1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Iexplore.exe always running (and Pop-ups galore)

Discussion in 'Virus & Other Malware Removal' started by Ronsonol, Jan 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    Hi all, glad I found this site.
    Ive been doing some reading around this forum, let me first state that Im really impressed by the level of expertise (spelling) on this site and the level of commitment and effort shown around here.

    Now to my problem (I hope its easy)

    In my task manager I always find iexplore.exe running (using lots of mem as well - right now its around 22000K)
    This I find quite peculiar as I don't have any IE windows up and running. It is always there, regardless if Im using IE or not, sucking memory, and I cant end the process. And if I ever was to use IE I get pop up galore.

    Because of this I have converted to Firefox and I'm very fond of it btw.

    This problem occurred not so long ago, and I might relate it to the installation of a piece of software which was supposed to help me download from the web. I don't remember the software exactly but I think it was from warez. I don't trust warez, but my virus scan didn't find anything wrong.

    I have scanned my computer over and over again but nothing seems to be wrong according to Norton, Housecall, kaspersky, spybot etc. I think I have tried 10 different tools. so now Im trying to ask you guys for help.
    Im afraid Ive got some sort of malware or Trojan, can anyone please help me out?

    Thanks so much in advance.
     

    Attached Files:

  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I have posted your log this way so it is easier to work with.



    Logfile of HijackThis v1.99.1
    Scan saved at 18:59:06, on 18.01.2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\RunDLL32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Geir\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.db.no/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [bikeaxistrustcurb] "C:\Documents and Settings\All Users\Application Data\Multi blah bike axis\GlobalView.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" /start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Amok bold] "C:\DOCUME~1\Geir\APPLIC~1\BURNSA~1\Name bash.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161800385390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  3. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    Right o, thanks mate
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Download NoLop:

    http://www.spywareedge.net/nolop/NoLop.exe


    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it

    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.

    A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with new hijackthis log

    -----------------------------------------------------------------------
    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --
    http://www.ascentive.com/support/new/support_dll.phtml?dllname=MSCOMCTL.OCX
     
  5. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    Allright, will do. Thanks for taking the time mate!

    Nolop found something and fixed it. But the problem remains. I actually have two iexplore.exe processes running at the mo.
    Just tried IE to make sure, and I still have popups as soon as I open IE and somehow my homepage is changed to www.live.com

    Heres Nolop Log:

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Geir\Desktop
    [19.01.2007]
    [12:40:15]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\A8142E5E9107A5BA.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Installshield
    C:\Documents and Settings\All Users\Application Data\Livetestgrimbody
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Msn6
    C:\Documents and Settings\All Users\Application Data\Multi Blah Bike Axis
    C:\Documents and Settings\All Users\Application Data\Nvidia
    C:\Documents and Settings\All Users\Application Data\Nview_profiles
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Documents and Settings\All Users\Application Data\Ubisoft
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Geir\Application Data\.bittornado
    C:\Documents and Settings\Geir\Application Data\Adobe
    C:\Documents and Settings\Geir\Application Data\Ahead
    C:\Documents and Settings\Geir\Application Data\Apple Computer
    C:\Documents and Settings\Geir\Application Data\Arcsoft
    C:\Documents and Settings\Geir\Application Data\Burn Safe Settings
    C:\Documents and Settings\Geir\Application Data\Dmcache
    C:\Documents and Settings\Geir\Application Data\Google
    C:\Documents and Settings\Geir\Application Data\Identities
    C:\Documents and Settings\Geir\Application Data\Idm
    C:\Documents and Settings\Geir\Application Data\Leadertech
    C:\Documents and Settings\Geir\Application Data\Macromedia
    C:\Documents and Settings\Geir\Application Data\Microsoft
    C:\Documents and Settings\Geir\Application Data\Mozilla
    C:\Documents and Settings\Geir\Application Data\Msn6
    C:\Documents and Settings\Geir\Application Data\Sonic
    C:\Documents and Settings\Geir\Application Data\Sports Interactive
    C:\Documents and Settings\Geir\Application Data\Sun
    C:\Documents and Settings\Geir\Application Data\Symantec
    C:\Documents and Settings\Geir\Application Data\Trojanhunter
    C:\Documents and Settings\Geir\Application Data\Vlc
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft



    And heres HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:44:29, on 19.01.2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINDOWS\System32\RunDLL32.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Documents and Settings\Geir\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [bikeaxistrustcurb] "C:\Documents and Settings\All Users\Application Data\Multi blah bike axis\GlobalView.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" /start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Amok bold] "C:\DOCUME~1\Geir\APPLIC~1\BURNSA~1\Name bash.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161800385390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Thanks again
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You will get those popups until all the Lop stuff is taken out, we have some more work to do....

    Open the Control Panel, and then Add/Remove Programs, look for any of these items there and use the Uninstall/Remove for them:

    • Download Plugin for Internet Explorer
    • Bar888
    • Netpumper
    • Bitroll
    • Bitgrabber (These all can install Lop)
    • Zone Media" or "CiD Help" or "CiD
      Manager"


    You may still get these popups until we do one more step, but they should decrease.

    If the items do not show in Add/Remove Programs, or the uninstallers tell you files are missing,
    just reply back and we will continue on with manual removal.

    I guess, since there is a large time online difference from you to me, I will just go ahead and post the
    manual fixing to do, so that you can continue and get it finished if the uninstallers are not able to do it.

    Download ATFCleaner

    by Atribune & save it to your desktop. DO NOT use it yet. We will use it in Safe Mode, later


    Download AVG Anti-Spyware from HERE and save that file to your desktop.


    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly...

    Next>
    To enable the viewing of Hidden files follow these steps:

    Close all programs so that you are at your desktop.
    Double-click on the My Computer icon.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button and close My Computer.


    After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion.

    Start up Hijackthis, and put a checkmark in the box next to all of these items I have in my list below



    O4 - HKLM\..\Run: [bikeaxistrustcurb] "C:\Documents and Settings\All Users\Application Data\Multi blah bike axis\GlobalView.exe"

    O4 - HKCU\..\Run: [Amok bold] "C:\DOCUME~1\Geir\APPLIC~1\BURNSA~1\Name bash.exe"

    Next, Close all other windows, and click "Fix Checked" to have Hijackthis
    remove those items.


    You should copy these steps to a Notepad text file, save it to your desktop as steps.txt or whatever...so you have it to refer to while the Internet is not available in Safe Mode.


    This where we boot to Safe Mode:

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu"
    Use your arrow keys to move to "Safe Mode" and press your Enter key.

    Open Windows Explorer Navigate to the folders shown below.
    Delete the following files or folders (delete item in bold). Please do not be concerned if
    any of the items are not found as they may have been automatically removed by actions I had
    you take earlier in the cleaning process.



    C:\Documents and Settings\All Users\Application Data\Livetestgrimbody
    C:\Documents and Settings\All Users\Application Data\Multi Blah Bike Axis
    C:\Documents and Settings\Geir\Application Data\Burn Safe Settings

    Next, start up ATFCleaner:

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.


    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.


    Start up Internet Explorer> see what happens, if it is a good site, not a redirected hijack one,
    continue on to the site you want as your Home Page

    In Internet Explorer window at the top, open Tools>Internet Options>Programs

    Click "Use Current" when you are at the site you wish to be the Home Page.


    Post a new Hijackthis log.
     
  7. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    Waddya know, I think we got it!
    Good point with the time difference btw. I cant really come to terms with the fact that Im actually getting computer help from a guy on the other side of the atlantic, its quite amazing.


    I think we got it mate.
    Events:
    • Add/Remove Programs: Found "CiD Help" Uninstalled. Found no of the others.
    • Downloaded ATFCleaner.
    • Downloaded, installed and updated AVG.
    • Enabled viewing of Hidden files.
    • In HJT: Fixed "bikeaxistrustcurb" - dint find "Amok bold"
    • Booted to safe mode.
    • Deleted C:\Documents and Settings\All Users\Application Data\Multi Blah Bike Axis - didnt find the other two
    • Ran ATF Cleaner - cleaned
    • Ran AVGCleaner - found something like 4700 infections. I actually chose delete instead of quarantine. Which means I was a naughty boy and didnt do exactly as you said.
    • Booted to normal mode
    • Ran Internet explorer. No pop ups. Chose my regular homepage. Closed IE.
    • Checked task manager ond processes; no iexplore.exe

    So it appears to me that its allright. I give you my newest HJT log in case you dont think we're there just yet:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:58:18, on 20.01.2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\RunDLL32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\Geir\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www..db.no/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ASUS SmartDoctor] "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" /start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161800385390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    You know this far better than me; are we ok or do we have some more work to do? I appreciate all the help youve given me so far. :)
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    (y) Hi- You did well!
    Only a day or so of use on the computer will tell you if it's been cleaned. Apparently you got Lop from a download, so now you know better and it shouldn't reappear.

    The next step should be cleaning System Restore but, you do not have Service Pack 2 for XP, and I was wondering why.
    If you have tried SP2, could you tell me what happened as a result if you found things not working right, or, is there another reason you have not updated system to SP2?

    As far as anything left to do the log is clean now.

    Your System Restore Points will contain backed up malware, so you should not use Restore until you
    flush all Points. I am waiting for a reply about SP2- now would be the best time to try it, since you have
    removed ad and spyware and the computer is fairly "clean". When you try to install SP2 the computer will create a new Restore Point>>> so I think the best idea would be to do the following:

    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.Wait for hourglass to stop and it says
    "Turned Off"

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    Now, try for Service Pack 2 and if anything doesn't work well, you can
    1. Try to Uninstall SP2 from Add/Remove Programs-- Microsoft built it this way since
    people do have problems after these type of updates.


    Rather than me going on about it, here is the MS info on UNdoing SP2 just in case....


    http://support.microsoft.com/KB/875350
     
  9. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    (y) Yey, we beat it!(y)

    Cheers mate, youve been outstanding. :cool:

    I've been running with system restore off for a few days now as Ive been working on this problem, but now maybe its time to turn it on and make a clean restore point.

    As for SP2 its really just a case of me being skeptical. I installed it once on my mothers PC and it blew it out of the water so to speak. Just turning it on took forever, and everything was running as though it was swimming in cirup. And it was such a hassle to get id of.. Thats basically my experience with SP2, and the reason why I havent bothered.
    My pc is quite marginalized as it is, and Im afraid installing SP2 will demand more resources thus leaving me with a machine not suited for my needs.
    If you claim otherwise I will of course reconsider.

    Its been ages since last time I had a wrestle with the genuine advantage or validation tool or whatever its called, gee Im looking forward to that again.. :mad:
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, There are considerations you have to understand to
    ensure a hassle-free install of SP2.

    The PC you tried it with, may have been in a poor state
    lacking maintenance, or infected.

    If you are installing SP2 onto a branded computer, HP, Dell,
    Compaq, etc there may be some updates for software or drivers
    that are needed before SP2 can work.

    When you go to install SP2, a pre-install check is done
    so, you have at least some assurance the computer is
    in a basic state of readiness.

    Keep in mind that these updates close a lot of holes in
    Windows that malware gets in through. Just after an install,
    some slowdown is fairly normal, but that is supposed to
    end after a few restarts and a few days of use.

    I can't advise you one way or the other, if you say the PC is borderline then stick with your
    instincts.

    Keep on the sunny side, pleasure helping you!
     
  11. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    OK, you make sense, I will give sp2 a try, and report back.
     
  12. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    crisis! just given sp2 a try and my pc wont boot. just stays in the loading windiw with the blue bar running.
    tried safe mode, halts at giveio.sys.
    now what do I do?!
    I knew it, sp2 isnt for me..
     
  13. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Ronsonol PM'd me, and I replied back with some ideas....

    And, here are some others

    http://support.microsoft.com/kb/875355 <look here first it's a way to remove SP2

    The problem you are having is only a software or driver you are using, if you try and take care of that
    problem later, then you may successfully be able to use SP2, or just don't use Service Pack 2, if you cannot solve the issue.


    http://support.microsoft.com/default.aspx?scid=fh;en-us;windowsxpsp2



    http://www.pcreview.co.uk/forums/thread-471021.php

    The driver giveio.sys is also related to the ImageSurfer software.

    http://www.greatis.com/appdata/a/g/giveio.sys.htm

    http://www.5starsupport.com/ipboard/lofiversion/index.php?t2618.html


    Here are a ton of related problems with that same driver file:

    http://groups.google.com/groups?q=g...,GGLD:2004-14,GGLD:en&sa=X&oi=groups&ct=title

    You may have to use the Recovery Console to remove the driver-

    Or, update the driver, most likely, for your video card or chip. These are common things that you have to check for, before getting SP2, as I posted.
     
  14. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    Hi again Byteman, and sorry for the PM bit, but I was desperate and it was getting late. I was, and still is, afraid that I will have to reinstall xp, and all our work the last week was in vain because of Microsoft.
    But thanks for the continued help. Im at work now so I print every advice / idea and take it home with me, to work on it later on.

    The thing im most concerned about; I booted from win xp cd yesterday, to try a few things like the repair function, but the cd couldnt find any windows partitions on my pc. It couldnt detect a hdd at all. Im running two s-ata disks, and I remember I had a hassle when installing these. had to use a floppy and hit F6 and generally moving on thin ice.

    Anyways, I will give all ideas a try, and hopefully we'll find a way through this. Im quite worked up, but I truly appreciate your help. Especially now, as Im in really uncharted territory.
     
  15. Ronsonol

    Ronsonol Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    35
    I should perhaps mention, that Ive changed some HW. I built my pc into a new chassis (cabinet?) last week, and replaced both the cpu heatsink/fan and the VGA heatsink/fan. All this was running perfectly though, tested booting as well before i began the SP2 install and there was no problems. I mention this just in case you suggest it could be HW changes that caused this. But as I said, this ran smoothly before the SP2 install.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Iexplore always running
  1. Dariole
    Replies:
    1
    Views:
    311
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536323

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice