Author Topic: HiJack Log (Read 40198 times)

bluecountry · « **on:** May 09, 2008, 12:02:21 PM »

Dell 5150.
Windows XP.
Running somewhat slow...icons on desktop slow to respond.

CCleaner run.
SAS run...clean.
Cureit run...clean.

HiJack below...thoughts?

Logfile of HijackThis v1.99.1
Scan saved at 10:37:03 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

evilfantasy · « **Reply #1 on:** May 09, 2008, 12:30:03 PM »

Looks fine. Just a few things to do.

Your Java is out of date.
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version(s) of Java components and update.

Step 1 - Get the new version

Go to the Sun Java Download Page
On the Sun Java page scroll to the 5th download. Java Runtime Environment (JRE) 6 Update 6
Click the button and choose the options.
- Platform Windows
- Language English
- Next place a check mark in the box to agree to the License Agreement.
"I agree to the Java SE Runtime Environment 6 License Agreement"
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Follow the prompts to complete the installation.

Step 2 - Remove old version(s)

Close any programs you may have running - especially your web browser.
Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Do not remove Java 6 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each old Java version.
Restart your computer once all Java components are removed.

Step 3 - Remove old folder(s)

Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
Open the Java folder and delete any subfolders except the jre1.6.0_06 folder which was just created by the newest Java installation.

.
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

bluecountry · « **Reply #2 on:** May 22, 2008, 07:19:28 PM »

This is not working.

I clicked on JRE 6 update 6.
It offered multi language not English.

When I "saved it to a disc" an icon was made on the desktop.
I double clicked...and then selected start.
It begins to download...but each time it gets only to 6 percent complete before it "reconnects to the server" and starts over.
After a few minutes it reads "download failed, unable to verify."

What is the problem and are there any solutions?

Thanks.

evilfantasy · « **Reply #3 on:** May 22, 2008, 07:30:49 PM »

Try downloading it from here http://www.filehippo.com/download_java_runtime/

bluecountry · « **Reply #4 on:** May 22, 2008, 08:44:42 PM »

Thanks...it worked.

1) Secunia the website is not operating.

2) Super Anti Spyware keeps telling me updates need to be installed.

Service Update. Super Anti Spyware Kernel Driver required for removing rookit style infections.

I have installed this multiple times tonight...and within minutes it tells me I need to download again.

Is this a bug?

evilfantasy · « **Reply #5 on:** May 22, 2008, 08:55:42 PM »

You may have an old version, try uninstalling it and re-installing the new one. http://www.majorgeeks.com/SUPERAntiSpyware_d5116.html

Secunia has been down all day. I don't know what is going on there.

bluecountry · « **Reply #6 on:** June 01, 2008, 11:56:26 PM »

This is great.

First...I go the above website...uninstall SAS.
I try downloading the new one...and get told I have an error.
Error 1304. Error writing to file C:\ProgramFiles\SuperAntiSpyware\SASdivsf.sys...verify that you have access.

So I don't have SAS.

2) Now my CPU is running slow....Cureit says I have no virsus.
Cureit also says my package is 25 days old and to dl a new one.
I did...THREE times...and each time I click the icon it keeps telling me it's 25 days outdated.

*censored*?

evilfantasy · « **Reply #7 on:** June 02, 2008, 12:00:28 AM »

Try to delete the SuperAntiSpyware folder then download it.

You may need to go into safe mode to delete it.

C:\ProgramFiles\SuperAntiSpyware

evilfantasy · « **Reply #8 on:** June 03, 2008, 12:31:18 AM »

For your information I haven't done anything but suggest items to update. I haven't had you remove anything! So, what exactly did I do?

evilfantasy · « **Reply #9 on:** June 03, 2008, 12:50:26 AM »

Quote

1) Why is my CPU so MFing slow!!!!!!!!!!!!!

I have no clue, all I've done is try to help you get things updated.

Quote

2) Why can't I download SAS?

If you are having problems uninstalling SUPERAntiSpyware, use the SUPERAntiSpyware Uninstallation Assistant here:
http://www.superantispyware.com/downloads/SASUNINST.EXE

Quote

3) Why does Cureit tell me download the newest version and that I have a month old dated version EACH TIME I login despite downloading it?

Delete it and use something more reliable.

Quote

4) Also...you know what's really annoying?
Nobody on here has a clue or consensus on WHAT programs should be on my CPU.
I get told have this or have that...I would like to know ONCE and for ALL which programs my CPU needs and what each of their jobs are.

You haven't asked me that question. There is always Google to research any program you see and want to question.

Quote

I have threat fire...what the heck is that for?

I didn't suggest it be installed but here is the web site. http://www.threatfire.com/

Quote

I have AVG and I don't even use that...and recently I deleted Adware because SAS kept bringing up virsus from it...even thought YOU recommended it.

We were working on the SAS issue until you just went off on me. (see above)

Uninstall AVG Anti-Spyware 7.5. It is no longer supported so isn't doing any good.

Quote

5) So could SOMEBODY please undo the damage that was done here to my CPU and let me know ONCE and for WHAT program I need instead of just having throw every darn thing on here until it all gets confused?

I will need to see an uninstall list.

Create An Uninstall List

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
Copy and paste that list in your reply.

.

Have you done a disk defrag lately?

skyblue · « **Reply #10 on:** June 03, 2008, 01:37:29 AM »

Chill out

I for one find this site invaluable ,and it has helped me numerous times free of charge i might add , and considering the time and sometimes a lot of effort from the helpers on here including evilfantasy with their vast knowledge which they pass on again free of charge , i think an apology is due from bluecountry otherwise evilfantasy i think i would be telling bluecountry where to get off.
just my opinion, skyblue

bluecountry · « **Reply #11 on:** June 03, 2008, 04:00:23 PM »

I apologize for ranting and sounding off in that tone and manner.
I was out of line.

I went ahead and
-Did the SAS as told
-Removed AVG
-I think I also removed Cureit

Questions

1) Is SAS gone?

2) IS Cureit gone...I deleted the icon on my desktop...and I don't see it anywhere on my computer...so is it removed?

3) What now?
-Is my CPU good?
-It appears to be running faster.

4) What anti-spyware/anti-virus do I need?
-I believe all I have is CClean/Threatfire/Symnatec

5) No...I have not defragged lately.

6) Hi jack uninstall listed below

Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6.0
Anapod Explorer (remove only)
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
BitLord 1.1
Broadcom 440x 10/100 Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CCScore
C-Major Audio
Dell AIO Printer A920
Dell Wireless WLAN Card
ESET Online Scanner
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
FaxTools
FreeAgent Go Tools
Google Earth
Google Toolbar for Firefox
Google Updater
HijackThis 1.99.1
HLPIndex
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iTunes
Java(TM) 6 Update 6
Kodak EasyShare software
KSU
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Notifier
NVIDIA Drivers
OTtBPSDK
PCDADDIN
PCDHELP
PodPlus 1.1.0.0
Quicken 2008
QuickTime
RealPlayer
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
SFR
SHASTA
Sid Meier's Civilization 4
SKIN0001
SKINXSDK
Symantec AntiVirus
ThreatFire 3.0
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
VPRINTOL
Windows Defender Signatures
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
WIRELESS
Yahoo! Install Manager

Thanks.

bluecountry · « **Reply #12 on:** June 03, 2008, 04:10:01 PM »

HiJack this regular scan

Logfile of HijackThis v1.99.1
Scan saved at 6:04:25 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

evilfantasy · « **Reply #13 on:** June 03, 2008, 04:26:38 PM »

Quote

Questions

1) Is SAS gone?

2) IS Cureit gone...I deleted the icon on my desktop...and I don't see it anywhere on my computer...so is it removed?

Yes they should all be gone now.

Quote

3) What now?
-Is my CPU good?
-It appears to be running faster.

All I have to go buy is what you tell me. Removing SAS and AVG should have helped.

Quote

5) No...I have not defragged lately.

I use Auslogics Disk Defrag - http://www.majorgeeks.com/Auslogics_Disk_Defrag_d5266.html

It's much faster then the Windows built in defrag. It would likely be good to run one after everything is cleaned up. Be sure to run CCleaner before defraging.

Quote

6) Hi jack uninstall listed below

Uninstall > Viewpoint Media Player

Install StartUpLite > http://www.majorgeeks.com/download5583.html < It's a small download, just run it and it will show what all can be safely removed.

HJT log looks fine.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
Let me know how things are now.

bluecountry · « **Reply #14 on:** June 06, 2008, 12:39:17 PM »

Thanks.

I went ahead and:

1) Uninstalled Viewpoint Media Player

2) Install StartUpLite

3) Ran Secunia Software Inspector and followed their prompts

4) Ran the recommended defrag program

My remaining questions were:

1) Is my CPU clean?

2) What programs do I have/should I have/should I remove as part of my regular maintance.

-I believe all I have now is CCleaner/Symnatec/Threatfire
-Is there anyway I check to see if that's all I have

-Do I need any further spyware/virus or other programs

-Can I remove threatfire?

3) Was my CPU way needing of a defrag?
-Here are the details file:///C:/Documents%20and%20Settings/Trent%20Berger/Application%20Data/Auslogics/Disk%20Defrag/Reports/C_Disk_Defrag_Report.html

Thanks.

evilfantasy · « **Reply #15 on:** June 07, 2008, 12:54:41 PM »

Quote

1) Is my CPU clean?

I don't see any malware. I never tell anybody they are 100% clean. That's impossible to know unless you reformat the hard drive.

Quote

-Can I remove threatfire?

If you don't think it will help then you can.

Quote

3) Was my CPU way needing of a defrag?
-Here are the details

Link doesn't work for me.

bluecountry · « **Reply #16 on:** June 07, 2008, 02:19:59 PM »

Are you able to answer based on the information I provided

1) What anti-spyware/virus and other maintenance program files I currently have on my computer?
-If not....how can I find a full inventory?

2) What anti-spyware/virus and other maintenance program files I should install/have?

evilfantasy · « **Reply #17 on:** June 07, 2008, 02:23:07 PM »

Look in add/remove programs to see what all you have installed.

Look through the link I posted earlier for advice on what to install. Everyone has a different mix of security, it is down to trying the different options and what suits you the best.

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

bluecountry · « **Reply #18 on:** June 08, 2008, 11:47:42 PM »

OK, several things.

1) I went to
-Control Panel>Add/Remove Programs

I found that I had:
-CCleaner (remove only)
-Symnatec Anti-Virus
-Threatfire

2) I went to your link "Read before posting"

I thought since I had symnatec...all I needed was SAS and Malwarebytes.
-Is this correct...or do you recommend I download an anti-virus or other program?
-I am confused since you and Klein offer different recommendations...what is your recommendation given my CPU history?

3) I went ahead downloaded malwarebytes. I ran a scan, enclosed below

Quote

Malwarebytes' Anti-Malware 1.15
Database version: 841

1:34:53 AM 6/9/2008
mbam-log-6-9-2008 (01-34-46).txt

Scan type: Quick Scan
Objects scanned: 36748
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.

Files Infected:
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_33_52 PM_843.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_33_56 PM_828.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_38_17 PM_843.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_39_06 PM_765.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.

-What do you think...was my system pretty bad?

4) I also tried to download SAS...yet strangly I was given the same error I reported last week

Quote

First...I go the above website...uninstall SAS.
I try downloading the new one...and get told I have an error.
Error 1304. Error writing to file C:\ProgramFiles\SuperAntiSpyware\SASdivsf.sys...verify that you have access.

-Is there any reason why, since I already used your link to uninstall?
-Is there some big problem on my CPU...if so why and how to fix?

5) Speaking of the Malwarebytes scan...I do not understand why it is telling me the infected files come from Adware since I removed that awhile ago from my computer.
-Between this and the SAS error....what is going on?

6) Lastly...I don't understand I have
-StartupLite as an icon on my desktop...yet in control panel...add/remove programs it is not listed.
-Further...when I go to start>all programs neither startuplite or hijack this are listed.
-Why and how to fix?

Thanks.

evilfantasy · « **Reply #19 on:** June 09, 2008, 12:34:08 AM »

Quote

1) I went to
-Control Panel>Add/Remove Programs

I found that I had:
-CCleaner (remove only)
-Symnatec Anti-Virus
-Threatfire

CCleaner (remove only) < Temporary file cleaner. Good for daily use to keep your hard drive clutter free.

Symnatec Anti-Virus < Antivirus

Threatfire < I don't use it and don't recommend it's use. Not that it is a bad product I just simply don't use it. Instead I use Spywareblaster. If you want to uninstall it, or don't understand it then get rid of it. Threatfire Overview

Quote

I thought since I had symnatec...all I needed was SAS and Malwarebytes.

You are covered with Symantec for an antivirus. Alternate running SAS and MBAM every other week or so for layered approach to detecting malware. An antivirus alone isn't enough, you need a "second opinion" from time to time.

Quote

-I am confused since you and Klein offer different recommendations...what is your recommendation given my CPU history?

First, it's your HDD you are protecting. CPU is totally different. A virus attacks/targets system files/folders on the hard drive. No biggie we just need to use the same descriptions to understand each other better.

A few posts back I said everyone has a different mix of security, it is down to trying the different options and what suits you the best. Here is what I use, others will have a different mix of security depending on what they like.

Antivirus - Avast Home Free

Firewall - I'm using Windows built in firewall now. If you do any online banking, eBay etc. then you will want to use a third party firewall like Comodo. Windows firewall is a basic firewall and lacks bi-directional blocking abilities.

Malware scanners - MalwareBytes (paid version with real time protection), Superantispyware.

Security monitor - WinPatrol 2008

Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster.

Quote

3) I went ahead downloaded malwarebytes. I ran a scan, enclosed below

(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?

Quote

-What do you think...was my system pretty bad?

Not according to what I saw in the Hijackthis log, but since there are still problems with SAS we should take a closer look with a more powerful/informative scan.

Quote

5) Speaking of the Malwarebytes scan...I do not understand why it is telling me the infected files come from Adware since I removed that awhile ago from my computer.
-Between this and the SAS error....what is going on?

AdwareAlert and Ad-Aware are two different programs. AdwareAlert tricks users into trying to get them to purchase the full licensed version. Once paid for suddenly there are no problems on the PC. Which is why it is labeled a rouge.

Quote

6) Lastly...I don't understand I have
-StartupLite as an icon on my desktop...yet in control panel...add/remove programs it is not listed.
-Further...when I go to start>all programs neither startuplite or hijack this are listed.
-Why and how to fix?

StartUpLite doesn't actually install, just delete it and it's gone.

C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe < Because it is installed in the wrong location. Delete it from the desktop and it will be gone.

----------

Now lets do a scan which will let me know more of what's going on. Please read the instructions first and follow them exactly. This is a complex and powerful tool that needs to be treated with caution.

Download Combofix by sUBs from one of the below links.

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
Choose Yes to accept the Disclaimers.

When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of combofix.

----------

Next post add
Combofix log

bluecountry · « **Reply #20 on:** June 09, 2008, 06:10:40 PM »

Before we address anything else...I ran ComboFix.

I have attached the log...let me know what you think.
Thanks.

