It will update for you or show you at the top that you do not have a packet installed. Tell it to download the packet. sometimes when you do this you will have to close the browser before the packet will work. You can go to mozilla.com click Add-ons and select Firefox Ad-ons. Then you can read what you would like to install.
tjj107 I thought rav009 was going to read the file, but he may have been sidetracked. As far as you HjT log goes you are clean. Get rid of one of your anti-virus programs. They will conflict with each other. If your Norton is kept up to date, then keep it. If you like the free edition anti-virus then keep it and remove Norton. I did not see a couple of programs in your log that I had asked you to get. Get this one: http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=pop Get this one: http://www.download.com/CCleaner/3000-2144_4-10547048.html?tag=lst-0-1 Now after you have removed one of your anti-virus, reboot in safe mode. Run the Ad-Aware, CCleaner, Spybot, then whichever anti-virus you kept. Make sure they are up to date before you run them. Now go to Start-> All Programs-> Accessories-> System Tools. There you will find Disk Cleanup and Disk Defragmenter. Run both of these programs in safe mode starting of course with the cleanup. After you do all of this let me know if you are still having any problems. Because it is a notebook, you might make sure that you are fully charged. I know that a notebook with a low battery has caused problems in the past. [bold]Edit: Be sure to delete your temp folders and your cache folders.[/bold]
Hi Sorry, I'm in the UK and it was late when I posted that last night, I needed sleep First of all, tjj107 you are running two anti viruses, this could even be what is causing the issue, when two anti virus clients are ran side by side they can conflit, cause massive system resource usage, create system instabilty and much much more, you are running Norton Internet Secuirty, that means you already have Norton Anti Virus, the problem is you are also running AntiVir, disable one. I recomend you get rid of AntiVir as you are paying for Norton, go Start > Controll Pannel > Add Or Remove Programs and remove anti vir. Uninstall it and post me a fresh log. @syxguns, Cheers for the complements (Edited for typos)
ok im doing those things now because im on the other computer right now but i did download that CC software thing and have ran it before. i got rid of the free antivirus and kept nortan and am booting in safe mode now. also out of curiousity (sorry cant spell) i have 512mb RAM atm in there (well 448 cos the graphics take off of it) and was wondering if i put anotha 512mb RAM in there, would it make it that much quicker? i mean would it warrant spending £30-£40 on it? thanks again and i will let u know
ok here is the log after i delted anti vi: please helpcos its gettin soo anoyin now! Logfile of HijackThis v1.99.1 Scan saved at 14:53:29, on 16/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Power Manager\PM.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HjL\hijack\Hijack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101DSGB O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tjj107tomjj1989.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Ok, I'm with you. However I do actually have to deal with somthing right now, if you be patient I will get to you in an hour or two. In the mean while: [*]Do not take instructions from anyone else. [*]Do not ask at another site. And yes, installing some more ram will make it coniderably faster, its definatly worth a crack.
Hey tjj107 Your log is clean unless I've missed somthing. I'd like you to do the following: Download, Install and update Ad Aware Se: http://www.lavasoftusa.com/software/adaware/ Download, Install and update Spybot Search And Destroy: http://www.download.com/3000-8022-10289035.html Run a Trend Micro online scan http://housecall.trendmicro.com/ If anything is found, save a log and post it here. Cheers.
ok i did the first two but when i try the third one it never loads. nothing came up with the first two so does that mean i am [bold]screwed?![/bold]
Nah, your not screwed just yet If Trend Micro didn't work you can scan with any of theese: http://www3.ca.com/virusinfo/virusscan.aspx http://www.pandasoftware.com/actives..._principal.htm http://www.bitdefender.com/scan/license.php http://us.mcafee.com/root/mfs/default.asp Update Your OS Please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system. http://download.microsoft.com/downlo...p1a_en_x86.exe Validate System Files Go to the Run box on the Start Menu and type in or copy/paste sfc /scannow (there is a space between sfc and /) This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If any problems are found, you will be prompted to insert the Windows XP install disc so have it handy. The following should appear to give an indication of how long the process is taking. Check the Event Veiwer Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues. Go to Start > Run - type in eventvwr <Press Enter> This is a picture of what the event viewer looks like. You will see Application, Security & System listed in the left pane. 1. In the left pane click on Application. 2. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name, look for “Error” & double-click on the most recent 5, and evaluate the event description for any indication of the cause of the problem. 3. Make note of the Description, EventID and Source of these Event Properties. 4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below: 5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down, there is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard) 6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here Repeat steps 1-6 for System Your actuall issue is with your laptops touch pad right? Its just the fast that it works well in safe mode thats confusing, the fact that you said your pc also shuts off directed me to think of it being malware. Thank you for your cooperation, we will have your computer sorted in no time
ok i will definatly try that- thanks! and yes its the touchpad that sometimes doesnt work and also the computer freezes for like 10 mins about 20 mins after it is turned on [bold]but[/bold] i have neither of these problems when i run it in safe mode. right im gona go do all those things and i will get back to you with the results, thanks
Hey Rav- I am a little confused about the safe mode issue myself. I thought for sure it was a Trojan, or maleware issue. I know of another program you might have him run and post a log for. It is called StartupList. You can download it from: http://www.spywareinfo.com/~merijn/downloads.html I only suggest this because maybe there is something in the startup programs that is causing this issue. It's worth a try.
right i used that panda sacn fing and it came up saying: Incident Status Location Virus:Bck/Haxdoor.MF Disinfected C:\17656179226.exe Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[.com.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Cookies\tom@atdmt[1].txt Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Potentially unwanted tool:Application/MyWebSearch but it wont delete them unless i pay £20!!! are these viruses genuine or just something the company made up?! :s it said i had one virus and like 5 spywares! help!
ok im kinda lost when it comes to this event log fing. i did the fing u asked to do before with the windows XP cd but i am kinda lost when it comes to this event log- by that i mean i can do it but it doesnt return anything useful- just unresponsive programs or webpages , no hardware or anyfin. what do i do know?! ?! thanks!
Okay, rav can help you with the virus issue. I wanted to see if you would do the following. 1) Start-> All Programs-> Accessories-> Windows Explorer. This will open a new window. Now select Tools-> Folder Options and a window will open. Select the tab that says, "View". Under that tab in the advanced settings box you will see a folder called, "Hidden files and folders". Under that folder there are two radio buttons. Select the one that says, "Show hidden files and folders". Now select Apply and then OK. Now remember after you have finished with these steps to change it back. Notice the left pane and right pane. In the left pane go to My Computer-> Local Disk (C-> Documents and Settings-> Your User Name-> Local Settings-> Temp. Delete everything in that folder. There may be a couple of things that can't be deleted but that is okay. 2) You can scroll farther down in the explorer and find another folder called temp. Remove all of the items there. 3) Now scroll down to Windows-> Cache and delete all. 4) Now Windows-> Temp and delete all. Now be sure before you close the Explorer window to set the view items back to the original position. Now a couple of the items that you had in that file were Firefox items. These items are not bad, but they may be removed. Reboot in safe mode and run Spybot again. It will find items that belong to Firefox that are not needed. Go ahead and remove them. Oh yeah, before I forget go ahead and open up IE and go to tools-> options (or browser options)-> "..." somewhere in there you will be able to delete cache, cookies, temporary Internet files, URL's etc. Go ahead and remove everything. Make sure that firfox is set as your default browser. You can do that from the tools-> options menu also. After you have done all of that run another scan and see what it says. I prefer Trend Micro: http://www.trendmicro.com/hc_intro/default.asp But I believe you said that it wouldn't work for you. Maybe try it one more time.
yeh i did all the things u said syxguns but that trend micro still doesnt work for me and when i tried another one that rav suggested , ti found spyware but wouldnt delete them. do you know any more sites i can use? thanks
ok rav ,here is what you wanted me to do. i did it with 'system' part of the event log: [bold]THIS PROBLEM COMES UP LOADS OF TIMES ON THERE: (COULD THIS BE THE PROBLEM WITH THE FREEZING BECAUSE WHEN IT FREEZES, THE HARD DISK LIGHT STAYS ON AND THIS IS ABOUT THE HARD DISK?)[/bold] Event Type: Error Event Source: Disk Event Category: None Event ID: 7 Date: 31/07/2006 Time: 21:22:03 User: N/A Computer: TOMJ-JSCOMPUTER Description: The device, \Device\Harddisk0\D, has a bad block. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 03 00 68 00 01 00 b6 00 ..h...¶. 0008: 00 00 00 00 07 00 04 c0 .......À 0010: 00 01 00 00 9c 00 00 c0 ....œ..À 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 ee e0 38 05 00 00 00 .îà8.... 0028: bb b9 00 00 00 00 00 00 »¹...... 0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ.... 0038: 40 00 00 84 02 00 00 00 @..„.... 0040: 00 20 0a 12 40 03 20 40 . ..@. @ 0048: 00 00 00 00 0a 00 00 00 ........ 0050: 00 00 00 00 a0 80 e5 83 .... €åƒ 0058: 00 00 00 00 08 e0 91 83 .....à‘ƒ 0060: 00 00 00 00 77 70 9c 02 ....wpœ. 0068: 28 00 02 9c 70 77 00 00 (..œpw.. 0070: 80 00 00 00 00 00 00 00 €....... 0078: f0 00 03 00 00 00 00 0b ð....... 0080: 00 00 00 00 00 00 00 00 ........ 0088: 00 00 00 00 00 00 00 00 ........ [bold]AND ALSO THIS PROBLEM COMES UP A FEW TIMES:[/bold] Event Type: Error Event Source: atapi Event Category: None Event ID: 9 Date: 31/07/2006 Time: 21:25:27 User: N/A Computer: TOMJ-JSCOMPUTER Description: The device, \Device\Ide\IdePort0, did not respond within the timeout period. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 0f 00 50 00 01 00 a4 00 ..P...¤. 0008: 00 00 00 00 09 00 04 c0 .......À 0010: 00 01 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 00 00 00 00 00 00 00 00 ........ 0030: 00 00 00 00 07 00 00 00 ........ 0038: 40 00 00 0e 00 00 00 00 @....... 0040: 00 20 0a 12 40 03 20 40 . ..@. @ 0048: 00 00 00 00 0a 00 00 00 ........ 0050: 00 50 5f f5 a8 9f 17 84 .P_õ¨Ÿ.„ 0058: 00 00 00 00 08 aa 20 84 .....ª „ 0060: 00 00 00 00 71 70 9c 02 ....qpœ. 0068: 28 00 02 9c 70 71 00 00 (..œpq.. 0070: 30 00 00 00 00 00 00 00 0....... [bold]AND THIS COMES UP A FEW TIMES:[/bold] Event Type: Error Event Source: DCOM Event Category: None Event ID: 10010 Date: 02/08/2006 Time: 21:16:54 User: TOMJ-JSCOMPUTER\Tom Computer: TOMJ-JSCOMPUTER Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. [bold]this is what windows told me about the first bit of info i wrote above (the hard disk) [/bold]: Details Product: Windows Operating System Event ID: 7 Source: Disk Version: 5.2 Symbolic Name: IO_ERR_BAD_BLOCK Message: The device, %1, has a bad block. Explanation The device has a bad block of memory, which Windows attempted to read. The data might be missing or corrupted. User Action If this event is logged regularly, replace the hard disk drive. [bold] what do you think? [/bold]
Hey tjj107 Now we may be getting somewere, I did a Panda scan myself, now they find infections, but don't remove them, which is a bit sad. But now we know there is malware present, lets try a BitDeffender online scan, HJT didnt show anything, there is a few more things we can try, but BitDeffender may be able to provide us with a insight. BitDeffender Online Scan http://www.bitdefender.com/scan8/ie.html We may aswell also see if Ewido shows us any infections: Ewido Anti-Spyware Free : http://free.grisoft.com/doc/5390/lng/us/tpl/v5#ewido-free Save the logs from BOTH Ewido and BitDeffender if anything is found and reply here: Also, please help me help you, follow this post: http://forums.afterdawn.com/thread_view.cfm/2/379472#2288451 You didn't properly post the even viewer errors, read more closely and reply. In your next post I want: *Ewido Report *BitDeffender Report *Sfc /scannow result. *OS update info (whether or not you did) Do not reply untill you have all of them ready, thanks for your cooperation, we are getting there
[bold] here are the 2 online scans [/bold] (its a lot)! ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 14:12:16 17/08/2006 + Scan result: :mozilla.57:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.58:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.59:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.60:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.61:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.115:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. :mozilla.123:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Com : No action taken. :mozilla.36:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken. :mozilla.37:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken. :mozilla.38:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken. :mozilla.104:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken. :mozilla.105:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken. :mozilla.106:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken. :mozilla.107:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken. :mozilla.78:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.79:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.80:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.81:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.112:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken. :mozilla.113:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken. ::Report end BitDefender Online Scanner Scan report generated at: Thu, Aug 17, 2006 - 16:04:25 Scan path: C:\Documents and Settings\Tom\My Documents;C:\Documents and Settings\All Users\Documents;C:\; Statistics Time 01:50:29 Files 139955 Folders 3305 Boot Sectors 2 Archives 1339 Packed Files 5903 Results Identified Viruses 5 Infected Files 29 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 56 Engines Info Virus Definitions 449601 Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38) Scan plugins 13 Archive plugins 39 Unpack plugins 5 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2) Infected with: Trojan.Dropper.Winad.H C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2) Infected with: Trojan.Dropper.Winad.H C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2) Infected with: Trojan.Dropper.Winad.H C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2) Infected with: Win32.Worm.VB.DW C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2) Infected with: Win32.Worm.VB.DW C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2) Infected with: Js.Sillydownloader.AA C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2) Infected with: Win32.Vb.AN@mm C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2) Deleted C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe=>wise0015 Detected with: Application.Adware.NewDotNet.B.Dropper C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe=>wise0015 Deleted C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe Update failed C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe=>wise0015 Detected with: Application.Adware.NewDotNet.B.Dropper C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe=>wise0015 Deleted C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe Update failed
