Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • Please log in to reply
15 replies to this topic

#1 dmndmn

dmndmn

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 23 March 2008 - 10:26 AM

I ran the HijackThis program and this is the log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:14 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [SdScansGM] rundll32.exe C:\WINDOWS\stup_tmp.#32,Ini
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2B91D46-1A39-4A09-ACD3-2B6C4D895A66}: NameServer = 125.22.47.125,202.56.250.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6261 bytes



Thanks for any assisstance in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 29 March 2008 - 01:00 PM

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select coolpics.bfu
  • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Then please upload this file:

C:\WINDOWS\stup_tmp.#32

To either jotti or virustotal

Post back with the jotti/virustotal results and a new HijackThis log

#3 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 30 March 2008 - 05:06 AM

I will be uploading the logs in 5 minutes. Thank you again for your help.

Edited by dmndmn, 30 March 2008 - 05:34 AM.


#4 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 30 March 2008 - 05:42 AM

These are the results of the virustotal scan used on stup_tmp.#32 file :

Anti-Virus Version Last Update Result

AhnLab-V3 2008.3.29.0 2008.03.29 -
AntiVir 7.6.0.78 2008.03.28 HEUR/Crypted
Authentium 4.93.8 2008.03.30 -
Avast 4.7.1098.0 2008.03.29 -
AVG 7.5.0.516 2008.03.29 -
BitDefender 7.2 2008.03.30 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV None 2008.03.30 -
DrWeb 4.44.0.09170 2008.03.30 -
eSafe 7.0.15.0 2008.03.18 Suspicious File
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.29 -
F-Prot 4.4.2.54 2008.03.30 -
F-Secure 6.70.13260.0 2008.03.29 -
FileAdvisor 1 2008.03.30 -
Fortinet 3.14.0.0 2008.03.30 -
Ikarus T3.1.1.20 2008.03.30 -
Kaspersky 7.0.0.125 2008.03.30 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2984 2008.03.29 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.29 Trj/Sdscan.A
Prevx1 V2 2008.03.30 -
Rising 20.37.61.00 2008.03.30 -
Sophos 4.28.0 2008.03.30 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.30 -
TheHacker 6.2.92.258 2008.03.29 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.29 -
Webwasher-Gateway 6.6.2 2008.03.30 Heuristic.Crypted



And this is the HijcakThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:21 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [SdScansGM] rundll32.exe C:\WINDOWS\stup_tmp.#32,Ini
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2B91D46-1A39-4A09-ACD3-2B6C4D895A66}: NameServer = 125.22.47.125,202.56.250.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6399 bytes


Thanks a lot. You guys rock, don't know what i'd without this place. Cheers. :thumbsup: :blink:

Edited by dmndmn, 30 March 2008 - 05:51 AM.


#5 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 30 March 2008 - 05:54 AM

As i'm not able to space the columns appropriately, the - s are t null results and the other ones are the detected malwares, they are :
1) HEUR/Crypted
2) Suspicious File
3) Trj/Sdscan.A
4) Heuristic.Crypted

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 30 March 2008 - 07:00 AM

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [SdScansGM] rundll32.exe C:\WINDOWS\stup_tmp.#32,Ini

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete this file:

C:\WINDOWS\stup_tmp.#32

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems.


#7 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 31 March 2008 - 11:12 AM

Hello, random/random and thank you again for helping me. This is the log file of the eset online scanner , like you told me to i just scanned and did not check the remove files option. This is the log :

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2987 (20080331)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d4dac22876c80e469776b33dabea5232
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-03-31 03:26:19
# local_time=2008-03-31 08:56:19 (+0530, India Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=312062
# found=25
# scan_time=4145
C:\fppg1.exe Win32/PSW.OnLineGames.NLI trojan A5A341385A9BB6988CBACFF4D46BB48B
C:\WINDOWS\system32\H@tKeysH@@k.DLL Win32/Keylogger.HotKeysHook.A virus 00000000000000000000000000000000
C:\Documents and Settings\admin\Desktop\nfsmw_music_extractor.zip probably a variant of Win32/Spy.Agent trojan DB4F85BAEACA99881EAEB057167E5545
C:\Documents and Settings\admin\Desktop\nfsmw_music_extractor.zip »ZIP »ToolD2.dat probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000
C:\Documents and Settings\admin\Desktop\Others\nfsmw_music_extractor.zip probably a variant of Win32/Spy.Agent trojan DB4F85BAEACA99881EAEB057167E5545
C:\Documents and Settings\admin\Desktop\Others\nfsmw_music_extractor.zip »ZIP »ToolD2.dat probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000
C:\Documents and Settings\admin\Desktop\Helpfull Software\STREET.RACING.SYNDICATE.PLUS5TRN.PIZZADOX\pztrain.exe probably a variant of Win32/Agent trojan 16EE3BC23F3E49A5E77F643B0589E321
C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2).zip Win32/Keylogger.HotKeysHook.A trojan 7B35BA2ABDCD6C2D919DB1913268A2A0
C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2).zip »ZIP »NFSMW-Ichigo.exe Win32/Keylogger.HotKeysHook.A trojan 00000000000000000000000000000000
C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2)\NFSMW-Ichigo.exe Win32/Keylogger.HotKeysHook.A trojan E62DACAA0C3232EBA7F718EAF0173DB5
D:\fppg1.exe Win32/PSW.OnLineGames.NLI trojan A5A341385A9BB6988CBACFF4D46BB48B
D:\autorun.inf Win32/PSW.OnLineGames.MUU trojan 1E9879127A6323ED799BC52007D27382
D:\Needed softwares\ra2_10.zip Win32/Keylogger.HotKeysHook.A virus 00000000000000000000000000000000
D:\Needed softwares\ra2_10.zip »ZIP »ra2_10.exe Win32/Keylogger.HotKeysHook.A virus 00000000000000000000000000000000
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS2TRN.PHROZEN.ZIP Win32/Keylogger.HotKeysHook.A trojan 744D3BDA8EEFABAC8C21E101EE6A6E33
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS2TRN.PHROZEN.ZIP »ZIP »Red Alert 2 Trainer/Red Alert 2 Trainer.exe Win32/Keylogger.HotKeysHook.A trojan 00000000000000000000000000000000
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS4TRN.YOUNGCHILD05.ZIP Win32/Keylogger.HotKeysHook.A trojan 0DE186864F159D2AFAE76706E10F8827
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS4TRN.YOUNGCHILD05.ZIP »ZIP »Red Alert 2 +4 Trainer V1.001.exe Win32/Keylogger.HotKeysHook.A trojan 00000000000000000000000000000000
E:\autorun.inf Win32/PSW.OnLineGames.MUU trojan 1E9879127A6323ED799BC52007D27382
E:\fppg1.exe Win32/PSW.OnLineGames.NLI trojan A5A341385A9BB6988CBACFF4D46BB48B
E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\ssdtrain.exe Win32/Keylogger.HotKeysHook.A trojan 0A4D28087E9FACF7B5061878D9A27EA0
E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\LSLMCL-trn.exe Win32/Keylogger.HotKeysHook.A trojan 5148CC38C04B94A40E2A1ED521BD458A
E:\UT2004\System\Trainer.exe Win32/Keylogger.HotKeysHook.A trojan F46CAFA970EF080B8DF75860E040EF85
F:\autorun.inf Win32/PSW.OnLineGames.MUU trojan 1E9879127A6323ED799BC52007D27382
F:\fppg1.exe Win32/PSW.OnLineGames.NLI trojan A5A341385A9BB6988CBACFF4D46BB48B


And this is the HijackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:46 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2B91D46-1A39-4A09-ACD3-2B6C4D895A66}: NameServer = 125.22.47.125,202.56.250.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6399 bytes


Well, everything else seems to working fine, but the only problem i'm having right now is that i cannot select my E and F drives properly, when i click on them, they do not open, i get a box asking me which program i want to open it with! But when i go to the address bar and type in E:/ or F:/ it comes up properly, but it is very annoying as opening some files in these drives also come up with the same problem. So should i run the scan again and select remove files option this time?

Thanks in advance. Help is very much appreciated. Praise all you guys for running this forum. :thumbsup: Cheers.

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 31 March 2008 - 02:00 PM

It looks like some of the games you downloaded were infected with keyloggers

You have signs of a Keylogger on your computer.

You are strongly advised to do the following immediately:

1. Call all of your banks, credit card companies, and financial institutions. Inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\fppg1.exe
    C:\WINDOWS\system32\H@tKeysH@@k.DLL
    C:\Documents and Settings\admin\Desktop\nfsmw_music_extractor.zip
    C:\Documents and Settings\admin\Desktop\Others\nfsmw_music_extractor.zip
    C:\Documents and Settings\admin\Desktop\Helpfull Software\STREET.RACING.SYNDICATE.PLUS5TRN.PIZZADOX\pztrain.exe
    C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2).zip
    C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2)\NFSMW-Ichigo.exe
    D:\fppg1.exe
    D:\autorun.inf
    D:\Needed softwares\ra2_10.zip
    D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS2TRN.PHROZEN.ZIP
    D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS4TRN.YOUNGCHILD05.ZIP
    E:\autorun.inf
    E:\fppg1.exe
    E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\ssdtrain.exe
    E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\LSLMCL-trn.exe
    E:\UT2004\System\Trainer.exe
    F:\autorun.inf
    F:\fppg1.exe
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post, along with a new HijackThis log & a description of any remaining problems..

#9 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 01 April 2008 - 05:34 AM

Wow, you guys are really quick in replying to posts. Thanks for your dedication to this topic random/random. I did as you told me, this is the log :

C:\fppg1.exe moved successfully.
File/Folder C:\WINDOWS\system32\H@tKeysH@@k.DLL not found.
C:\Documents and Settings\admin\Desktop\nfsmw_music_extractor.zip moved successfully.
C:\Documents and Settings\admin\Desktop\Others\nfsmw_music_extractor.zip moved successfully.
C:\Documents and Settings\admin\Desktop\Helpfull Software\STREET.RACING.SYNDICATE.PLUS5TRN.PIZZADOX\pztrain.exe moved successfully.
C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2).zip moved successfully.
C:\Documents and Settings\admin\Desktop\T3$Ting\NFSMW-Ichigo(2)\NFSMW-Ichigo.exe moved successfully.
D:\fppg1.exe moved successfully.
D:\autorun.inf moved successfully.
D:\Needed softwares\ra2_10.zip moved successfully.
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS2TRN.PHROZEN.ZIP moved successfully.
D:\Needed softwares\RED[1].ALERT.2.V1.001.PLUS4TRN.YOUNGCHILD05.ZIP moved successfully.
E:\autorun.inf moved successfully.
E:\fppg1.exe moved successfully.
E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\ssdtrain.exe moved successfully.
E:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude\LSLMCL-trn.exe moved successfully.
E:\UT2004\System\Trainer.exe moved successfully.
F:\autorun.inf moved successfully.
F:\fppg1.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04012008_154218


Although i'm still having problems with the view Hidden Files And Folders option, i was previously able to view the Hidden files and folders option after i went through with the BFU procedure. I'll try doing it again as it automatically enabled the view hidden files and folders options. Thanks a lot. Help is very much appreciated.

#10 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 01 April 2008 - 06:38 AM

Also when i try to open or merge .reg files , i.e, registry keys files, it asks which type of program to open the file with? What do i do? PLz help!

#11 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 01 April 2008 - 01:38 PM

Download Attached File  regfilefix.zip   777bytes   19 downloads
Unzip/extract it to a folder on your desktop
Double click on merge.bat
A DOS window will come up briefly and then disappear, this is normal

Let me know if this fixes your problems with .reg files

#12 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 02 April 2008 - 06:31 AM

Thanx a ton!!!! It worked perfectly. Can run the .reg files perfectly now. The only problem which remains now is the problem with the Hidden files and folders options, as in, if i restore disable view hidden files and folders option in the tools -> Folder options tab, then if i check the 'View Hidden files and Folders' tab it doesn't work, it automatically goes back to select the 'Do not view Hidden Files And Folders' option. Currently this is the only problem. Thanks a lot for your help in fixing my computer. It is almost back to perfection except for this problem. You guys rock. :thumbsup:

#13 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 02 April 2008 - 04:39 PM

The only problem which remains now is the problem with the Hidden files and folders options, as in, if i restore disable view hidden files and folders option in the tools -> Folder options tab, then if i check the 'View Hidden files and Folders' tab it doesn't work, it automatically goes back to select the 'Do not view Hidden Files And Folders' option


Did you try redoing the BFU instructions? If not, then please do so.

#14 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 April 2008 - 04:46 AM

Yes i did the BFU procedure again, but then if i select do not show hidden files and folders, then OK, then it hides the files. But then if i again try to view , the same problem occurs, the automatic revertion of 'Show Hidden Files And Folders' option to 'Do Not Show Hidden Files And Folders' option. I'm very much obligerd to all of you for helping fixing my computer almost back to normal, only this small problem occurs. Only when i run BFU i can view the folders, but can't do it manually. Thanks a lot for your help. :thumbsup:

#15 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 03 April 2008 - 11:57 AM

It's possible that it is one of your security programs doing this, so I'd like you to try enabling the showing hidden files & folders from safe mode

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Try enabling the viewing of hidden file & folders

Restart to normal mode

Did it work properly in safe mode?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users