Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Sooooo Confuuuuuused! :crazy:


  • Please log in to reply
8 replies to this topic

#1 BvS

BvS

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 07 September 2006 - 01:13 PM

(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance.
Enthusiast)

This is my first post here and, as I expect is the case with many first-timers, it too is a request for help.

System:
Windows XP Home SP2
Pentium 4 2,26GHz
2.27GHz 512MB RAM

Problem:
Upon initial startup, PC will hang during bootup and require the system to be physically unplugged and repowered in order to eventually go through the entire cycle.
Also, upon setting up to run certain programs that require data transfer from the net (including free virus scans and online games), the PC will automatically reboot.

Uneducated guess:
-something- isn't allowing the transfer of info from outside sources that may be useful in the disabling and deletion of itself.

Here's a HiJackThis report:
Logfile of HijackThis v1.99.1
Scan saved at 1:47:18 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108759546373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134976025890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q43382890.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Here's hoping that my poor old machine is salvageable.
(Edit: Thanks for the relocation :thumbsup: )

Edited by BvS, 07 September 2006 - 01:57 PM.


BC AdBot (Login to Remove)

 


m

#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:50 PM

Posted 08 September 2006 - 09:03 PM

Hi BvS,

Welcome to Bleeping Computer. :thumbsup:

I will be assisting you in cleaning up your system. I will be consulting one of our expert coaches before I get back to you with instructions.

Thanks for your patience --

Dave

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:50 PM

Posted 09 September 2006 - 10:41 AM

Hi again BvS,

A few questions: first, Do you have a working and updated antivirus on your system? I see some signs of Norton, but it does not appear to be fully installed and active. Second, have you disabled ActiveX in Internet Explorer? That would explain why you can't download online games and scanners. The default is to ask before installing an ActiveX control but your settings may have been changed to block them altogether.

Please download win32delfkil.exe.

Save it on your desktop.

Close all windows, double click on win32delfkil.exe and follow the prompts.

The computer will reboot automatically, and when your desktop opens, a logfile will appear. It should be saved as c:\windelf.txt.

Next, open HiJack This and run a scan. Put a check next to the following lines, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O20 - Winlogon Notify: st3 - C:\WINDOWS\q43382890.dll (file missing)


Make sure all other windows on the desktop are closed, then click fix checked.

Run another scan. Save the log, and post it, along with the logfile c:\windelf.txt, and the answers to my questions, as a reply to this thread.

#4 BvS

BvS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 09 September 2006 - 12:49 PM

Thanks, Dave.
To answer your questions:

The fragments of Norton you see are the result of my having uninstalled a free trial version of the program; apparently badly :thumbsup: I have yet to find something to replace it.

I have not shut off ActiveX nor Java. I suspect it is the bogey that's playing with those settings since, before I first came to you with my problem, I was informed by trendmicro's online scan that I had no operating Java runtime environment and that I should reinstall. Going to the Java download site and attempting that also resulted in a system reboot.

windelf.txt:
WIN32DELFKIL LOGFILE - by Marckie


version 3.01
Sat 09/09/2006 13:30:10.21
running from: "C:\Documents and Settings\David\Desktop"


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"



--- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}]
@="C:\\WINDOWS\\q43382890.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}\InprocServer32]
@="C:\\WINDOWS\\q43382890.dll"
"ThreadingModel"="Apartment"

checking for file:
q43382890.dll NOT found

--- Notify key ---
subkey st3 is present!


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!

After which I ran HJT and looked for the 3 entries you suggested.
"O20 - Winlogon Notify: st3 - C:\WINDOWS\q43382890.dll (file missing)" was not found. I checked the other two and cleaned.

HJT2:
Logfile of HijackThis v1.99.1
Scan saved at 1:36:24 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108759546373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134976025890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Thanks for your attention.

#5 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:50 PM

Posted 10 September 2006 - 07:16 AM

Hi BvS,

Well, the good news is that your log is clean. W32delfkil did its job and removed the delf trojan entry in the registry, that's why you did not find it in the second HJT scan. The Cleaner had apparently removed the file already. However, HiJackThis doesn't pick up everything, so I'm going to ask for a few more scans before giving you a definite "all clean."

So the question is -- any difference in the bootup behavior of your computer?

