1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unknown error..."stop:c000021a fatal error"

Discussion in 'Virus & Other Malware Removal' started by m0rb!d, Sep 23, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    hey im all of a sudden gettign an error that goes to a nlue screen and at the top left hand it says :

    "Stop: c000021a (fatal system error)
    the windows logon process system process terminated unexpectedly with a status o
    the system has been shut down"

    need help asap!!
     
  2. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    its goign to this screen every liek 5 mins... then i have to reboot!

    heres my log

    Logfile of HijackThis v1.98.2
    Scan saved at 5:57:50 PM, on 9/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\****\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\daemon.exe
    C:\WINDOWS\System32\exploer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ICQ\NDetect.exe
    E:\****\POP-UP~1\PSFree.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\valve\steam\steam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\****\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\****\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\****\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  3. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Hello mOrb!d

    See if you can stay online lond enough to do a online scan.
    Click Here If it finds anything scan with HijackThis and post a new log. If not, let us know. We'll go from there.

    Also:

    This is what I suggest you do next.

    Make sure you have the up-to-date versions of Spybot and Ad-aware. All are free and available below.

    Download Spybot, install and update. Then download Ad-aware, install, and update.

    Spybot:
    Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

    Close ALL windows except Spybot S&D
    Click the button to "Search for Updates" and download and install the Updates.
    Next click the button "Check for Problems"
    When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
    Put a check mark beside the RED (RED) entries ONLY.
    Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

    Ad-Aware FULL SCAN:

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Before restart, Empty Recycle Bin.

    Restart your computer.

    Post a new HijackThis log.
     
  4. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    went on safe mode, did what u said...still error apears on normal mode...

    Logfile of HijackThis v1.98.2
    Scan saved at 7:43:01 PM, on 9/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\****\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\daemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ICQ\NDetect.exe
    C:\WINDOWS\System32\winini.exe
    C:\Program Files\ICQ\ICQ.exe
    E:\****\POP-UP~1\PSFree.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\valve\steam\steam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [winini.exe] C:\WINDOWS\System32\winini.exe
    O4 - HKLM\..\RunServices: [winini.exe] C:\WINDOWS\System32\winini.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\****\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
    O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
    O4 - HKCU\..\RunServices: [winini.exe] C:\WINDOWS\System32\winini.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\****\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\****\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  5. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    I suggest you do this:

    Download CWShredder from my signature below. Unzip it on the desktop.
    Open CWShredder and with ALL other windows closed, click fix.

    Next.
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O4 - HKLM\..\Run: [winini.exe] C:\WINDOWS\System32\winini.exe
    O4 - HKLM\..\RunServices: [winini.exe] C:\WINDOWS\System32\winini.exe
    O4 - HKCU\..\RunServices: [regdata.exe] C:\WINDOWS\System32\regdata.exe
    O4 - HKCU\..\RunServices: [winini.exe] C:\WINDOWS\System32\winini.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...aa2edc6fc4885a4

    Restart your computer.

    Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
    Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

    Open C:\WINDOWS\System32\regdata.exe <--Delete File

    Search your hard drives for winini.exe. Delete all it finds

    Reboot normal and post a new HijackThis log
     
  6. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    did it all...couldnt find regdata file tho...searched for it but nothing of that name is on my computer

    Logfile of HijackThis v1.98.2
    Scan saved at 8:36:58 PM, on 9/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\****\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\daemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ICQ\NDetect.exe
    C:\Program Files\ICQ\ICQ.exe
    E:\****\POP-UP~1\PSFree.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\valve\steam\steam.exe
    E:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\****\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
    O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\****\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\****\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  7. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    ok i think xed...computer hasnt gone to that werror screen sicne i did what u said, so i want to say thansk for the help man!!!i really REALLY apreciate it!!

    -
    www.elementalitycomic.com
     
  8. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"
    O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe

    Restart your computer in Safe Mode.

    Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
    Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

    Open C:\WINDOWS\System32\exploer.exe <--Delete File

    Reboot normal and post a new HijackThis log
     
  9. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    did t..and once again couldnt findthe file u toldme to find insafe mode...so im assumign that hjt deleted it .

    Logfile of HijackThis v1.98.2
    Scan saved at 9:51:06 PM, on 9/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\****\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\daemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ICQ\NDetect.exe
    C:\Program Files\ICQ\ICQ.exe
    E:\****\POP-UP~1\PSFree.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\valve\steam\steam.exe
    E:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\****\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
    O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\****\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\****\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  10. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    It's still there.

    O4 - HKLM\..\Run: [exploer.exe] C:\WINDOWS\System32\exploer.exe

    Open C:\WINDOWS\System32 see if it's there. make SURE it's exploer.exe
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    This one beeds to be fixed too:

    O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe

    Boot to safe mode and delete the C:\WINDOWS\system32\regsrv32.exe file.

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK.

    Empty the Recycle Bin


    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    When you are sure you are clean turn it back on and create a restore point.


    Go here and do an online virus scan.

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.
     
  12. m0rb!d

    m0rb!d Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    189
    cool i didi it thanks!
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    (y)

    Let's see one more log please.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/277317

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice