONE_2) and GMERTWO (GMERTWO_2) files with _2 run AFTER Avast and Internet shutdowns
You and Your assistance is greatly appreciated, as we do not desire to wipe the drive and reinstall. Please and kindly help us.
---Rob