Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Icons disappearing from screen


  • This topic is locked This topic is locked
36 replies to this topic

#1 mat58

mat58

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 22 April 2012 - 04:24 PM

Hello. I am trying to help out a friend with his computer. What is happening is that all of a sudden icons will begin to disappear from the screen or an application that is being run (e.g. Malwarebytes) finishes but before we can get to the log the screen starts to lose images. I tried CTRL-ALT-DELETE and even though I saw the frame, the six button options were not there. Had to shut it down hard and start again.

Another message that has intermittingly appeared has to do with "unable to run shortcut, check disk space". This disk has all the room in the world.

I've run CCleaner to clean out temporary files and other junk.

I noticed that Windows Updates had not been run for quite some time. Found out that Automatic Updates Service was not running. Was able to get that going again and after numerous attempts, all updates are now running.

I'm just not sure everything is good, as I just has the icons disappear on me again. What else might I try, or is this something that I may need further help from the experts ? Thank you for your help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 25 April 2012 - 07:01 PM

Hello, What is the operating sytem?
the six button options were not there. to what?

Cleanong the temp files may be a problem later.. we'll see.

Can you run these?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 25 April 2012 - 07:04 PM

Thanks for getting back to me so quickly. Sorry about the vagueness. The "six buttons" are the icons on the desktop. The OS is Windows XP Media Center. I will provide info in my next post.

#4 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 25 April 2012 - 07:22 PM

Problem: Ran TDSSKiller. Found Rootkit.boot.Sinowal.b Selected CURE (default). Prompted to reboot. I selected Reboot and now all I have is a blank screen (black) with the white cursor in the upper left corner.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 25 April 2012 - 09:01 PM

Click Ctrl + Alt + Del to get the task manager up.
On the 'Processes' tab find "explorer.exe" and end that process.
Your desktop will go away.
Click on the 'Applications' tab and click New Task.
Enter explorer.exe as the task to start.
Your desktop will then come back.
Now try to launch IE again.


post the tdss log thanks

Edited by boopme, 25 April 2012 - 09:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 25 April 2012 - 09:42 PM

CTRL-ALT-DEL just reboots the PC and puts me right where I was

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 26 April 2012 - 10:44 AM

Sorry about the delay..

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 26 April 2012 - 06:21 PM

Stupid question: how can I run something when I can't boot the PC ? All I get is the black screen of death with the cursor at the top. Sorry if this seems stupid.
Can I use the recovery console to do this ?

Edited by mat58, 26 April 2012 - 06:35 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 26 April 2012 - 09:00 PM

Yes you can? Is thos XP?

"SFC" is used to scan and repair all protected system files.
"SFC /SCANNOW" scans files straight away.
"SFC /SCANBOOT" scans files every time computer boots.
"SFC /REVERT" returns SFC to its default settings.
"SFC /?" will give you further help when using the command.


Other Recovery Console Commands
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 26 April 2012 - 09:09 PM

SFC not recognized in recovery console. The PC runs XP Media Center but the disk I have is XP SP3

Edited by mat58, 26 April 2012 - 09:12 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 27 April 2012 - 08:04 PM

OK, as you canoot boot i will ask someone to look gere. You will need a CD or flashdrive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:29 AM

Posted 27 April 2012 - 11:25 PM

Insert the Windows XP SP3 installation CD and restart the computer. If prompted, select any options required to boot from the CD. You will be prompted with the following options:

A. To setup Windows XP, press Enter.
B. To repair Windows XP installation using recovery console, press R.

Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

You will be presented with the following:

Microsoft Windows® Recovery Console
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log onto
(To cancel, press ENTER)?


Press the number assigned to the installation you need access to on your keyboard and hit Enter.

In this case and if only the above is displayed is 1.

At the command prompt, type the following command and press Enter:

Fixmbr

Let the command run despite all warnings. Once this process is completed, type EXIT and press ENTER to restart your computer.

Let me know if able to boot.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 28 April 2012 - 11:28 AM

The PC booted, but still losing icons and even after CTRL-ALT-DEL will not let me into task manager or shutdown. Have to shut down hard. Upon reboot, able to get back in, but don't know how long it will last.

#14 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:29 AM

Posted 28 April 2012 - 11:39 AM

This was the result.txt file from the MiniTooxBox. I was unable to get a report from the TDSSKiller process as that is what caused the Black screen of death.

MiniToolBox by Farbar Version: 18-01-2012
Ran by sandy (administrator) on 25-04-2012 at 17:08:28
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-5207c74a78

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-11-5B-F9-79-12

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, April 25, 2012 4:16:37 PM

Lease Expires . . . . . . . . . . : Thursday, April 26, 2012 4:16:37 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.165, 74.125.224.166, 74.125.224.167, 74.125.224.168
74.125.224.169, 74.125.224.174, 74.125.224.160, 74.125.224.161, 74.125.224.162
74.125.224.163, 74.125.224.164



Pinging google.com [74.125.224.174] with 32 bytes of data:



Reply from 74.125.224.174: bytes=32 time=23ms TTL=57

Reply from 74.125.224.174: bytes=32 time=20ms TTL=57



Ping statistics for 74.125.224.174:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 23ms, Average = 21ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=134ms TTL=54

Reply from 98.139.183.24: bytes=32 time=101ms TTL=54



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 134ms, Average = 117ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 5b f9 79 12 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/25/2012 04:17:03 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 03:24:46 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 03:16:26 PM) (Source: Application Error) (User: )
Description: Faulting application hoyle casino classic.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [hoyle casino classic.exe!ws!]

Error: (04/22/2012 02:01:26 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 00:06:46 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:38:08 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:36:24 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:33:54 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:31:29 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:29:03 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


System errors:
=============
Error: (04/25/2012 04:17:58 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/25/2012 04:17:27 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 03:25:42 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 03:25:07 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 02:02:19 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 02:01:48 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 00:07:30 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 00:07:00 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 11:39:54 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/22/2012 11:38:28 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/25/2012 04:17:03 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 03:24:46 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 03:16:26 PM) (Source: Application Error)(User: )
Description: hoyle casino classic.exe0.0.0.00.0.0.000000000

Error: (04/22/2012 02:01:26 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 00:06:46 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:38:08 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:36:24 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:33:54 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:31:29 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/22/2012 11:29:03 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
5700_Help (Version: 1.00.0000)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AppGraffiti (Version: 1.0.0.28)
ArcSoft ShowBiz DVD 2
ATI - Software Uninstall Utility (Version: 6.14.10.1010)
ATI Catalyst Control Center (Version: 1.0.1657.42386)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.053-040914a-018355C-ATI)
ATI HYDRAVISION (Version: 3.25.9006)
avast! Internet Security (Version: 7.0.1426.0)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
CCleaner (Version: 3.17)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.8
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
Hoyle Casino Classic
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Inbox Toolbar (Version: 1.0.0)
InterVideo WinDVD (Version: 5.0-B11.736)
J5700 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.16)
Nero Media Player
Nero OEM
NeroVision Express 3
OpenOffice.org 3.3 (Version: 3.3.9567)
Photodex Presenter
ProductContext (Version: 50.0.165.000)
Realtek High Definition Audio Driver
Scan (Version: 8.1.0.0)
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
Ulead PhotoImpact 8 SE (Version: 8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.0.0.238)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1023.48 MB
Available physical RAM: 440.21 MB
Total Pagefile: 2460.36 MB
Available Pagefile: 1972.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.56 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:229.48 GB) (Free:202 GB) NTFS

========================= Users: ========================================

User accounts for \\YOUR-5207C74A78

Administrator ASPNET Guest
HelpAssistant sandy SUPPORT_388945a0
susan


**** End of log ****

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:29 AM

Posted 28 April 2012 - 02:53 PM

If you are able to run applications, follow these steps.

Download and run Unhide.exe by grinler.


Please download and run Rkill by Grinler from any of the following locations (Vista and Win7: to run the application, right click on Rkill and choose Run as an Administrator):

If all goes well, please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 28 April 2012 - 02:57 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users