Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

major problem is well hidden - help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 lolaeng

lolaeng

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 February 2012 - 06:07 PM

I use Windows XP Pro

I've tried to find my problem with no success.

Spybot Search & Destroy finds nothing
Malwarebyte's Anti-Malware finds nothing
Norton Suite finds nothing but tracking cookies.
grc.org reports all ports are stealth
defogger appears to have not found any CD emulators but I rebooted anyway
I shut down little software programs I use that are not necessary to reduce useless report info.

dds.scr produces in the .txt file only one readable phrase "!L!This program cannot be run in DOS mode.$" though I did not try to run it from DOS. I simply clicked on it from exlorer.exe (I don't put stuff on my desktop.) I'm a attaching a copy; I erased most of the gobbley goop as the file was way to large to upload.

gmer.exe crashes before it completes each time I try to run it. I get a Windows popup explaining that gmer.exe experienced a problem blah blah and then I get an opportunity to send a report to MS. I've got a copy of the MS trouble report.

I originally came to this site to get help to analyze a hijackthis.log. It is the only program that provides something usable. I tried to follow this site's suggestions of what to download and run before requesting help. hijackthis.log is all I can provide. I would appreciate help reading it. The 7e41...log is the file MS created when gmer.exe stopped running.

Could the underlying problem be sabotaging dds.scr and gmer.exe?

Thank you,
lolaeng
Attached File  hijackthis.log   10.63KB   2 downloadsAttached File  7e41_appcompat.txt   131.43KB   3 downloads

BC AdBot (Login to Remove)

 


#2 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 February 2012 - 11:27 PM

I used another program to analyze my hijackthis.log. I was then able to run gmer.exe. I am attaching it. dds.scr still won't run.



Attached File  gmer15feb12.log   7.91KB   4 downloads

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 20 February 2012 - 02:39 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

p.s.

Rename DDS.Scr to DDS.COM and run it.
Can you now get a log?

#4 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 February 2012 - 04:25 PM

Attached File  MBR.zip   512bytes   0 downloads

nasdaq,

I ran tdsskiller twice, the second time I unchecked service/drivers and
added other two options to boot sectors. The 2nd report is copied
below the first. No threats found. aswMBR didn't seem to find anything as well. The
files are tiny enough to be attached without zipping.

My problems include:
After the scans were closed I tried to delete TDSSKiller.zip (not the .exe).
A box popped up stating it was in use by another person or program or
similar and could not be closed.

I can't reinstall Flash, having uninstalled it including using an addition
Adobe Flash uninstaller.

PC will not power off even though I changed the regedit value to 1 in
winlogon.

Stand By is still not an option in the shut down box.

Thanks for helping!

lola

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 21 February 2012 - 09:28 AM

PC will not power off even though I changed the regedit value to 1 in winlogon.


Try this fix.
http://support.microsoft.com/kb/315664
===

If you search Google for PC will not power off you will find that this problem can be the cause of may things.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

#6 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 21 February 2012 - 04:45 PM

Re: PC will not power off even though I changed the regedit value to 1 in winlogon.
Try this fix.
http://support.microsoft.com/kb/315664

"To disable power management on the USB hub:

Right-click My Computer, click Properties, click the Hardware tab, and then click Device Manager.
Double-click Universal Serial Bus controllers to expand it, right-click USB Root Hub, and then click Properties.
Click the Power Management tab.
Click to clear the Allow the computer to turn off this device to save power check box, and then click OK."

I tried that last week. There were 4 or 5 USB Root Hub listings in DM. I unchecked all of them and nothing changed.

Any other suggestions?

lola

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 22 February 2012 - 09:06 AM

Your difficulties in powering off the computer is not related to malware. Your logs are clean

Please start a new topic here.

Internal Hardware Forum
http://www.bleepingcomputer.com/forums/forum7.html
===

This topic will be kept open for 5 days. If you need any additional help please ask.

#8 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 22 February 2012 - 10:01 PM

combofix did fix whatever was blocking my ability to reinstall Flash Player. yea!
My original problems, however, remain.
Stand By is still missing from my shut down options'
automatic Power off is still not happening after Shut Down.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 23 February 2012 - 10:56 AM

Stand By is still missing from my shut down options'
automatic Power off is still not happening after Shut Down.


Hardware problem is not my forte.

Have a look at this article that I have found.

http://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/suddenly-hibernate-has-disappeared-from-my-shut/637d89c5-35ab-478f-ac98-952e529846e5?msgId=f128f936-a41b-4e29-8124-3d68cb6b634f

If that does not help in fixing your problems please start a new topic in the hardware forum I previously gave you.

===

You can post the ComboFix log for my review.

#10 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 February 2012 - 02:05 PM

nasdaq,

combofix.exe solved by Flash Player problem. Thanks. The other problems remain, unfortunately.

lola

Attached File  combofix.log.txt   20KB   1 downloads

typo: solved my (not by) FP problem.

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 24 February 2012 - 02:11 PM

Your log is clean.

Other than the power issue any other problem with this computer.

#12 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 February 2012 - 02:15 PM

Stand By disappeared in the shut down box. I could turn on hibernate but it takes forever to start and end.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 24 February 2012 - 04:49 PM

These are power related.
Do you really need to save that evergy?

#14 lolaeng

lolaeng
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 February 2012 - 10:51 PM

So? I like to put my PC in stand by when I am leaving for several hours and I don't like having to wait for 5 man minutes in order to turn it off. I should be able to get it back to the way it was.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 25 February 2012 - 09:38 AM

As I have suggested before this is not a Malware problem.
I suggest you follow up on the topics you started in other forums.

As requested by a Moderator I'm closing up this topic. Your problem will best be looked after by these experts.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users