[Saving space - attachment deleted by admin]

evilfantasy · « **Reply #21 on:** June 09, 2008, 06:41:31 PM »

Go to Start > Run and copy then paste this line in the window.

combofix /u

Now click OK.

----------

Run this next scan. It will take a while so ask any questions you want during the scan and I will do my best to answer.

Use the Kaspersky Online Scanner

Click Accept.
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Extended
Scan Options:
Scan Archives
Scan Mail Bases

[/list]

Click OK & have it scan My Computer

When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As...

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Please copy and paste the Kaspersky Online Scanner Report in your next post.

bluecountry · « **Reply #22 on:** June 09, 2008, 11:34:49 PM »

I'll stick to this for now...one topic at a time.

I think I did a complete scan.
There was a settings button at the bottom...not a scan settings.
It had the archives and mail bases all checked.
I then clicked on scan and it lasted almost an hour...so I assume the whole thing worked?

The report is attached.

[Saving space - attachment deleted by admin]

evilfantasy · « **Reply #23 on:** June 10, 2008, 12:02:08 AM »

Yes the scan can take well over an hour sometimes. The good news is it came back clean.

bluecountry · « **Reply #24 on:** June 10, 2008, 11:05:32 PM »

OK...now...several questions

1) What is next?
-Since the scan came back clean...is my Computer fine?
-What about the SAS error I have been getting and other discussed issues?
Are they still problems...if so what is the solution?

2) Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec?
-A Firewall?
-MalwareBytes free edition...will that suffice?
-SAS...and if so what about the errors?
-Security monitor - WinPatrol 2008
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster.

3)

Quote

(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?

I don't know...how can I tell?

evilfantasy · « **Reply #25 on:** June 11, 2008, 11:14:01 AM »

Quote

1) What is next?
-Since the scan came back clean...is my Computer fine?
-What about the SAS error I have been getting and other discussed issues?
Are they still problems...if so what is the solution?

Your PC is free of malware as far as I can tell. Is it fine is another question.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

----------

2) Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec? < Definitely!!
-A Firewall? < Comodo < CLick
-MalwareBytes free edition...will that suffice? < Run it again and be sure it removes what is found. It is also good to keep and run now and then to make sure nothing has crept in.
-SAS...and if so what about the errors? < Highly recommended along with MalwareBytes, alternate their use. If you are still getting errors go to the http://forums.superantispyware.com/index.php forums and ask there. They are a good bunch and always willing to help.
-Security monitor - WinPatrol 2008 < Definitely.
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster. < Definitely.

Those are all good, low resource tools that will help you keep the PC malware free. Remember no antivirus, firewall or antispyware will block everything all of the time. Good, safe surfing habits play a huge role as well.

Quote

3)
Quote
(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?
I don't know...how can I tell?

Re run MBAM.

bluecountry · « **Reply #26 on:** June 12, 2008, 02:43:18 PM »

Quote

1) Do you have an XP CD?

I have windows XP service pack 2 CD....is that it?

Quote

2) Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec? < Definitely!!
-A Firewall? < Comodo < CLick
-MalwareBytes free edition...will that suffice? < Run it again and be sure it removes what is found. It is also good to keep and run now and then to make sure nothing has crept in.
-SAS...and if so what about the errors? < Highly recommended along with MalwareBytes, alternate their use. If you are still getting errors go to the http://forums.superantispyware.com/index.php forums and ask there. They are a good bunch and always willing to help.
-Security monitor - WinPatrol 2008 < Definitely.
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster. < Definitely.

Those are all good, low resource tools that will help you keep the PC malware free. Remember no antivirus, firewall or antispyware will block everything all of the time. Good, safe surfing habits play a huge role as well.

I think we're starting to go above my head.
-I downloaded Avast....and I'm not sure how to configure.
I thought this would be something I would run manually when I wanted to know....not something which would start up when my computer went on.
When I turn the computer on...it starts...it tells me symnatec is on and thus incompatabile...while having an icon in the taskbar.
Is this the way it works....or can I have it inactive until I choose to scan?
Which is reccomended and fine?

I also downloaded Comodo firewall...this thing is annoying as it keeps asking me about any task if I want it to run...and it installed a toolbar on my mozilla browser...which I don't want.
-Do I really need this...I just uninstalled it.

What other programs do I really need...or am I fine with CCleaner/Symnatec/Avast (if configuered as I want it)/and MalwareBytes?

The less...the better...but I want to it right.

Also...the computer is running slower since downloaded....why?

Quote

3)
Quote
(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?
I don't know...how can I tell?

Re run MBAM.
[/quote]
-I checked MBAM....it had 11 files in quarantine..all of which had the adwarealert directory...thus did it do it's task and is this version fine?

Thanks.

evilfantasy · « **Reply #27 on:** June 12, 2008, 03:01:21 PM »

Quote

I have windows XP service pack 2 CD....is that it?

Yes thats it

Quote

I thought this would be something I would run manually when I wanted to know....not something which would start up when my computer went on.

Thats the only way for it to be effective. You can't choose when a virus will try to install...

Quote

it tells me symnatec

You need to uninstall Symantec.

Run this tool http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Quote

I also downloaded Comodo firewall

If you do any online banking you need it. If not then uninstalling it is fine. with firewalls you have to "train" them at first. Allow what you want and it will stop alerting you.

Quote

What other programs do I really need

http://www.filehippo.com/download_winpatrol/

Quote

Also...the computer is running slower since downloaded....why?

Uninstalling Symantec/Norton should help.

Quote

I checked MBAM....it had 11 files in quarantine

Good. Sounds like it worked.

bluecountry · « **Reply #28 on:** June 17, 2008, 10:30:53 PM »

So

1)
CCleaner
Avast
Winpatrol
Comodo
Malwarebytes
SAS

if I get all those...plus use the XP pack...that is all you recommend...and I should be good?

2)
Avast should replace Symnatec...it's better?

Thanks.

evilfantasy · « **Reply #29 on:** June 17, 2008, 10:42:01 PM »

Quote from: bluecountry on June 17, 2008, 10:30:53 PM

So

1)
CCleaner
Avast
Winpatrol
Comodo
Malwarebytes
SAS

if I get all those...plus use the XP pack...that is all you recommend...and I should be good?

Yes you will have a good mix of layered protection. Remember no security setup is bulletproof. Use disgression when on the web.

Quote from: bluecountry on June 17, 2008, 10:30:53 PM

2)
Avast should replace Symnatec...it's better?

Thanks.

Avast in my (and many others) opinion is much better then Symantec.

bluecountry · « **Reply #30 on:** June 18, 2008, 12:18:08 PM »

Before I go any further.......

I tried to remove symnatec.
I uninstalled....then used the link you gave me.

I have run it several times...and restarted the computer after each one...yet when I have restarted...I click the removal tool and keep getting told to remove the same programs which I just thought I deleted.

What is going on?
Have I deleted them...and can I remove the removal tool...and if not...what then?

Thanks.

evilfantasy · « **Reply #31 on:** June 19, 2008, 12:41:33 PM »

Can you list the files it is saying it removes.

Have you tried running it in Safe Mode?

bluecountry · « **Reply #32 on:** June 19, 2008, 07:36:02 PM »

1) Files
Norton Anti-Spam 2004 and 2005
Norton Anti-Virus 2003-2008
Norton Ghost 10, 12, and 14
Norton Go Back 3.1 through 4.2
Norton Internet Security 2003 through 2008
Norton Password Manager
Norton Personal Firewall 2003 through 2006
Norton SystemWorks 2003 through 2008
Norton Confidental Online 2007
Norton Internet Security Add on Pack 1.0-2.1
Norton Save and Restore 1.0 through 2.0
Norton 360 1.0 through 2.0

-After I go through and try to delete...it tells me to turn on Windows Firewall if disabled
a. Don't know if the firewall is on
b. don't know how to turn on the firewall
-Then ie pops up with a page attempting to load, connect...but with no address
-I restart...try again and the same programs are there on the removal

2) No

evilfantasy · « **Reply #33 on:** June 19, 2008, 07:57:52 PM »

Try running it in safe mode.

How to turn on or turn off the firewall[url]

bluecountry · « **Reply #34 on:** June 19, 2008, 09:20:40 PM »

Did....no change.

This is very frustrating...we've been on this thread for weeks...I'm trying to configure my Computer...and this nonsense keeps coming up.
I'd like once and for all to get this straight instead of playing the run aound...what the heck is so complicated about removing a program?

I said remove...I downloaded the tool...so why is it repeating the SAME MESSAGE?

??

evilfantasy · « **Reply #35 on:** June 19, 2008, 09:28:10 PM »

We'll get rid of it. It's going to take bruit force but we'll get it.

Check in add remove programs for these and uninstall them if found:

LiveUpdate 2.6 (Symantec Corporation)
Symantec AntiVirus

Download Registry Search
(see the link titled RegSearch Download Link)

Extract the files from Regsearch.zip into a folder.
Doubleclick regsearch.exe to start the program.
Enter Symantec in the top area of the form and then click "OK".
Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
Add the contents of the Notepad file to your next reply.

----------

Now run Regsearch again to look for Norton

Post both logs.

bluecountry · « **Reply #36 on:** June 20, 2008, 08:04:20 PM »

1) Is it this hard to remove all anti-virus programs...or just symnatec?
-Is this why you recommended I use something else?

2) Add/Remove had none of those programs listed.

3) Logs attached.
First is symnatec
Second is norton

[recovering disk space -- attachment deleted by admin]

evilfantasy · « **Reply #37 on:** June 21, 2008, 11:09:24 AM »

Yes this is one reason Norton is disliked. Nothing should be this hard to get rid of.

Copy the blue text below to notepad. Save it as fixME.reg to your desktop.
Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1]
"command"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE]
"00000000000000000000000000000000"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"(App)Symantec AntiVirus"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]

How is everything now?

bluecountry · « **Reply #38 on:** June 21, 2008, 09:15:47 PM »

I followed your instructions.

When I double clicked...I was told:

Cannot import C:\Documents and Settings\Trent Berger\Desktop\fixME.reg.

The specified file is not a registry script.
You can only import binary registry files from within the registry editor.

evilfantasy · « **Reply #39 on:** June 22, 2008, 12:37:42 AM »

Did you save it in Notepad? Also make sure Save as type: is saved as All Files.

bluecountry · « **Reply #40 on:** June 23, 2008, 07:41:10 PM »

yes...I did...now what?
How much longer till this is fixed?

evilfantasy · « **Reply #41 on:** June 23, 2008, 09:53:45 PM »

Try right clicking it and selecting Merge.

bluecountry · « **Reply #42 on:** June 24, 2008, 09:58:43 PM »

Just did...got the same message.

evilfantasy · « **Reply #43 on:** June 24, 2008, 10:05:03 PM »

Now download The Avenger by Swandog46 and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Do not change any check box options!!
Copy the blue text below, and paste it into the Input script here window:

Comment:

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\(App)Symantec AntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo

Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now click the Execute button.
Click Yes to the prompt to confirm you want to execute.
Click Yes to the Reboot now? question that will appear when Avenger finishes running.
Your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Add the Avenger log in your next post.

bluecountry · « **Reply #44 on:** June 24, 2008, 11:01:50 PM »

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jun 25 00:36:33 2008

00:36:16: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\(App)Symantec AntiVirus"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

evilfantasy · « **Reply #45 on:** June 24, 2008, 11:07:09 PM »

It only deleted one entry. You are going to have to go in and manually delete the keys.

It is important to backup the Registry before we make any changes so that we have a fresh copy in case of mistakes.
Click on Start then Run and copy the following code into the command line.

Code: [Select]

regedit /e C:\BackupReg1.reg
Click the OK button or press the Enter key. This will save a copy of the Registry to a file (C:\BackupReg1.reg) on your local hard drive.

Now go to Start > Run > type regedit and click OK

Locate the below Registry keys (in bold) and delete them.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\(App)Symantec AntiVirus

bluecountry · « **Reply #46 on:** June 24, 2008, 11:41:22 PM »

I'm sorry but I can't find the exact matches of the first and last four...is this really neccessary?

evilfantasy · « **Reply #47 on:** June 24, 2008, 11:43:40 PM »

If they aren't there then no it isn't necessary.

Delete The Avenger and anything else we have created.

How is everything now?

bluecountry · « **Reply #48 on:** June 25, 2008, 11:55:44 AM »

Terrible.

I just tried to start the computer...the opening windows prompt came on...after that...a blank screen.

I rebooted....same thing.

This is a labtop...it has three green lights on the front panel.
The far left is on...the middle is very dim....and the far right is off aside from an occasional short blink.

I am very concerned....and worried...perhaps I deleted the wrong key?
Battery problem?
Seems weird this would happen after last night.

evilfantasy · « **Reply #49 on:** June 25, 2008, 01:31:06 PM »

Actually I think the problem is something other than malware. There is too much weird stuff going on.

Do you have or can you get an XP CD? If not then I suggest you take
it to someone who can fix it.

bluecountry · « **Reply #50 on:** June 25, 2008, 02:09:36 PM »

Does the CD I mentioned a few posts earlier qualify?

evilfantasy · « **Reply #51 on:** June 25, 2008, 02:15:27 PM »

Yes, put that in and restart the PC then do a repair install

bluecountry · « **Reply #52 on:** June 25, 2008, 07:49:17 PM »

I'm a little confused...since I can not access windows due to the screen...is this fixable without a loss of all my data?

evilfantasy · « **Reply #53 on:** June 25, 2008, 07:52:25 PM »

Using the repair install install method you will not loose any information.

bluecountry · « **Reply #54 on:** June 25, 2008, 08:01:42 PM »

I just put in the XP CD.
Started the CPU...I quickly saw the screen flash DELL before going black.
Nothing.

I then went to how to access bios...I have an inspiron.
I hit F2...NOTHING.

You know I'm really mad...we've been at this for two weeks...I follow advice given last night...and now my CPU is worse than ever.
I'd really appreciate step by step help in getting me out of this jam which was created in the last 24 hours.

What do I do...step by step for my model to get the screen NOT BLANK.

bluecountry · « **Reply #55 on:** June 25, 2008, 08:24:29 PM »

HELPPPPPPPPPPPPPP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

evilfantasy · « **Reply #56 on:** June 25, 2008, 08:29:42 PM »

Take it to a repair shop. I have never had as many problems as I have with this one PC and am confident the reason is because there are more than just malware problems. It needs to be looked at by someone with the experience and tools to fix it.

The more suggestions I give the worse things seem to get and you then accuse me of messing up the PC, waiting 2 and 3 days in between accusations at that.

Take it to a repair shop.

bluecountry · « **Reply #57 on:** June 25, 2008, 08:47:57 PM »

Dude...I'd rather get it operating stop-gap now until school starts and I can have it examined for free.

I can't afford the cost...and since I am no computer expert....it would be very hard for to accurately convey the problem with my PC given all the complex steps we've done.

So...what can you offer to get it so I can at least use the computer?

Thanks.

evilfantasy · « **Reply #58 on:** June 25, 2008, 08:53:44 PM »

Try going to the Windows forum and explaining what is happening. There are some good helpers in that forum who may have some ideas.

bluecountry · « **Reply #59 on:** June 25, 2008, 08:56:37 PM »

Evil...you're familiar with my CPU and OS....it's extremely difficult at this stage to go over for a 2nd opinion.

I think it'd be best to work with to get thing working right.

I do not understand how the CPU...after I deleted the 2nd key listed last night....all of the sudden has a blank screen.

I have the service pack 2 CD....can you work with me to get the screen unblank?

evilfantasy · « **Reply #60 on:** June 25, 2008, 08:59:00 PM »

All I know to do is the repair install. If that isn't working then we need someone else to give some input and having them read these 4 pages is useless as what needs to be done is get it booted to Windows.

bluecountry · « **Reply #61 on:** June 25, 2008, 09:00:45 PM »

And now it gets weirder.

I had my CPU unplugged from the power cord..but on...for the last hour.

I just went to it...what do you know the screen saver is on.
I move the mouse....and I have a screen that is not blank...I can see my desktop.
I connect the power cord...it goes blank...I unconnect...still blank.

bluecountry · « **Reply #62 on:** June 25, 2008, 09:01:47 PM »

Is a repair install possible or impossible given the circum?

evilfantasy · « **Reply #63 on:** June 25, 2008, 09:04:44 PM »

Like I said I am 99.99% sure this is something other then what we have been looking for. "Something" is going on and it needs to be looked at by someone with tools. Or try the windows forum. It may just be a bad power supply.

bluecountry · « **Reply #64 on:** June 25, 2008, 10:15:23 PM »

If it's a bad power supply...what would I do in that case?

evilfantasy · « **Reply #65 on:** June 25, 2008, 10:21:18 PM »

It depends on if it is the power cord or if it's something inside of the computer. Sorry not trying to be difficult, just when I get outside of malware issues I'm a bit lost myself. I'll see if someone is online to have them have a look at this post for some better input.

Carbon Dudeoxide · « **Reply #66 on:** June 25, 2008, 11:32:17 PM »

I have been summoned!

Is this a Laptop or a Desktop computer?

If you think it's a bad PSU (Power Supply Unit), is there any way you might be able to borrow one from a friend and see if it works or not.

However, it might not be a problem with the PSU.

Quote from: bluecountry on June 25, 2008, 09:00:45 PM

And now it gets weirder.

I had my CPU unplugged from the power cord..but on...for the last hour.

I just went to it...what do you know the screen saver is on.
I move the mouse....and I have a screen that is not blank...I can see my desktop.
I connect the power cord...it goes blank...I unconnect...still blank.

Do you mean to say you unplugged the computer and it was still on?

evilfantasy · « **Reply #67 on:** June 25, 2008, 11:39:26 PM »

@ Carbon Dudeoxide >>>>

Carbon Dudeoxide · « **Reply #68 on:** June 25, 2008, 11:48:04 PM »

Quote from: evilfantasy on June 25, 2008, 11:39:26 PM

@ Carbon Dudeoxide >>>>

Just trying to help.

I still don't see how the computer can remain on if you unplug it...

evilfantasy · « **Reply #69 on:** June 25, 2008, 11:51:10 PM »

Whoops!!! It's a lappy. Which is another reason I suggested taking it to a shop as they will have the proper tools needed...

Quote from: bluecountry on June 25, 2008, 11:55:44 AM

I just tried to start the computer...the opening windows prompt came on...after that...a blank screen.

I rebooted....same thing.

This is a laptop...it has three green lights on the front panel.
The far left is on...the middle is very dim....and the far right is off aside from an occasional short blink.

I am very concerned....and worried...perhaps I deleted the wrong key?
Battery problem?
Seems weird this would happen after last night.

Carbon Dudeoxide · « **Reply #70 on:** June 26, 2008, 12:12:12 AM »

Ah....That's a problem......I did a search in this post for the word...

Anything else about the apperance of the blank screen?

evilfantasy · « **Reply #71 on:** June 26, 2008, 12:14:55 AM »

Nope that's it. It seems like everything we did, despite the 5 pages wasn't much actually, just made things worse!

Carbon Dudeoxide · « **Reply #72 on:** June 26, 2008, 12:50:54 AM »

Just an idea (maybe because I haven't read all the four pages) but, if the screen is dark but you can still see something if you hold a light to it, the screen inverter may be damaged.

Dias de verano · « **Reply #73 on:** June 26, 2008, 12:22:50 PM »

I wish bluecountry would STOP calling his computer a "CPU".

bluecountry · « **Reply #74 on:** June 26, 2008, 03:14:14 PM »

Thanks crew.

First, my computer is a labtop.

Second, I saw the screen when I unplugged the power cord, having it run on battery.

Third, I just turned on my computer. I saw the screen.....then it went blank.
So I did your suggestion...I took my desklamp and shined it to the black screen and guess what.....I saw the screen...the windows...the desktop...but faintly...hardly enough to do work on there...but enough to see.

What do you think the issue and resolution is?

Dias de verano · « **Reply #75 on:** June 26, 2008, 03:29:47 PM »

Quote from: bluecountry on June 26, 2008, 03:14:14 PM

So I did your suggestion...I took my desklamp and shined it to the black screen and guess what.....I saw the screen...the windows...the desktop...but faintly...hardly enough to do work on there...but enough to see.

