Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RUNDLL error - browser re-directs and god only knows what else


  • Please log in to reply
7 replies to this topic

#1 YakAttack

YakAttack

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:02:41 AM

Posted 16 October 2010 - 10:18 AM

Greetings

My lappy functions normally except for extremely slow at times and the internet turns on and off at its leisure. After about 5-10 minutes I get a Generic Host Process for Win32 Services encounters has encountered a problem/error and needs to close.

I am also getting re-directs through Google for Scour as well.

I have run Malwarebytes Anti Virus and rebooted... lappy looks good for about 10 minutes or so and then WHAM its back.

May I also mention that I have lost IE & Firefox, I have the icons alas I cannot open them, thank goodness I also have Safari which is the only browser in use at the moment. I have tried to reinstate both of the above browsers to no avail.

I have the latest CC Cleaner, XP firewall and use Avast (the free version).

I also cannot open MRT through the run point. Sorry if my computer talk is not correct but hey I only work and play with these things...but I am slowly getting there.

Any help would be greatly appreciated. :thumbsup:


MALWAREBYTES LOGS


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2010 1:29:51 PM
mbam-log-2010-10-09 (13-29-51).txt

Scan type: Full scan (C:|)
Objects scanned: 265417
Time elapsed: 1 hour(s), 52 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{14go4h58-v44n-a02n-y866-d28dq5y3k145} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTsp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSoftwareavsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREXML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellIconOverlayIdentifierssp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesSPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSoftwareavsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmxchhjoc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRungooglehelper (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRungoogleservice (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkuid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvcHostnetsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Spyware.Zbot) -> Data: c:windowssystem32sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Spyware.Zbot) -> Data: system32sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Hijack.Userinit) -> Bad: (C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersNameServer (Trojan.DNSChanger) -> Data: 93.188.162.250,93.188.160.60 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{23f7ad07-7efa-4317-8280-346b53613b0e}DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.250,93.188.160.60 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{23f7ad07-7efa-4317-8280-346b53613b0e}NameServer (Trojan.DNSChanger) -> Data: 93.188.162.250,93.188.160.60 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{42db2d8f-a17f-45bc-bde1-5c86bc7be2dc}NameServer (Trojan.DNSChanger) -> Data: 93.188.162.250,93.188.160.60 -> Quarantined and deleted successfully.

Folders Infected:
C:WINDOWSsystem32lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:Program FilesFlashFlashUpdate (Generic.Bot.H) -> Quarantined and deleted successfully.
C:Documents and SettingstoshibaLocal SettingsApplication DataPortalariumPlayerAppscf5d023f-4e47-41ff-84fd-1e2de9f47384unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:Program FilesCate West - The Velvet KeysUninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:WINDOWSsystem32lowseclocal.ds (Stolen.data) -> Delete on reboot.
C:WINDOWSsystem32lowsecuser.ds (Stolen.data) -> Delete on reboot.
C:Documents and SettingstoshibaApplication Datasvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32sdra64.exe (Spyware.Zbot) -> Delete on reboot.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2010 11:59:19 PM
mbam-log-2010-10-09 (23-59-19).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 258115
Time elapsed: 1 hour(s), 46 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{14go4h58-v44n-a02n-y866-d28dq5y3k145} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREXML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersNameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{23f7ad07-7efa-4317-8280-346b53613b0e}DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{23f7ad07-7efa-4317-8280-346b53613b0e}NameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{42db2d8f-a17f-45bc-bde1-5c86bc7be2dc}NameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:Program FilesFlashFlashUpdate (Generic.Bot.H) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2010 12:26:01 AM
mbam-log-2010-10-10 (00-26-01).txt

Scan type: Quick scan
Objects scanned: 125357
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Have an update on my lappy.

After I posted the above I switched it off and went to bed, upon switching on today I have been unable to access through normal startup (that is i get to my wall paper but nothing else, no blue bar at bottom of screen, no shortcuts on screen, even the start button does not work, so alas I have to switch off from switch)

I am now running through safe mode with networking, (thank god i still have something).

PLEASE HELP!!!!!! :flowers:

EDIT: Posts merged ~BP



Hi there

Not trying to bump my log at all (I think I may have posted [original] in wrong area) could someone please let me know when I will be able to receive some feedback/help on the above post. I have deleted a lot off the computer since the above was posted in the hope that it would improve but alas it didn't. I am quite happy to sit tight - god knows I have waited for weeks with the blasted thing before I turned to this forum. Am having different problems everyday - is beginning to become quite entertaining now wondering what error will appear each time I switch it on.... Thanking you in advance and waiting in anticipation. :trumpet:
A corpse is a corpse, of course, of course, and no-one can talk to a corpse, of course. That is, of course, unless the corpse is the famous Mr. Dead!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:41 PM

Posted 16 October 2010 - 10:55 AM

Hello, you need to update MBAM,yours is very old. Database version: 4052 ,now at 4850.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 YakAttack

YakAttack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:02:41 AM

Posted 16 October 2010 - 10:39 PM

Greeting Boopme, pleasure to meet you and thankyou in advance.

