Jump to content

Change Mode

dragnmastr85

Anti-Spyware Brigade
  • Posts

    1,427
  • Joined

  • Last visited

Posts posted by dragnmastr85

  1. You will need to look into the boot options in the bios to check the boot order, Removing the cmos battery from the motherboard, will often reset the bios. You will need to reset the date/time if you do this'

    If you leave a usb device that will not boot and if the bios is set up to look for a usb device first before the hard drive, you will see a boot failure error. Be sure all usb devices are disconnected, including any printers

     

    Sorry I thought I mentioned I have already checked the boot order. This is a netbook so getting to the cmos battery will not happen :P Flashing the bios would have had the same effect, however, and that didnt help. The only USB devices I have been using are bootable ones.

     

    Update: the new linux live usb drive works! So I guess it was just the MBR getting screwed somehow and the usb drive going at the same time. Very strange. I will try to recover the MBR through linux. Ill post back.

     

    Update: I installed linux where I intended to in the first place and grub fixed the MBR on its own. Sorry for doubting you. The symptoms I had pointed to no bootable devices working. But it turned out to just be a flash drive and the MBR going to :filtered: at once. Thanks!

  2. It's possible that part of your drive had your boot sector. You can try to fix the MBR ( Master Boot Record ) and see if that helps

    http://helpdeskgeek....x-mbr-xp-vista/

     

    a repair install is also an option if you have an XP disk

     

    This isnt an issue with the HDD. It wont boot using any USB drives or anything now. Note that I mentioned I was originally working in a live linux environment. It wont boot into any bootable device. The solution you have provided requires me to boot from a repair disk. I cant boot into any bootable removable media. Thanks for your help so far :)

     

    Edit: UPDATE! I was able to boot into my memtest usb drive! Not sure why that works but the Linux USB and HDD arent. I will continue troubleshooting.

     

    Edit2: And now I come to find the linux usb drive is not working on other computers as well. So all in one instant, my usb drive failed and my MBR got screwed up somehow. I will make another linux usb and see if it works. I will use the same flash drive as the one that had memtest on it.

  3. Are you sure that free space and extended partitions were not windows partitions?

     

    I cant remember all what I did in qparted. The free space I was working with was part of a windows extended partition that had one windows volume and some free space. With that free space I was going to prepare volumes to install linux. I went to reboot so I could check something in windows, then nothing was bootable. When I try to boot it skips over the USB bootable drive and the HDD and tries to boot from LAN, which is the last item in boot order. After it fails to boot into lan (since there isnt a lan) the computer tells me I have to connect a boot device.
  4. I was working in gparted on a live linux bootable usb. I didnt make any changes that would affect the windows partitions. I was only dealing with the free space and changing extended partitions. I went to reboot into windows and it says "No bootable device -- Insert boot disk and press any key". So I figured I screwed something up so I plug the bootable usb back in to take a look at it. I get the same message. The usb works on other computers. I cannot boot to the disk drive or a usb drive now. I have no idea what couldve happened. Even if I royally screwed over the hard drive, there would be no reason the USB shouldnt boot. The boot order in the bios is fine. And Ive even tried the f12 (select a boot device) option. Nothing works. Its as if my computer hardware doesnt want to see any devices. Never had this issue before. Any suggestions?

  5. So the virus scan said this was bad:

    name="C:\Users\Adam\AppData\Local\Temp\1629431952Ati.dll", threat="a variant of

    Win32/Induc.A virus", action="action selection postponed until scan completion",

    info=""

     

    And it didnt remove it. Have no idea why.

    Then HJT said this was running:

    O4 - HKCU\..\Run: [Nvidias] C:\Windows\system32\rundll32.exe C:\Users\Adam\AppData\Local\Temp\1629431952Ati.dll,Sets

     

    So I killed that dll using HJT. How can I know if Im safe now?

    Thanks.

     

    Heres a full new log after a reboot:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:02:10 PM, on 5/5/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    
    Running processes:
    D:\Fraps\fraps.exe
    C:\Program Files (x86)\USBDLM\USBDLM_usr.exe
    D:\Program Files (x86)\uTorrent\uTorrent.exe
    D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files (x86)\Steam\Steam.exe
    D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    D:\Program Files (x86)\Pidgin\pidgin.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    D:\Program Files (x86)\Atheros\ACU.exe
    C:\Windows\SysWOW64\MAFWTray.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Users\Adam\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    E:\lcdsirreal\LCDSirReal.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\Downloads\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.mypearson.com/cclogin.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.208.4.198:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ACU] "d:\Program Files (x86)\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [EPSON5ABA61] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIELA.EXE /FU "C:\Windows\TEMP\E_SFA27.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [uTorrent] "d:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "d:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [EPSON WorkForce 40(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIELA.EXE /FU "C:\Windows\TEMP\E_SDC0F.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Windows Defender] C:\Windows\system32\KB123386.EXE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: sidebar.exe.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    O4 - Global Startup: Pidgin.lnk = D:\Program Files (x86)\Pidgin\pidgin.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72973E80-7132-4BE1-BA33-A2823169C1E4}: Domain = rnxeasyn4
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Windows\SysWOW64\acs.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: ASWLSVC - Unknown owner - C:\Windows\SysWOW64\ASWLSVC.exe (file missing)
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files (x86)\USBDLM\USBDLM.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
    
    --
    End of file - 11246 bytes
    
  6. Ok so it didnt get rid of the keylogger because peerblock is still telling me about an access attempt whenever I try to log to WoW. it is trying to access managed solutions group. I assume its trying to send my keystrokes at that moment. Nod32 did not get rid of whatever is causing this.

     

    Heres a hijackthis log

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:38:26 AM, on 5/5/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    
    Running processes:
    D:\Fraps\fraps.exe
    C:\Program Files (x86)\USBDLM\USBDLM_usr.exe
    D:\Program Files (x86)\uTorrent\uTorrent.exe
    D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files (x86)\Steam\Steam.exe
    D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    D:\Program Files (x86)\Pidgin\pidgin.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    D:\Program Files (x86)\Atheros\ACU.exe
    C:\Windows\SysWOW64\MAFWTray.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Adam\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    E:\lcdsirreal\LCDSirReal.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Adam\Downloads\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.mypearson.com/cclogin.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.208.4.198:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: D - {9B4C6B5E-C048-36DD-A35B-E25BD001851F} - C:\Windows\u2v18357.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ACU] "d:\Program Files (x86)\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [EPSON5ABA61] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIELA.EXE /FU "C:\Windows\TEMP\E_SFA27.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [uTorrent] "d:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "d:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [QuickGammaLoader] D:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
    O4 - HKCU\..\Run: [EPSON WorkForce 40(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIELA.EXE /FU "C:\Windows\TEMP\E_SDC0F.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Nvidias] C:\Windows\system32\rundll32.exe C:\Users\Adam\AppData\Local\Temp\1629431952Ati.dll,Sets
    O4 - HKCU\..\Run: [office] "C:\Windows\system32\rundll32.exe" C:\Users\Adam\AppData\Local\Temp\355588.dll,S
    O4 - HKCU\..\Run: [Windows Defender] C:\Windows\system32\KB123386.EXE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: sidebar.exe.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    O4 - Global Startup: Pidgin.lnk = D:\Program Files (x86)\Pidgin\pidgin.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72973E80-7132-4BE1-BA33-A2823169C1E4}: Domain = rnxeasyn4
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Windows\SysWOW64\acs.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: ASWLSVC - Unknown owner - C:\Windows\SysWOW64\ASWLSVC.exe (file missing)
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files (x86)\USBDLM\USBDLM.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
    
    --
    End of file - 12429 bytes
    
  7. So microsoft security essentials fond some viruses but wasnt able to remove them. It said it did but they came back after every reboot. My world of warcraft account got compromised so I uninstalled security essentials and got nod 32. Im scanning right now in safe mode. Im having trouble reading the log since its in a dos prompt. Does any of this stuff make sense to you? Anything pop out as bad? Obviously the virus does but the unable to open stuff worries me too. Its still scanning I think. This is what I have so far.

    ECLS Command-line scanner, version 4.0.474.0, (C) 1992-2009 ESET, spol. s r.o.
    Module loader, version 1031 (20091029), build 1035
    Module perseus, version 1272 (20100416), build 1332
    Module scanner, version 5086 (20100504), build 7063
    Module archiver, version 1113 (20100427), build 1070
    Module advheur, version 1107 (20100426), build 1065
    
    Command line: /auto
    
    Scan started at:   05/05/10 00:25:57
    name="C:\Boot\BCD", threat="", action="", info="error opening"
    name="C:\Boot\BCD.LOG", threat="", action="", info="error opening"
    name="C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11dde19e5fabe3be143166c583
    68f049_99903c5e-206b-47ba-b4a7-91d26ff96b99", threat="", action="", info="error
    opening"
    name="C:\Users\Adam\NTUSER.DAT", threat="", action="", info="error opening"
    name="C:\Users\Adam\ntuser.dat.LOG1", threat="", action="", info="error opening"
    
    name="C:\Users\Adam\ntuser.dat.LOG2", threat="", action="", info="error opening"
    
    name="C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Current Sessio
    n", threat="", action="", info="error opening"
    name="C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Current Tabs",
     threat="", action="", info="error opening"
    name="C:\Users\Adam\AppData\Local\Microsoft\Windows\UsrClass.dat", threat="", ac
    tion="", info="error opening"
    name="C:\Users\Adam\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1", threat="
    ", action="", info="error opening"
    name="C:\Users\Adam\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2", threat="
    ", action="", info="error opening"
    name="C:\Users\Adam\AppData\Local\Temp\1629431952Ati.dll", threat="a variant of
    Win32/Induc.A virus", action="action selection postponed until scan completion",
     info=""
    name="C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\11dde19e5fabe3be143166
    c58368f049_99903c5e-206b-47ba-b4a7-91d26ff96b99", threat="", action="", info="er
    ror opening"
    name="C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT", threat="", action="",
     info="error opening"
    name="C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1", threat="", actio
    n="", info="error opening"
    name="C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2", threat="", actio
    n="", info="error opening"
    name="C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat", thr
    eat="", action="", info="error opening"
    name="C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat", thr
    eat="", action="", info="error opening"
    name="C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT", threat="", action="
    ", info="error opening"
    name="C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1", threat="", act
    ion="", info="error opening"
    name="C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2", threat="", act
    ion="", info="error opening"
    
  8. Ok so heres what I did all day to fix this.

    I installed Avira to see how that would do as far as virus scanning. It found 11 things and quarantined them. The problem persisted. I tried booting normally with all services enabled but all startup options off. Worked fine. Enabled all start up items that I use. Problem came back. Enabled only necessary start up items. It was fine.

     

    In the end I found that it only slowed down with ATI control center. Has anyone had this problem? There was no infection at all. CCC is just garbage apparently.

  9. This problem just started yesterday. I am running windows vista 64 bit. I dont believe this is a hardware issue. IE isnt letting me do a pitstop test and I cant figure out why.

     

    When I boot up normally the computer starts loading things and I can see them popping up in the system tray so the system is capable of booting. After about 20 seconds I cant click on anything and the time stops. I can click on the start menu and in a couple of minutes it will respond and the time will update in the corner. System restore isnt working. It wont complete the restore after rebooting. Safe mode works fine. If I disable all startup items and all services (except the microsoft ones) a normal boot works fine. Ubuntu live CD works fine also. Avast antivirus turned up a trojan on a pagefile for windows 7 which was on another drive. I formatted the windows 7 drive just to be safe. chkdsk found some errors and fixed them but it didnt help.

     

    Any help at all would be great. thanks guys.

  10. I have a 9 pin cable I want to use for my HTPC. I want to make sure it will give me true 1080i HD. I have provided pictures of the cabling.

     

    My 2nd question is would a DVI cable be better? Thanks!

     

    post-3229-1228872396_thumb.jpg

     

    post-3229-1228872409_thumb.jpg

     

    Images resized due to,

     

    8) Posted images should be no larger than 550x412.

  11. What sort of virus/spyware programs do you use? Something that kicks in 20 min after booting up is almost always a worm of some sort. I had an issue very similar to this. I dont think its browser related since youve tried everything with 2 different browsers. As it turned out I found 2 instances of lsass.exe and one of them was a worm in disguise. Even a boot time virus scan using several scanners didnt find anything. I compared my lsass.exe's to another computer and deleted the one that didnt match through a boot cd. Something might be similar in your situation. I do see several items containing lsass in your HJT post but Im not good at reading those. I'd cross reference this thread in a post to the HJT forum where there are people certified to read them properly.

  12. huh?

     

    You need to willing to do a little bit of work to find the solution. The instructions that were given to you were very clear and if you take it step by step you can figure it out. Don't waste anyones time with a post like "huh". If theres something you dont explicitly understand then tell us what. Saying "huh" just makes me want to copy and paste the instructions again and leave you at it.
  13. I've had dozens of Acer products and the reason is because they are always great quality and the support is great even if you are out of warranty. If you call Acer they can send you out the recovery discs with just a charge of shipping. Whoever worked on your comp last was someone who likes to take shortcuts and doesnt care what happens in the long term. I hope you didnt pay him much. If he works for a retailer I would report him to the management.

  14. I agree with the whole PRESS 1 FOR ENGLISH too......argh

    I am not using ANY zip program right now. I was using WINZIP before but I uninstalled it because it started AUTOMATICALLY unzipping everything too. Anyway, it doesn't even give me a chance to select OPEN, or SAVE. I click on the link and it just unzips it and puts it in a temp file. Before, when I clicked on a link, it would ask me me if I wanted to open it, or if I wanted to save it, and where do I want to save it to. NONE OF THAT HAPPENS ANYMORE.

    If I didn't know better, I would think I was RUNNING them, but I can't even select RUN....it is just doingit automatically. I can RIGHT click on the link and SAVE AS,but that is the only way I can do it now.

     

    Download winrar and have that handle your zip files. Go into folder options and change the association of zip files to something other than windows native program. That thing is a mess and for whatever reason your browser is saying "Open" instead of "Save" and then windows is handling thatrequest and giving you the temp file. Try downloading the zip files from a different browser and see if it still auto-opens them. That should give you an idea of where the problems are occurring.

  15. I just set it up and it is working great so far. CAD runs good. Its a bit slow but thats probably because I have all the NICs set to wireless B instead of G. Ill switch that at some point most likely. Cant get Warhammer Online to run but I think that might be because of the resolution. If I open it sitting at the host and then log on remotely I can see the game but it refreshes very slowly. Might be the resolution though. Ill keep you guys updated. If I set up a VPN would I be able to connect from an entirely different network?

  16. It's not Windows remote assistance that you want. If I understand correctly, you want to be logged into the remote machine to use its hardware. I think Windows "Remote Desktop" would suit your needs, but you should experiment to see. The remote computer needs to be running at least XP Pro to have the server for Remote Desktop. What you get is the display exported to your local machine and your local machine mouse and keyboard take the place of the remote machine mouse and keyboard. You are actually logged into the remote machine.

     

    That is exactly what I would want. The weird comment about "playing games in the office" aside, I think remote desktop sounds good. Is remote desktop possible in a LAN environment where I have computers set up as static local IPs instead of dynamic IP addressing? Is it possible to take advantage of this feature off the LAN on a wireless network elsewhere? The host PC would be windows vista and the local machine would be running XP. Can you point me to a guide where I could set this up? As long as I can make use of the hosts PC's hardware through another device (which in this case would be one of my laptops) this solution seems perfect. Thanks for your help!

×
×
  • Create New...