• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gramsay007

Service Pack 2. PC wont boot. In Loop with Blue Screen

20 posts in this topic

Hello,

 

I am trouble-shooting someones PC who had a major virus problem.

 

Dell Dimension 4550

 

Windows XP - Home Edition

 

Service Pack 1

 

256 MB - RAM

 

Their virus was so bad, that Task Manager, "run/cmd", programs would crash.

 

I used System Restore to roll back to a date in October.

 

That seemed to work as the PC had no symptoms of a virus.

 

I decided to do Microsoft Updates which included Service Pack 2.

 

The download/installation of Service Pack 2, seemed to have froze and did not

 

complete.

 

 

 

Now the PC, wont boot.

 

The PC will power-up and after the Windows Splash-screen there is blue-screen

 

that displays briefly and mentions:

 

PAGE FAULT.

 

 

 

The PC, wont boot in all modes of Safe Mode.

 

I have a boot floppy for Windows 98-SE, but that doesnt seem to help.

 

 

 

Any suggestions, will be appreciated.

 

 

 

Peace,

 

GR :cool:

Edited by gramsay007

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

No the PC, wont boot.

 

The PC will power-up and after the Windows Splash-screen there is blue-screen

 

that displays briefly and mentions:

 

PAGE FAULT.

 

Please post the complete information about the Page Fault.

 

Some example of Page Fault.

http://aumha.org/a/stop.htm

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

 

[Reopened] Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites

Hello,

 

Please reopen topic:

 

Service Pack 2. PC wont boot. In Loop with Blue Screen

 

 

 

I have more details.

 

 

 

http://www.spywarein...howtopic=126693

 

 

 

This problem occurred after removing Viruses, then

 

installing updates, including Service Pack-2.

 

The updates process did not complete and PC wont boot.

 

 

 

 

Dell Dimension 4550 / Windows XP Home Edition Service Pack 1

 

PC will not boot at all.

 

Safe Mode (stops at agp440.sys) and all other modes dont work.

 

A Blue Screen flashes for a second and wont boot .....

 

 

 

 

 

PAGE_FAULT_IN_NONPAGED_AREA

 

 

 

 

STOP:0x00000050:

 

 

 

 

 

I have since tried the DELL Restoration CD.

 

* Select R for Repair

 

* chkdsk /r - stage #4 there were lots of bad clusters

 

* fixboot

 

PC still wont boot.

 

 

 

 

Remove 60GB drive from Dell Dimension 4550

 

* place in Dell Optiplex GX240 / Windows XP Pro as a slave drive

 

* boot GX240 ok.

 

* able to access and read 60GB drive

 

* execute disk cleanup ... McAfee antivirus on GX240 detected Trojan Virus.

 

 

 

 

Place 60GB drive into GX240 as Master drive

 

* 60GB drive does not boot

 

* still has:

 

PAGE_FAULT_IN_NONPAGED_AREA / STOP:0x00000050:

 

* Safe Mode still halts at agp440.sys and does not boot

 

 

 

 

Decide to BackUp 60GB data:

 

-Documents and Settings

 

-Programs

 

 

 

* place in Dell Optiplex GX240 / Windows XP Pro as a slave drive

 

* Copy D:\Documents and Settings to GX240:C\

 

* Copy D:\Documents and Settings to CD drive [2 CDs]

 

* Execute Windows Easy Transfer

 

D:\Documents and Settings to CD drive

 

 

* Copy D:\Program Files to CD

 

 

 

 

At this point 60GB data has been backed up.

 

 

 

 

Next step is an elegant way to boot the 60Gb drive in the DELL 4550,

 

without the loss of data and not reinstall XP.

 

(Note: Two(2) calls were placed to Dell Technical Support. Their best solution was to Reinstall XP w/ Restoration CD ...... Or escalate this problem to their .. "Fee based" Tech Support)

 

 

Any suggestions are appreciated.

 

 

(Should this post be under : PC Troubleshooting ??)

 

 

Peace,

 

GR :cool:

Edited by gramsay007

Share this post


Link to post
Share on other sites

Hi,

 

Can you submit a fresh HijackThis for my review?

 

Please download and install the latest version of HijackThis v2.0.2:

 

CLICK HERE to download the HijackThis Installer:

  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Delete the older version once you have successfully downloaded and installed the latest version.

Share this post


Link to post
Share on other sites

Hi,

 

Can you submit a fresh HijackThis for my review?

 

Please download and install the latest version of HijackThis v2.0.2:

 

CLICK HERE to download the HijackThis Installer:

  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Delete the older version once you have successfully downloaded and installed the latest version.

Hello nasdaq,

 

 

Thanks for your reply.

 

HijackThis wont work since the PC - Dell Dimension 4550 will not boot in any modes, including Safe Mode.

 

I can only access the 60GB drive of Dell Dimens if I mount it as a slave in another PC.

 

I can access the 60GB drive as expected.

 

So far I have backed up:

 

60GB: 

 

D:\Documents and Settings 

 

D:\Programs

 

 

 

 

Is there a way to execute HiJackThis on the mounted 60GB drive ?

 

My concern is, Is there an elegant way to get the Dell Dimension 4550 (w/60GB) to boot ?

 

Peace,

 

GR   :cool:

Share this post


Link to post
Share on other sites

I suggest you contact Dell and get a boot disk.

Share this post


Link to post
Share on other sites

I suggest you contact Dell and get a boot disk.

Hello nasdaq,

 

 

Thanks for your reply.I now have a Dell Reinstallation CD

 

 

 

Earlier I posted this:

 

 

"I have since tried the DELL Restoration CD.

 

* Select R for Repair

 

* chkdsk /r - stage #4 there were lots of bad clusters

 

* fixboot

 

PC still wont boot."

 

 

I have called Dell twice.

 

Since fixboot did not work their response was to re-install XP which means loosing data and programs.

 

I don't want to do that now.

 

That would be the last case scenario.

 

Dell's other response was to escalate my issue to their .. "Fee-based" Tech Support.

 

I'm trying to find an elegant way to get the Dell Dimension 4550 (w/60GB) to boot ?

 

 

Peace,

 

GR :cool:

Edited by gramsay007

Share this post


Link to post
Share on other sites

If you can get to the Recovery console with the Dell CD try this.

 

XP: Repair or fix master boot record using recovery console

http://www.tech-recipes.com/rx/483/xp_repair_fix_master_boot_record_recovery_console/

 

If that fails to fix the Master Boot Record and Dell is not able to help you can try this if you wish.

Not sure if it will work. In any event you are not able to do anything now.

 

Tutorial for Avira Rescue CD

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Share this post


Link to post
Share on other sites

If you can get to the Recovery console with the Dell CD try this.

 

XP: Repair or fix master boot record using recovery console

http://www.tech-reci...covery_console/

 

If that fails to fix the Master Boot Record and Dell is not able to help you can try this if you wish.

Not sure if it will work. In any event you are not able to do anything now.

 

Tutorial for Avira Rescue CD

http://forum.avira.c...&threadID=82163

Hello,

 

 

Here is an update.

 

I tried the Avira Rescue CD which helped a bit but did not fix everything.

 

I used the DELL Restoration CD and selected "Upgrade".

 

That helped a lot and was able to retain user data and profile settings.

 

The latest problem is the virus that caused this issue in the first place:

 

  • Internet Security-2010

I used MBAM and HJT to try to remove that virus.

 

I have made some progress.

 

I now have:

 

  • Spyware Alert - Worm.win32.netdky
  • svchost.exe - Bad Image - C:\windows\system32\helper32.dll
  • PDP RPC Server Window: LMPDPSRV.exe - Bad Image

Here is the latest HJT log:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:10 PM, on 1/28/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\McAfee.com\MPS\mscifapp.exe

C:\WINDOWS\system32\smss32.exe

C:\Program Files\Lexmark X125\LEX125SU.exe

C:\HJT\HiJackThis 2_0_2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 6657 bytes

 

 

 

-----------------------------------------

 

Peace,

 

GR   :cool:

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Nice work.

 

 

Download LSPfix

Unzip the file to a folder on your desktop.

Double-click to run

Select: (Advanced) "I know what I'm doing"

Select: helper32.dll (left pane)

Click the right arrow to bring it to REMOVE (right pane).

Then click the FINISH button. Restart your computer.

 

On restart Open Windows Explorer, locate and delete:

 

C:\WINDOWS\system32\\helper32.dll <--this file

 

 

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete these files in bold.

C:\WINDOWS\system32\winlogon32.exe

C:\WINDOWS\system32\smss32.exe

 

Restart the computer again.

===

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

 

Post back with the Malwarebytes Anti-Malware log once it's complete.

===

 

Please run this security check for my review.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Include a fresh HijackThis and the MBAM logs.

 

Let me know what problem persists.

 

p.s.

Please when replying use this post-10-126012383895.gifAdd Reply button. I do not need to see my previous instructions.

Share this post


Link to post
Share on other sites

Hello nasdaq,

 

Thanks for your help.

 

Here are the requested logs:

 

  • Malwarebytes Anti-Malware log

 

Malwarebytes' Anti-Malware 1.44

Database version: 3667

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180 1/31/2010 10:43:50 AM

mbam-log-2010-01-31 (10-43-50).txt

 

Scan type: Quick Scan

Objects scanned: 168830

Time elapsed: 11 minute(s), 59 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\SYSTEM32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

----------------------------------------------------------------------------------------------------------

 

 

  • checkup.txt

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

``````````````````````````````

Anti-malware/Other Utilities Check:

Yahoo! Anti-Spy

HijackThis 2.0.2

CCleaner

Adobe Flash Player 10

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

 

----------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58:44 AM, on 1/31/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program Files\Lexmark X125\LEX125SU.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton Security

 

Suite\Engine\3.5.2.11\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program

 

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Norton Security

 

Suite\Engine\3.5.2.11\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HiJackThis 2_0_2.exe

 

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Start Page = http://www.att.net/

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Search Bar =

 

http://red.clientapp.../ie/defaults/sb

 

/ymsgr/*http://www.yahoo.com/ext/search/search.html

R1 -

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

 

Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: Yahoo! Toolbar -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper -

 

{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: X1IEHook Class -

 

{52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program

 

Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: Symantec NCO BHO -

 

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program

 

Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention -

 

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program

 

Files\Norton Security Suite\Engine\3.5.2.11\IPSBHO.DLL

O2 - BHO: SingleInstance Class -

 

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dl

 

l

O3 - Toolbar: ZeroBar -

 

{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program

 

Files\NetZero\toolbar.dll

O3 - Toolbar: Yahoo! Toolbar -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Norton Toolbar -

 

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

 

Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O4 - HKLM\..\Run: [LMPDPSRV]

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM

 

XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Lexmark X125 Settings Utility.lnk =

 

C:\Program Files\Lexmark X125\LEX125SU.exe

O8 - Extra context menu item: Display All Images with

 

Full Quality - res://C:\Program

 

Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full

 

Quality - res://C:\Program

 

Files\NetZero\qsacc\appres.dll/227

O9 - Extra button: Messenger -

 

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

 

Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

 

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

 

Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Real.com -

 

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

 

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

 

(YInstStarter Class) -

 

http://us.dl1.yimg.c.../dl/installs/yi

 

nst20040510.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}

 

(YahooYMailTo Class) -

 

http://us.dl1.yimg.c.../dl/installs/ys

 

e/ymmapi_416.dll

O18 - Protocol: symres -

 

{AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program

 

Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O20 - Winlogon Notify: GoToAssist - C:\Program

 

Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL

 

LLC - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

O23 - Service: GoToAssist - Citrix Online, a division of

 

Citrix Systems, Inc. - C:\Program

 

Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: McciCMService - Motive Communications,

 

Inc. - C:\Program Files\Common

 

Files\Motive\McciCMService.exe

O23 - Service: Norton Security Suite (N360) - Symantec

 

Corporation - C:\Program Files\Norton Security

 

Suite\Engine\3.5.2.11\ccSvcHst.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation

 

- C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: WAN Miniport (ATW) Service

 

(WANMiniportService) - America Online, Inc. -

 

C:\WINDOWS\wanmpsvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo!

 

Inc. - C:\Program

 

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 5439 bytes

----------------------------------------------------------------------------------------------------

 

The PC is much more stable now.

 

Just want to remove viruses before I install MS Updates.

 

Peace,

GR

Share this post


Link to post
Share on other sites

ADOBE - Reader and Flash Players vulnerabilities.

 

Visit Link to ADOBE and download the latest version of Acrobat Reader.

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions.

I suggest you install version 9.3

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4607

 

===

 

Security updates available for Adobe Flash Player.

http://www.adobe.com/support/security/bulletins/apsb09-19.html

 

Adobe recommends all users of Adobe Flash Player 10.0.32.18 and earlier versions upgrade to the newest version 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted...

Adobe Flash Player version 10.0.42.34

http://get.adobe.com/flashplayer/

===

 

Please submit a fresh HijackThis log.

p.s.

Before you post your log remove the Word Wrap function from NotePad. You will find the setting under the Format menu.

This will eliminate the additional blank lines on your HijackThis log and make it easier to anyalyze.

Share this post


Link to post
Share on other sites

Hello nasdaq,

 

Thanks for your help.

 

ADOBE - Reader and Flash Players were updated.

 

Here is the latest HiJackThis Log:

 

---------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:58 PM, on 2/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lexmark X125\LEX125SU.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HiJackThis 2_0_2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.5.2.11\IPSBHO.DLL

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.5.2.11\coIEPlg.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 5552 bytes

 

-------------------------------------------------

 

Thanks ...

 

Peace,

GR

Share this post


Link to post
Share on other sites

Hello nasdaq,

 

Thats great to hear.

 

 

 

 

This was the most challenging PC problem I've

 

ever had.

 

 

 

 

My friend will be happy.

 

 

 

 

Peace,

 

GR   :cool:

Share this post


Link to post
Share on other sites

Hello nasdaq,

 

Thats great to hear.

 

This was the most challenging PC problem I've ever had.

 

My friend will be happy.

 

Peace,

 

GR   :cool:

 

Dell Dimension 4550 PC problem has been resolved !

 

Thanks !

 

Peace,

 

GR   :cool:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0