First things first:

Updated MBAM and scanned, here are the logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4850

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/17/2010 3:39:44 AM
mbam-log-2010-10-17 (03-39-44).txt

Scan type: Quick scan
Objects scanned: 148063
Time elapsed: 14 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\toshiba\Application Data\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\toshiba\Application Data\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\toshiba\Local Settings\Temp\upd2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Was able to reboot no problemo



Secondly I downloaded ATF & SAS

Was UNABLE to access SAFE MODE (either with or without Networking) so ran them both in normal mode.

SAS log attached:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/17/2010 at 05:36 AM

Application Version : 4.44.1000

Core Rules Database Version : 5696
Trace Rules Database Version: 3508

Scan type : Complete Scan
Total Scan Time : 01:11:20

Memory items scanned : 531
Memory threats detected : 0
Registry items scanned : 6767
Registry threats detected : 0
File items scanned : 82072
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\toshiba\Cookies\toshiba@opti.inextmedia[2].txt
C:\Documents and Settings\toshiba\Cookies\toshiba@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\toshiba\Cookies\toshiba@ad.yieldmanager[1].txt
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvkzyt6.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvkzyt6.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvkzyt6.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvkzyt6.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvkzyt6.default\cookies.sqlite ]
clickbookcafe.postaffiliatepro.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\BLTFNQGX ]




CURRENT PROBLEMS I AM ENCOUNTERING AT THIS PRECISE MOMENT IN TIME ARE:

* CANNOT START IN SAFE-MODE with or without Networking

* On Startup getting this error message: Error loading C:\WINDOWS\Imoptrap.dll The specified module could not be found.

* Have lost IE.

* Have lost Games under Programs > Accessories > Entertainment (ie Minesweeper, Solitare, etc).

* Icon in taskbar says Internet connected however it is not and then decides 10mins later that it will connect only to disconnect about a minute later. (Sometimes it does behave and can be connected for hours)

* Pictures in Email (Outlook) do not appear, I get the box with the red cross in the top left corner (currently JPG files) but I guess there could be more.

* Computer does START & SHUT DOWN quicker now though so there is one bonus. :flowers:

There was another problem that I remembered whilst in bed earlier but for the life of me cannot remember it now. I guess it will come back to be (hopefully).

If there is anything that you wish me to delete that I do not need please just let me know how to go about it and it will be down.

I will be sending you a PM as I need a few extras days / maybe a week before my next reply and do not wish to explain it here. Hope that will be okay?

I look forward to my next chain of commands.

:thumbsup:
A corpse is a corpse, of course, of course, and no-one can talk to a corpse, of course. That is, of course, unless the corpse is the famous Mr. Dead!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:41 PM

Posted 17 October 2010 - 09:07 PM

Hi Yak // Was busy went to the NY Giants game today.
Ok this was good despite the issues.. we'll clean more and see what we get back.
Locate your install disc we will probably need it after these for some of those other items.

Safe Mode:
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Preferences button.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Error loading C:\WINDOWS\Imoptrap.dll
Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message. ---->> Imoptrap.dllRight-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


An Online scan:
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) once again:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 YakAttack

YakAttack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:02:41 AM

Posted 21 October 2010 - 10:17 AM

Hi Boopme

Was able to run safe mode after completing the SAS Repairs.

Also downloaded Autoruns and deleted the imotrap entry, was askedto reboot and did so. However since the reboot computer boots to windows screen but no desktop icons or taskbar at the bottom so have to restart computer by holding the on/off button, tried rebooting in safe mode both with networking and then without networking however encountered the same problem, boots to safe mode but alas no icons just the black safe mode screen so am unable to do anything else. I tried rebooting via F8 with last good configuration and also tried booting via disable auto start-up and nothing. HELP

I have had to borrow my daughters computer to get access to net so that I could post the above. I am about ready to turf the whole laptop, so over this stupid electronic contraption.

Hoping you may have an some ingenious ideas.
A corpse is a corpse, of course, of course, and no-one can talk to a corpse, of course. That is, of course, unless the corpse is the famous Mr. Dead!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:41 PM

Posted 21 October 2010 - 10:38 AM

Hi, yes I suspected this could happen,that why I asked you to locate your Install disk.

Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 YakAttack

YakAttack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:02:41 AM

Posted 23 October 2010 - 06:57 AM

Evening Boopme

You can now closed this topic.

Hubby saw how stressed I was over my daughter in hospital and the endless computer problems that i was having that he decided to surprise me with getting my computer fixed by a technician (he was unaware I was in the process of getting this done here) BLESS HIM he was only trying to help, so alas I am no longer in need of your advice however I do appreciate the time you have put in getting me as far as I did.

I will be keeping this site in my favourites and recommending you all to others. Once again thank you for your time and effort.

Sincerely

YAKATTACK

:thumbsup:
A corpse is a corpse, of course, of course, and no-one can talk to a corpse, of course. That is, of course, unless the corpse is the famous Mr. Dead!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:41 PM

Posted 24 October 2010 - 11:06 AM

Welll that was very nice,I am glad you are fixed. Hope your daughter is well real soon. God bless you and yours.
Thanks for letting me know. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users