If you are still having boot problems, the first thing to do is a full, manual uninstallation of Norton. In fact, you should do this anyway -- half-uninstalled programs can cause all sorts of trouble. And don't feel bad. Even very advanced users have trouble uninstalling Norton.There is a Bleeping Computer thread on the subject here. Check Quietman's instructions and links especially in post #5 of that topic. Make sure you get the right tool for your version of Norton, and do the manual removal, not the online method. Please let me know whether it works -- one indication would be if that O23 line referring to Symantec is gone when you do a HJT scan.

Next thing you need to do, boot problems or not, is to install an antivirus. Please download one of these free programs:


AVG Free is available at this site.

Avast Home Edition is available here.

Avira AntiVir can be downloaded here.


I personally use AVG Free, but all these programs have good reputations. If you don't like one, you can try another. Please consult the help files or online support for information on installing, updating, and using the program. After installing it, please run a full system scan and let the program fix everything it finds. Save the report, I will want to see it.

I am not familiar with your antitrojan program The Cleaner. Does it produce a log? If it does, you should update the program and run it, have it fix anything it finds, and save the log for posting in your next reply.

Regarding your Java, please make another attempt at installing it. Some people have trouble with the normal installation method, where you download and install a relatively small program which then selects Java components for your machine and downloads them from the internet. There is the alternative of downloading the full Windows "Offline Installation" program here, it's the second file from the top on the list. Note the file size in deciding whether to try that first -- I don't know if you have a high speed connection.

Next, whether you manage to get Java installed or not, please check your ActiveX settings. Opening Internet Explorer, then click Tools, Internet Options, then the Security tab. The default level is Medium. If that's where the slider is set, Click on the Custom button which will show you a list of radio buttons showing how different classes of ActiveX controls are handled. Scroll to the Active X controls and plug-ins and verify that the options are set to Enable or Prompt. Scroll to the Scripting Section and verify that Active Scripting is set to Enable or Prompt.. Make a note of the settings. If the slider is not set at Medium, please note where it is.

I also need to ask you about a firewall. I assume you have the WinXP firewall enabled. It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer. The Windows XP firewall only works in one direction (inbound) so I suggest you disable it and download and install one of these excellent (and free) products:

Zone Alarm

Sygate

Outpost Firewall Free

Kerio personal firewall


As with the antivirus products there are instructions on the websites regarding installation and configuration.

It is important to note that you should only have one firewall and one antivirus installed at a time, but you can download several of each to your Desktop and install them in turn to see which ones you prefer.

Finally, please download Blacklight Beta here. You can read the information on the download page for an idea of what it will do. Download it to your desktop and double click to open. Accept the agreement, then on the next screen click the Scan button. When the scan is finished, click Next. Then exit the program. You will find a log file on your desktop, named fsbl-xxxxxxxxxxxxx.log. The x's are numbers, the first four being the current year. This is a text file and can be opened with Notepad.

Please post the Blacklight log and, if available, The Cleaner and your antivirus scan logs to a reply here along with the other information I have asked for.

#6 BvS

BvS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 11 September 2006 - 01:48 PM

This morning, upon powering up, I got the message...
"Reboot and Select proper Boot device
or Insert Boot Media in Selected Boot device."
Powering up a second time remedied it.

The remnants of Norton have been removed.

I installed AVG and, upon reboot, got a message balloon from the control bar on my desktop the read...
"AVG Control Center
AVG Resident Shield: Resident Shield not loaded.
Internal Virus Database: Component Status could not be determined. Connection failed."
Scanning gave read errors on every line. I uninstalled.

Avast and Avira both caused reboots shortly after clicking their respective .exe's.

TheCleaner was a free trial that expired. I kept it installed because it gave an audible alarm when my system settings were changed. I uninstalled it.

The Java installer informs me that I have the lastest version installed.

My ActiveX controls were, and continue to be, set as per your instructions.

ZoneAlarm is now installed and appears to be working as intended. I tested it by attempting to run an online game and it prompted me to allow the game access to the internet. However, my system still rebooted during initial data transfer.

Blacklight Beta appears to be working as well, but revealed nothing, as the attached log will show...
09/11/06 12:33:16 [Info]: BlackLight Engine 1.0.46 initialized
09/11/06 12:33:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/11/06 12:33:16 [Note]: 7019 4
09/11/06 12:33:16 [Note]: 7005 0
09/11/06 12:33:23 [Note]: 7006 0
09/11/06 12:33:23 [Note]: 7011 1500
09/11/06 12:33:23 [Note]: 7026 0
09/11/06 12:33:23 [Note]: 7026 0
09/11/06 12:33:26 [Note]: FSRAW library version 1.7.1019
09/11/06 12:33:32 [Note]: 2000 1006
09/11/06 12:33:32 [Note]: 2000 1006
09/11/06 12:34:02 [Note]: 7007 0

No other logs were obtainable.
(editted to correct typos)

Edited by BvS, 11 September 2006 - 02:11 PM.


