G........
I have tried many ways and times to get the log pasted this message........
I am going to try to paste the digital images of it saved on my flashdrive with another system......
My system, after pressing 'copy' and then going to 'paste' results in nothing happening........
Give me a few minutes please..........m.

G, H83, QM7.........
I was able to post the digital images of the HJT log to the link provided by G.......
or the results of the scan.......
You'll have to play around with these by zooming of course, but if I was able to do it,
I'm sure you can too.........thanks again........m.

THe file is created only if you save it. Pressing scan does not create the file.

Unfortunately the image is not the whole log. I reduced the image and posted it as an attachment. What happens when you click on the save log button..does the log open in notepad? If so can you save that notepad to your usb key and paste it from another computer.

This almost feels like the rpc service is not running. That can cause a lot of system instability such as programs not running and copy and paste not working.

Correct me if im wrong, but you cant open the task manager? If you can do you have the file->run option? If so, click on File->run and type services.msc in the open field and then press ok.

When the services control panel opens scroll down to the Remote Procedure Call (RPC) service and make sure it is started. If it is you will see started to the right of it under the status column.

maxx said task manager would not open. I also had him try using Run but he said that did not work either.

He might have to nagivate there manually via Windows Explorer > Control Panel > Admin Tools > Services and scroll thru the list for RPC.

G........
A couple of things........
>I originally ran the scan with the save log option but it did not open in notepad..........
It ran just the way it did when I ran the scan with no log option.
>I can NOT open my task manger.
>The thumbnail you have posted is one of two I sent, actually its the second half, the first half
is in another pic. Question: Is this why you say its not the whole log? If so, I can try to attach
the first pic again which contains all the opening lines.........Would this be helpful?........m.

Ok lets try that then...i would also love exports of the entries from the winlog.bat if possible. This could also be a userinit or explorer.exe shell entry issue as the desktop is not starting.

Yes please send the first pic as well..dont think i received that.

maxx just on a hunch, navigate to & open your hijackthis folder and doublecheck to see if a log was created there but did not open for you to see. If so, you should be able to copy the log to your usb stick, transfer it to your work computer where you can use notepad to open it.

If not, we'll all do our best with the pics.

Just to butt in here, but if you can't copy/paste the results of HJT, can't you take a shot of your screen using "Print Screen".
I've had to do that in the past. If this has already been discussed and I missed it, sorry for the "butting in"

G.....
I just sent the pic of the first half of the log.......

QM7........
I'm not sure I follow you........m.

Attached is the first picture. Definitely infected, but going to be a pain to clean without the desktop.

G.........
Forgot to mention.........
I have not been able to open the .bat file........It simply flashes on the screen for a split
second and all you get to see is a small black screen with writting but its gone so fast, you
can't read anything......m.

Just wanted you to open the folder where hijackthis is located and doublecheck to see if a log is there. With all the problems your having its quite possible a log was created and saved there without you realizing it because notepad did not open for you to see.

The log is like any other file. You can just copy it to your usb stick, transfer it to a working computer, double-click on it and the log should open in notepad. If there is no log then disregard.

Do a search or look in C:\ for the winlog.txt file. The .bat file tool opens and shuts quickly so that is normal.

QM7.......
Okay..........I understand.....I just tried to open the winlog.txt.....in notepad and just by choosing
open.......I get the same error message as when I try to open anything else. I will try to open it again on my other system at the office sence I have it saved to my flashdrive.
One more thing.........
The last two days when opening the internet browser, I now get an error box which says: Cannot find
'file:///c:/secure32.html'........But when you click on 'okay'.....the browser opens........Not sure this means
anything, just thoght I'd let you know since this just started happening............

Thats good that you found the winlog.txt. We will wait for you to post it here. The secure32.html is related to your smitfraud infection.

maxx, if you found the winlog.txt file that means logs are getting made so you might have a Hijackthis.log file getting made, which will be much easier to post.

The problem is that you have run HJT from the zip file wihout unzipping it. That opens HJT in a Temp directory, and when you log off or reboot, the temp folder will get deleted including the log. If you haven't rebooted since making a log, check this folder for it: C:\Documents and Settings\c3po\Local Settings\Temp\Temp Directory 2 for hijackthis.zip.

If you can't find the Temp Directory 2 for hijackthis.zip directory, it's been deleted. But you can run HijackThis again, then look for the directory and the hijackthis.log file and transfer it to your flash drive so it can be read and posted from the other machine.

That may not work since, as Grinler has stated, you might have to save the log for it to be written in the first place. You may also need to unhide files to be able to see the temp folder, instructions here: How to see hidden files in Windows

But getting a log posted will sure make things easier on both ends if possible.