What do you think the issue and resolution is?

The issue that is you have a display problem. The LCD screen is working but the backlight is not shining. It may be the lamp tube or possibly the circuit that drives it. You need to take your laptop to a repair shop.

Carbon Dudeoxide · « **Reply #76 on:** June 26, 2008, 04:44:59 PM »

Quote

It may be the lamp tube or possibly the circuit that drives it.

Screen Inverter.

These things can be replaced but they can get a bit pricey.

bluecountry · « **Reply #77 on:** June 26, 2008, 04:46:51 PM »

Thanks.

Would this have occured independent of what evilfantasy was helping me with...and how much dough are we talking?

Carbon Dudeoxide · « **Reply #78 on:** June 26, 2008, 06:49:11 PM »

A screen inverter can be as much as $5 USD to maybe $40 USD (from what I have heard) but I cannot 100% garuntee it is the Screen Inverter but I think it is.

Also, I don't think Evilfantasy contributed to this problem. Sometimes it just fails without warning.

evilfantasy · « **Reply #79 on:** June 26, 2008, 09:04:07 PM »

Agreed. I had a video card go out a few months back. The symptoms leading up to it were puzzling to say the least. Without taking it to someone who had the proper tools to check for problems I could have never figured it out on my own

It sucks I know but sometimes a professional (licensed) repair shop is the easiest and safest rout to take.

bluecountry · « **Reply #80 on:** June 26, 2008, 10:21:14 PM »

I wasn't suggesting in my last post that evil was to blame.

Rather...I am wondering....is the screen problem likely related to what evil was trying to help me with in these 5+ pages...OR is this a seperate problem...meaning once fixed I still have more work?

How can I find a repair shop...never done this before.

Dias de verano · « **Reply #81 on:** June 27, 2008, 12:22:31 AM »

Quote from: Carbon Dudeoxide on June 26, 2008, 04:44:59 PM

Quote
It may be the lamp tube or possibly the circuit that drives it.
Screen Inverter.

These things can be replaced but they can get a bit pricey.

There's no need to get all sarcastic with the rolling-eyes emoticon because, for the benefit of clarity, I used a non-technical term to describe the possible fault. I knew what I was doing when I wrote that. Unlss you know what an inverter does (do you?) there is no point in using the term.

Carbon Dudeoxide · « **Reply #82 on:** June 27, 2008, 03:15:33 AM »

Quote from: bluecountry on June 26, 2008, 10:21:14 PM

Rather...I am wondering....is the screen problem likely related to what evil was trying to help me with in these 5+ pages...OR is this a seperate problem...meaning once fixed I still have more work?

I doubt it. You were working on an Inside-Windows problem and this is most likely a hardware issue.
Oh Dias, didn't say your description was bad. I meant no offense....

Quote from: bluecountry on June 26, 2008, 10:21:14 PM

How can I find a repair shop...never done this before.

You should be able to drop it off at any Computer Store and ask them to take a look at it (preferably a well-known shop with good reviews).

Dias de verano · « **Reply #83 on:** June 27, 2008, 09:58:28 AM »

Quote from: Carbon Dudeoxide on June 27, 2008, 03:15:33 AM

Oh Dias, didn't say your description was bad. I meant no offense....

LIsten, Carbo, I'm the guy who rolls his eyes around here, OK?

Carbon Dudeoxide · « **Reply #84 on:** June 27, 2008, 10:26:31 AM »

Quote from: Dias de verano on June 27, 2008, 09:58:28 AM

Quote from: Carbon Dudeoxide on June 27, 2008, 03:15:33 AM

Oh Dias, didn't say your description was bad. I meant no offense....

LIsten, Carbo, I'm the guy who rolls his eyes around here, OK?

bluecountry · « **Reply #85 on:** June 29, 2008, 06:43:56 PM »

Would BestBuy GeekSquad be good...if not..any other ideas on places or where to search?

stevejohnson1958 · « **Reply #86 on:** June 29, 2008, 06:52:27 PM »

Why not try eBay? You're bound to get the part cheap there...if you have the ability to replace it yourself.

LCD Inverter board for Dell Inspiron 5150

bluecountry · « **Reply #87 on:** June 30, 2008, 02:01:54 AM »

I have no clue how to and if this even is the problem...just wondering if bestbuy geeksquad is any good or a rip.

bluecountry · « **Reply #88 on:** July 09, 2008, 08:13:54 PM »

Thanks guys for your help.
You properly diagnosed the problem.

I am up and running!
I went ahead and purchased a warranty from Dell and got it repaired...it would have cost 400 bucks otherwise!

Carbon Dudeoxide · « **Reply #89 on:** July 09, 2008, 08:15:34 PM »

Was it the Screen Inverter?

Computer Hope Forum

News:

Author Topic: HiJack Log (Read 40198 times)

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

evilfantasy

evilfantasy

skyblue

bluecountry

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

evilfantasy

bluecountry

bluecountry

evilfantasy

bluecountry

evilfantasy

Carbon Dudeoxide

evilfantasy

Carbon Dudeoxide

evilfantasy

Carbon Dudeoxide

evilfantasy

Carbon Dudeoxide

Dias de verano