#7 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:50 PM

Posted 12 September 2006 - 06:08 AM

Hi BvS,

I'm glad you wrote back. That message you got on cold boot this morning is not related to Windows -- it is generated by the BIOS, which is your motherboard's built-in software which handles devices and their configuration.

The most likely meaning of that BIOS message is that your hard drive is failing. Obviously this has to be addressed before any other issues with your operating system. In fact, it might even explain some of your apparently unrelated problems.

Have you opened the case of your machine lately to replace or add any hardware? It's possible you may have loosened a hard drive connection while doing this, and you should check the power and data cables.

If you have not been into the case lately, then speaking as an old system builder and hardware nut, here is what I would do if I were in your shoes:

First, Back up all vital data. Use CD-R disks if possible (not rewritables) or an external hard drive.

Stop using the computer for normal tasks, especially important ones like keeping financial records.

Download the test utility provided by your hard drive manufacturer. If you don't know who made your hard drive, do this:Click Start, then Control Panel.
Double click the System icon.
In the System Properties Window, click the Hardware tab, then click on Device Manager.
Click the "+" sign next to the Disk Drives line. The first drive listed is your boot drive, and it will have a make and model, e.g. "Maxtor 4K040H2."
Use google to find the support site of the hard drive maker. Look for a Downloads link on the site, or search for help by model number.

The file you are looking for will have a name referring to diagnostics. Make sure you get the one for your model.

There will be instructions on the support page about how to make a bootable disk (floppy or CD-R) and use it to run the test.

If possible, the best practice is to download the file and create the test program disk on another, known-good computer.

If you run into any trouble with either locating the test program or making the disk and using it, please post back here with the make and model of your computer and hard drive, relevant equipment on your machine (floppy drive? CD burner? Burning software?) and I'll be glad to help.

Sorry if I'm being way too rudimentary for you, I'm not sure how much of this geek stuff you have done before. But the first thing we have to do is answer the hardware question. There are other possibilities besides the drive, but it has to be ruled out first. If it tests out OK then we can look elsewhere, possibly in the hardware forum where there are many experts who can offer the benefit of their experience.

In any case this thread will be kept open for a while. If the hardware tests come up negative, or you still have problems after the hardware is fixed, we can continue here.

Good luck.

#8 BvS

BvS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 September 2006 - 08:43 PM

Touching base for the last time (hopefully).

I wasn't able to run the tests you suggested due to the lack of access to a second computer, so off to the shop it went. It turns out that the power source was fading. Once replaced (three days ago) my problems vanished.

I want to thank you for all your help and for steering me in the direction of the security programs I now have installed on my machine.

#9 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:50 PM

Posted 22 September 2006 - 05:55 AM

Hi BvS,

Thank you for getting back to me. You lucked out -- much easier to replace a power supply than a hard drive! :thumbsup:

And kudos to your shop for correctly diagnosing the problem -- as you saw, the part of a computer that throws up an error message may not be the source of the trouble. Power supply failures are all too common and can cause a bewildering array of symptoms. Unless you have a good load tester, often the only recourse is to substitute another unit and see if the problems disappear.

Good to know you now have an antivirus and a firewall in place. There still remains the matter of an antispyware program to replace your expired The Cleaner. Here are links to some good free programs:

Ad-Aware SE

Spybot-Search & Destroy

Both of these are scanners that work on demand. Unlike with firewalls and antivirus programs, there is no problem with having more than one spyware scanner installed. I suggest using both and doing frequent updates and scans. Spybot also includes a real-time "watchdog" component called Tea Timer. This can be turned off if you prefer another real-time program.

Javacool Software has two programs that work in different, complimentary ways. One is Spyware Blaster which works by preventing access to known malware sites and other potentially dangerous places; the other is Spyware Guard which is an alternative to Tea Timer and works the same way. You can try both and decide which of the two (Spyware Guard or Tea Timer) you prefer.

Finally, remembering that you did come here with a Trojan on your system, I would be remiss if I did not refer you to this tutorial which summarizes other steps you can take and includes links to further information about using the programs I have mentioned.

Good luck, and happy computing :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users