It is also important that you get HijackThis run from somewhere else other than the temp folder before you fix any items when we ever get to that point. Backups made are saved to that Temp folder and will also get deleted when you log off. To prevent that from happening, don't run HJT from the zip folder. Use the HijackThis.exe file that isn't zipped. This one: http://216.180.233.162/~merijn/files/HijackThis.exe

I don't know if you downloaded it along with the zip file as a result of this post by QM7, if not, download it when you get a chance and you can run it from your flash drive. http://www.bleepingcomputer.com/forums/ind...ndpost&p=301833

Also interesting, it appears you have used the option in the Misc Tools section to run HJT at startup. Is that the only way you can get it to run? It would seem that would make it even more important to not run HJT from the unzipped/Temp folder.

PPK.........
I just tracked down the file you are refering to.......'temp direct2 for hijackthis zip'......can't open it.
Also I sent it to my flashdrive, but when I looked inside the fashdrive I didn't see it there.
Shouldtthst have worked so I could open it on another system?..........m.

PPK........
Also the reason I have the download of the HJT I used is because its the only one I could get......
Let me try the link you just provided later to day on my office system to se if it will work there........
And do you want me to open those hidden files now?..........m.

G, PPK, H83, QM7........
I was able to look at the winlog on my other system.......
Not much here....all it said was off,off,off.......am I doing something wrong again, or what?.......m.

Gentleman.........
I was running my system in safe mode and was able to access the 'command prompt' area.
Does it make any sence to type in code at that point to correct any of the infections?
Also, I tried in safe mode to open spybot s&d which is on my flashdrive......no go.
How do I alter the start up procedure to allow me access to my program files and access to the Net?
Right now I have a second 'dummy' admin set up to access the Net, because I can't access it from my
old admin name.
You guys have been quiet out there today.........is there anybody out there?>.............m.

PPk.......
I tried to folow the insructions you gave for showing the hidden files........
My system has been alterd by the virus not to show the toolbar where the 'view' tab normally is..........
However, there is more than one way to skin a cat......... and I was able to change the view through the conrol panel and folder options........cool.......its done.........NOW WHAT?..................M.

The point of making hidden files visible was so that you could view the HJT log that may or may not be inside the temp directory C:\Documents and Settings\c3po\Local Settings\Temp\Temp Directory 2 for hijackthis.zip

Have you downloaded the HijackThis.exe to your flashdrive yet as PapaKid asked you to do? This way you can run it from your flash drive:



Please attempt to do this because it will create backups and a log, if it is creating a log, in your flash drive...which would make things easier. Did you try and find the HijackThis .txt logfile in your flash drive after saving the Temp Directory 2 fo hijackthis.zip to it?

Please focus on getting us that HJT log. Also, you said you were able to view the winlog.txt file. Please post that log here.

maxx, we still would like to see the output of the winlog.txt file. Let us be the judge of what the log says as you may not understand it.

Did you follow Papakis's instructions from post #41, to download notepad.exe for XP to your flash drive and paste it into BOTH C:\WINDOWS and C:\WINDOWS\System32 as instructed in that post?

Did you follow the instructions from post #66, redownload Hijackthis and install it correctly? This is IMPORTANT. I can't read your log images very well as they are blurred when I enlarge them but you were advised that hijackthis was in a temp folder under C:\Documents and Settings\c3po\Local Settings\Temp\Temp Directory 2 for hijackthis.zip. You were advised not to run hijackthis from a temp folder or from within the zip file.

You said. You were not advised to do this.

Again, please try again to download and use the HijackThis.exe file from the link provided in post #66 and run it as instructed from your your flash drive so the log can be read and posted from your computer at work. As was advised, getting a log posted will make assisting you much easier. If you have not done these steps, then please do so.

H83,QM7........
I'm alittle bit confused her at all these things I've done or was supossed to do . I thought I had done everything asked to do.

I will... " follow Papakis's instructions from post #41, to download notepad.exe for XP to your flash drive and paste it into BOTH C:\WINDOWS and C:\WINDOWS\System32 as instructed in that post?" and

Did you follow the instructions from post #66, redownload Hijackthis and install it correctly? This is IMPORTANT. I can't read your log images very well as they are blurred when I enlarge them but you were advised that hijackthis was in a temp folder under C:\Documents and Settings\c3po\Local Settings\Temp\Temp Directory 2 for hijackthis.zip. You were advised not to run hijackthis from a temp folder or from within the zip file.

get these two things done today and post it here later today, thanks.........m.

QM7............
One more thing......as to the hard to read postings..........Don't you have one of those big
magnifiers to use? Or maybe you can borrow Grampa Sherlocks? LOL!!!

Sorry.......couldn't resist......just trying to interject some humor here........
Please don't send me another virus.........and can you get that damn bug off my screen? haha.......m.

I assume this never got resolved, I have a similar problem with a customers PC. Trying to open any executable I get the same error, HiJackThis does not reveal anything interesting.

The taskbar is there, but the Start button does not exist.
If you click Start the start menu comes up, but all that it as on it is shutdown and log off
There is no way to navigate to control panel

Any ideas, or is it going to be easier to do a fresh install

I can get a copy of Hijackthis and winlog log file

You may have a similar problem alexpearce but it may not be caused by the same thing. Before doing a fresh install I suggest you post a hijackthis log. Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log".
When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

Start a new topic, give it a relevant title and post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Doing this will avoid confusion here and ensure you receive individual expert assistance.

QM7..........Et-All..........
I've been sitting on this problem for a while now, out of sheer frustration.......
I decided to install the new Windows Vista OS (beta).........My web-site guy suggested this........
Any thoughts on this approach? M.

Welcome back maxx63

Did you check the system requirements for using Vista to ensure you meet the minimum? If not, read Windows Vista Beta 2 Migration Step by Step Guide

I have not had a chance to use Vista as of it. Its a beta program and I recommend most users to wait for a final release of any product before using unless they are very computer savy. I will add that Microsoft recommends users not to upgrade to SP2 until all malware is removed from a computer to avoid installation problems. From what I have read, upgrading to Windows Vista from previous Windows versions will prompt you to perform an Anti-malware pre-installation setup.

It sounds like you already installed Vista so I would ask, did you just upgrade or did you wipe the hard drive clean and start with a clean installation? If you have not installed it, I would recommend a clean install.

I read a comprehensive Vista Beta 2 Installation Guide which states the following:


And if your going the clean install route, then why not just do this with your existing operating system?

QM7........
Thanks for that bit (or should I say 'byte')...........I did indeed install the clean way..........
I couldn't do this with the old OS because of no discs..........However, I have since
found my XP restore Disc, so I am assuming I can go back to using XP if I choose to do so.
I did check out the system reqs. for the Vista OS, and I am fine there. Do I hear you saying that
you think I might be better off with the XP because Vista is a beta, or do I not have the
necessary computer knowledge to use it, or both?
And now that I have a fresh OS, what safe guards do you reccomend against virus and
malware?

Secondly, My system I use at my office is running on the ME OS, Microsoft is stopping their
support on this OS. Is there another OS I can up grade to so I can continue
to receive updates etc...Is it possible to use my XP restore disc to put XP on that system
provided I have a fast enough processor and memory?

Third........THANKS!!! m.

Mainly because its still a beta and I do not normally recommend beta's because they can be buggy. Resolving bugs and related issues can be a tedious task even for the experienced computer user. However, since you have already installed Vista and are not having any problems then maybe its best to leave well enough alone. If you had not already installed Vista, then IMO doing the clean install of XP would have been the more appropriate option.

To protect yourself against malware and reduce the potential for re-infection , you may want to read "Simple and easy ways to keep your computer safe" and "How to Prevent Spyware".

I would recommend an upgrade to XP SP2 as public assisted support for Windows XP Service Pack1 is scheduled to end on October 10, 2006. Read here: http://www.microsoft.com/windows/support/endofsupport.mspx

No. The restore disc you were provided with when you purchased your computer was meant for that pc only. A factory Restore/Recovery Disc is a CD-ROM or DVD data disc that is included with many computers manufactured by OEM vendors. The disk contains a complete copy/image of the entire contents of the hard drive that will restore the system to its factory default state at a certain time. Essentially, it will restore the original computer (the disc was made for) to the state it was in when you first purchased it. Thus for your office computer you would need to purchase a new original XP CD disc with a separate license.

Your quite welcome.

i think we should have kicked this guy out after his first 3 posts because of his rudeness. Just MHO

Bernie70 of course you are entitled to your opinion but I disagree. Frustration, confusion and concern for one's computer when its on the brink of disaster is a common situation we deal with all the time. When you are helping others, the best approach is patience, understanding and persistance which usually pays off.

you are right quietman. I wrote that post with some emotion behind it since this forum has helped me out soooooo much recently. And for someone to falsely accuse anyone of their intent is just wrong to me.

But I'm calm now and should have been more forgiving.

sorry about that, and thanks.

QM7...........
Thanks for your help once again........
I will read up on those topics you posted.......and B70........
no hard feelings......THX...M.