1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE and other programs won't load

Discussion in 'Windows XP' started by lofquist, Jan 27, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    Strange thing this morning. I have a Thinkpad T400 running XP Pro. Yesterday I booted Linux from a USB drive. I have done it a few times and never had a problem. Not sure if this problem is related. This morning the IE, Show Desktop and other icons that are usually just to the right of the lower left Start icon are missing. When I go into programs and try to start IE I get a blank screen that pops up for a second and then disappears. Other programs like Excel and Kindle won't load either. Fire Fox however will load after a couple of attempts. I thought it might be malware so I tried to run malwarebytes. I got this error:



    Any ideas or suggestions would be appreciated.

    Thanks!
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You didn't post the error you got from Malwarebytes.

    Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

    Please Copy & Paste the log into your next reply if you get it to run.

    The symptoms you have could be Malware but may also be hardware or due to file corruption, please run this to check the file system.



    • Click on Start then Run and type cmd in the search box and hit Enter. At the C: prompt, type chkdsk /r exactly as written here with the gap before the slash, then hit Enter.
    • You will then see a message "Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)"
    • Type Y for yes, and hit Enter. Then reboot the computer. The disc check will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The disc check process may take an hour or more to finish and may appear to freeze which is normal.)
    • When the disc check is done, it will finish loading Windows.
    • When finished click on Start then Run and type: eventvwr.msc and hit Enter.
    • When Event Viewer opens, click on Application in the left pane. In the main pane scroll down until you find Winlogon under the Source column and double-click on it.
    • This is the log created after running the disc check. Click once on the Copy button [​IMG]
    • Come back here and right click on the message box, select Paste from the pop up menu and the log will appear. Then submit the post.
     
  3. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    Sorry, I tried to post the error message above. It is Run time error 372.

    I ran everything you asked above. When I double clicked on the Winlogin in the application folder nothing happened. It just shows 2 winlogin lines, one from today and one from 10/28/12. There were lots of errors and warnings from the userenv source.
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, please run this test to check the hard drive. It may help if you create the CD on a fully functional PC.

    Open Internet Explorer and click on this: Seatools

    Save the download to your desktop.

    In Windows 7 right click the ISO file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
    For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program and start the application. Select the top left hand option to Write image file to disc and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

    You will need a blank recordable CD or a re-recordable CD. You cannot use this software on a USB flash drive.

    When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test.

    A full set of instructions can be found here: Seatools instructions

    When the test completes it will show a Pass or Fail.
     
  5. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    Ok, I downloaded on differet computer and burned to disk. Tried to boot from CD, no luck. Put it on USB stick and tried booting from there, no luck either. I downloaded HiJack this. Tried to run. Got error stating "Windows installation service cound not be accessed"
     
  6. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    I was able to get Combo Fix to load and run. The log is attached.
     

    Attached Files:

  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please, when posting any logs, Copy & Paste them into your replies as it makes it a lot easier for helpers to read them. I would not advise anyone to run Combofix without giving the full set of instructions. I will review the log and post back. You must have it on your desktop or the uninstall procedure will not work, you presently have it in a folder on your desktop please move it.

    ComboFix 13-01-28.02 - blofquist 01/28/2013 11:29:23.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1208 [GMT -8:00]
    Running from: c:\documents and settings\BLofquist.CONCORDIA\Desktop\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ADS - system32: deleted 12 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\iun6002.exe
    c:\windows\system32\DC120fc7_32.dll
    c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-27 19:12 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89FFEDE0-18BA-4697-A8E7-A3C9DBF5C7D6}\mpengine.dll
    2013-01-27 19:06 . 2013-01-28 02:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-27 03:25 . 2013-01-27 03:25 -------- d-----w- c:\program files\Network Stumbler
    2013-01-27 03:23 . 2013-01-27 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
    2013-01-26 05:21 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-01 22:38 . 2013-01-16 05:08 -------- d-----w- c:\documents and settings\BLofquist.CONCORDIA\Application Data\dvdcss
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-11 06:22 . 2012-06-09 15:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-11 06:22 . 2011-05-18 15:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-15 00:49 . 2011-01-19 04:33 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-04 18:54 . 2011-01-28 21:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-10-13 22:24 . 2012-06-30 15:14 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
    "TpShocks"="TpShocks.exe" [2010-07-02 337256]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-02-28 818240]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "SnoopFreeUI"="SnoopFreeUI.exe" [2011-04-11 221184]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-14 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-14 170008]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-14 145432]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
    2010-02-05 13:44 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\ROI Systems\\PWS\\sockd32.exe"=
    "c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Documents and Settings\\BLofquist.CONCORDIA\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1542:TCP"= 1542:TCP:WPS TCP Prot
    "1542:UDP"= 1542:UDP:WPS UDP Prot
    "53:UDP"= 53:UDP:AP UDP Prot
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "1052:TCP"= 1052:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [10/22/2010 9:22 AM 25968]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 12:44 PM 20592]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/22/2010 8:28 AM 13680]
    R1 MpKsl4fb59e31;MpKsl4fb59e31;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89FFEDE0-18BA-4697-A8E7-A3C9DBF5C7D6}\MpKsl4fb59e31.sys [1/28/2013 11:43 AM 29904]
    R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 5:39 AM 1824064]
    R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [11/23/2011 10:11 AM 6884272]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [10/22/2010 9:22 AM 292200]
    R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 5:43 AM 98304]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/28/2011 1:05 PM 10448]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 10:35 AM 25824]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [10/22/2010 9:22 AM 69632]
    R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [3/30/2012 12:56 PM 244800]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 8:42 AM 14088]
    R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [10/14/2008 9:33 AM 61952]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [1/17/2011 8:17 PM 99328]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/22/2010 8:28 AM 64440]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [10/22/2010 8:23 AM 2058776]
    R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [10/22/2010 8:25 AM 661448]
    R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [11/23/2011 10:12 AM 7296]
    R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [11/23/2011 10:12 AM 40576]
    R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [11/23/2011 10:12 AM 24448]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/19/2008 3:29 PM 243856]
    R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/10/2012 10:11 PM 34432]
    R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 2:34 AM 25088]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/22/2010 8:28 AM 45496]
    S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 5:43 AM 106496]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
    S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys [4/11/2012 10:23 AM 21888]
    S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 5:44 AM 118784]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/27/2013 11:06 AM 40776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/10/2011 6:38 PM 30576]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [1/24/2011 11:22 AM 8576]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/5/2012 9:25 AM 323328]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [1/24/2011 11:22 AM 461056]
    S3 vusbser;Rovio ARM-Based MCU driver;c:\windows\system32\drivers\vusbser.sys [1/30/2011 4:18 PM 30720]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL4FB59E31
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 06:22]
    .
    2013-01-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
    .
    2013-01-28 c:\windows\Tasks\User_Feed_Synchronization-{33D3A1AE-EA95-417B-A3CA-FC6F4F76786A}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-TuneXP_1.5 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-28 11:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1012)
    c:\windows\system32\FpWinLogonNp.dll
    c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
    c:\program files\Lenovo Fingerprint Software\SharedResources.dll
    c:\program files\Lenovo Fingerprint Software\FPResource.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(5676)
    c:\windows\system32\WININET.dll
    c:\windows\SnoopFreeDll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\AMT\LMS.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\System32\SnoopFreeSvc.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Lenovo\System Update\SUService.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\LENOVO\HOTKEY\tposdsvc.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
    c:\windows\system32\TpShocks.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\igfxext.exe
    c:\windows\SnoopFreeUI.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-28 11:50:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-28 19:49
    .
    Pre-Run: 269,498,486,784 bytes free
    Post-Run: 269,356,748,800 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 5672B086E72039C39E4429D0EC4FFA56
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Did you use an ISO burner to create the disc? As stated in the instructions Seatools will not run from a Flash Drive. Did you make sure the system is set in the Bios to boot from the CD drive 1st?

    As we have yet to establish if the problem is due an infection running Combofix is of little use, the log shows no problems, but although it will remove infections it is used more as a clean up tool after major infections have been removed using other tools.

    Please try to run Seatools again and make sure you have followed the instructions correctly and explain in full what is happening when you try to boot from the CD you created.
     
  9. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    Yes, I used a ISO burner to burn a disk with Seatools on it. I changed the boot order in the Bios to boot from the CD. No luck.
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    That still does not tell me what you are seeing when you try to boot from the CD.

    Try booting another PC with the CD and see if it actually works.

    You must remember I cannot see what is happening so you need to give me all the information asked for so that I can give the correct advice.
     
  11. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    I think the problem is solved. I tried to restore from a previous restore point. I took a lot of tries. I had to go back to 11/29/12. That was sucessful. Everything is running normally. I'd really like to understand if the cause of this was running Linux from the USB Drive. Everything started after I did that. My plan has been to use Linux network tools from time to time. Not a great idea if it is going to cause this every time.
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    As you had previously run Linux from your USB drive then there is no reason I can think of that could explain why the problem occurred, but clearly something messed up the Windows registry.

    When you boot Linux from a USB drive it runs in the memory and should not make any changes to data or system files on your hard drive unless you access the hard drive through Linux and make the changes yourself.

    If you now try to run Seatools and Malwarebytes, do they work? Are you able to find the log if you run the Disc Check again? These things could well be worth trying again just in case there is an underlying problem.
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Just to add some further information that I have just received. There is a line in the Combofix log that I had not seen before and I just got a reply from another Malware Expert explaining what it means.

    The entry in the log shows as this:

    ADS - system32: deleted 12 bytes in 1 streams.

    This is an indication that there was an infection that has now been removed so that could well explain the problems you have had. System Restore does not guarantee removal of Malicious files on your system so I would now recommend you run Malwarebytes and post the log for me to see, please also run these two scans below.

    Please also tell me if Combofix is still on your system.


    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  14. lofquist

    lofquist Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    11
    Combo fix is not on the system anymore. I still can't get it to boot to the CD Drive. Below is the Malwarebytes log I ran after the restore:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.29.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    blofquist :: CONCORDIA-054 [administrator]
    1/29/2013 10:22:57 AM
    mbam-log-2013-01-29 (10-22-57).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 350544
    Time elapsed: 32 minute(s), 43 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 340efcbac64f502ad272e417fcd6bc17 -> Quarantined and deleted successfully.
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Malwarebytes has only found some Adware and a PUP (potentially unwanted program) which are not of any significance. Please continue with the other scans and post the logs.

    In respect of the PC not booting from the CD drive did you try what I suggested earlier to see if the disc you made will work in another PC.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087097

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice