Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen appear when internet is available!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MWAV.LOG

Unread postby Tommie » May 19th, 2007, 3:36 am

ri May 18 22:57:14 2007 => ***** Scanning Registry and File system for Adware/Spyware *****
Fri May 18 22:57:15 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\TANGME~1\LOCALS~1\Temp\spydb.avs, Size: 226628].
Fri May 18 22:57:18 2007 => Indexed Spyware Databases Successfully Created...

Fri May 18 22:57:26 2007 => Offending file found: C:\WINDOWS\system32\moveex.exe
Fri May 18 22:57:26 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (moveex.exe)! Action taken: Entries Removed.
Fri May 18 22:57:26 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.

Fri May 18 22:57:27 2007 => Offending file found: C:\WINDOWS\system32\pmuninst.exe
Fri May 18 22:57:27 2007 => System found infected with w32.myzor.fk@yf Trojan (pmuninst.exe)! Action taken: Entries Removed.
Fri May 18 22:57:27 2007 => Object "w32.myzor.fk@yf Trojan" found in File System! Action Taken: Entries Removed.

Fri May 18 22:57:27 2007 => Offending file found: C:\WINDOWS\system32\swreg.exe
Fri May 18 22:57:27 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Entries Removed.
Fri May 18 22:57:27 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.

Fri May 18 22:57:27 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
Fri May 18 22:57:27 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Entries Removed.
Fri May 18 22:57:27 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.

Fri May 18 22:57:43 2007 => Checking MountPoints2 Registry Key...
Fri May 18 22:57:43 2007 => Invalid Command Found in {e2dd8de6-fc7d-11db-815e-0013ce850c9e}\Shell\AutoRun\command: E:\LaunchU3.exe
Fri May 18 22:57:43 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dd8de6-fc7d-11db-815e-0013ce850c9e} !!!
Fri May 18 22:57:43 2007 => Deleting Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dd8de6-fc7d-11db-815e-0013ce850c9e}
Fri May 18 22:57:43 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.

Fri May 18 22:57:43 2007 => Checking CLSID Reference Entries...
Fri May 18 22:58:01 2007 => Checking Module Usage Entries...
Fri May 18 22:58:01 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActivexChart.ocx". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HPGetDownloadManager.ocx". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\wlscBase.dll". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Checking User Trusted External App Entries...
Fri May 18 22:58:02 2007 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\IBM\Java142\jre\javaws\\javaws.exe\"". Action Taken: Entries Removed.

Fri May 18 22:58:02 2007 => Checking Shared DLL Entries...
Fri May 18 22:58:04 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActivexChart.ocx". Action Taken: Entries Removed.

Fri May 18 22:58:04 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HPGetDownloadManager.ocx". Action Taken: Entries Removed.

Fri May 18 22:58:04 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: Entries Removed.

Fri May 18 22:58:04 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\wlscBase.dll". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\RFA\readme.txt". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Yahoo!\NSS\ReadMe.txt". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ACT\SfxBar.dll". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ACT\Cfx4032.ocx". Action Taken: Entries Removed.

Fri May 18 22:58:05 2007 => Checking Installer Entries...
Fri May 18 22:58:05 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\". Action Taken: Entries Removed.

Fri May 18 22:58:06 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Decomposers\". Action Taken: Entries Removed.

Fri May 18 22:58:06 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\IDS\". Action Taken: Entries Removed.

Fri May 18 22:58:06 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Installer\{C6F5B6CF-609C-428E-876F-CA83176C021B}\". Action Taken: Entries Removed.

Fri May 18 22:58:08 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Security Center\". Action Taken: Entries Removed.

Fri May 18 22:58:08 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Action Taken: Entries Removed.

Fri May 18 22:58:08 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\VirusDefs\". Action Taken: Entries Removed.

Fri May 18 22:58:08 2007 => Checking Shared Tools Entries...
Fri May 18 22:58:08 2007 => Checking File Extension Entries...
Fri May 18 22:58:08 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbf". Action Taken: Entries Removed.

Fri May 18 22:58:08 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".log1". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpl". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Checking Application Cache Entries...
Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{032B93E8-D9A1-48D2-AA51-D057ABBA9E52}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{106E7A1C-22DA-42D7-8E74-37772A9C89FB}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2959B9F6-2D49-4E0D-96F4-D684106FE48D}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{345321B9-E6DC-4606-9C44-CEC373E64CCF}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6A6A5A40-FB6D-402C-8516-CC61E6DFE524}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{91B8E34E-54A1-4574-973D-75EFDFEED13D}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AA0370C1-BEB2-4C8E-ADFD-B7AFE85F0FBE}". Action Taken: Entries Removed.

Fri May 18 22:58:09 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B945219C-C51C-4BD0-BAD5-A3FED95B555F}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C4535494-0732-4123-BD27-8A000D3B36F2}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C4868E88-F5B5-4E45-9592-C7062BD97441}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CEB1A88D-195D-4350-A550-C6807B1BBB17}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F5001920-E94E-4287-80C6-158FBC1D7035}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F64306A5-4C32-41bb-B153-53986527FAB4}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F6EE1D0A-575F-4ACA-999C-A640AF34F6DA}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F891AAF3-DE9F-4445-85CF-6E41261A7F5A}". Action Taken: Entries Removed.

Fri May 18 22:58:10 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FF0311AB-34A0-4B0B-A8D3-B51E72B34F2C}". Action Taken: Entries Removed.


Is this what you want? I've searched thru the whole log and this is only the part where I can find the infected filenames.
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am
Advertisement
Register to Remove

MOVEit LOG

Unread postby Tommie » May 19th, 2007, 3:42 am

C:\WINDOWS\system32\mqqmdisp.dat moved successfully.
C:\WINDOWS\tcsrahrk2.reg moved successfully.
C:\WINDOWS\r81j7l4g.pif moved successfully.
C:\WINDOWS\9ergx.dat moved successfully.
C:\WINDOWS\fwall32.dat moved successfully.
C:\WINDOWS\odfvf.dat moved successfully.
C:\WINDOWS\npad32.dat moved successfully.
C:\WINDOWS\np8dbq.exe moved successfully.
C:\WINDOWS\m2-008-911.exe moved successfully.
C:\WINDOWS\pgdegfv.exe moved successfully.

Created on 05/19/2007 15:40:28
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Susan528 » May 19th, 2007, 6:49 am

Yes you gave me what I needed from the MWAV. Actually that was a fairly short log from what I normally receive and the invalid objects is extra things that are present- I just needed infected items and none showed up.

Please let me know how your computer is running now. Is it running any better after using the OTMoveIT?
==================

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/l ... areout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

hijackthis 2

Unread postby Tommie » May 19th, 2007, 9:57 am

Logfile of HijackThis v1.99.1
Scan saved at 9:52:36 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Documents and Settings\Tang Mei Kuen\Desktop\Liwei stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/def ... yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ge.net:8808
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.lifeisgreat.com;*.lifeisgreat.com.sg;*.ge.net;*.ocbc.com;*.ocbc.com.sg;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4965349984
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {827E9933-7A22-4B4D-9681-096485235551} (PDFTrigger.start) - http://localhost/ge/PDFTrigger.CAB
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Fixwareout

Unread postby Tommie » May 19th, 2007, 9:58 am

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"ACWLIcon"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACWLIcon.exe"
"ACTray"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACTray.exe"
"IBMPRC"="C:\\IBMTOOLS\\UTILS\\ibmprc.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Tommie » May 19th, 2007, 10:01 am

I'm not using the laptop to access to the internet.
I'm using my desktop. And I use a thumbdrive to transfer programs and note pads here and there. = )

I've followed your instructions. I've typed ipconfig /flushdns.

This is the error.

" An internal error occurred: The request is not supported.

Please contact Microsoft Product support Services for further help.

Additional information: Unable to query host name. "

In the Network Connections, I didn't see any Local Area Network. It's blank there.

I need to access the internet so that I can update my IBM drivers. There are some errors in the files for my wireless drivers too. = )
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Susan528 » May 19th, 2007, 2:09 pm

Have you checked your Device Manager? You may need to determine what drivers you need and then download from manufacturer's website (IBM?) and then transfer to your computer and install.
================
Using Device Manager- You might need to be logged on as an administrator or a member of the Administrators group in order to perform some tasks.

Device Manager provides you with information about how the hardware on your computer is installed and configured, and how the hardware interacts with your computer's programs. With Device Manager, you can update the device drivers for hardware installed on your computer, modify hardware settings, and troubleshoot problems.

Open Device Manager.

To open Device Manager, click Start, and then click Control Panel. Double-click System. On the Hardware tab, click Device Manager.

If you click on the + to expand the tree, you should be able to see if there are yellow icons (question marks or exclamation marks) which indicate problems.

For information about using Device Manager, on the Action menu in Device Manager, click Help.

Did you see anything?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Tommie » May 19th, 2007, 10:09 pm

Ok. I'm trying to download the drivers from the website.

If I can access the internet after I've done the above, which online scan website you will recommend?

Thanks.
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Susan528 » May 20th, 2007, 5:37 am

I do not know which drivers you have need updating. If you use device manager and see yellow marks by devices, that will indicate problems with the driver for that device. Then you need to find the current driver for that device. Many times the computer manufacturer will have a website where you can download drivers.
I believe from looking at your log you have a Think Pad made by IBM or Lenovo but I do not know the computer model. I would then try to go to IBM/Lenovo site and use the computer model and search for drivers.

I really recommend trying to obtain drivers from the manufacturers site first before looking for drivers elsewhere. This will give you some general information about installation of drivers. http://www.computerhope.com/issues/ch000834.htm
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Tommie » May 21st, 2007, 6:49 am

Currently I'm trying to figure out how to install my NIC card driver.

There will always be a question mark beside my network card in DEVICE MANAGER, saying windows cannot load the drivers files may it be missing or corrupted.

I've tried to download a new one from the website itself and reinstalled it but still the problem is still there.

Is there anyway for me to delete the original files for the network card so that I can install a new fresh copy of it?

Or is there any other way to delete the driver files so Windows cannot autoload the driver files when I restart the computer?

Thanks!!
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Tommie » May 21st, 2007, 7:53 am

I think there's a way to do this but I just can't figure it out.

I want to delete all my drivers original file therefore the DEVICE MANAGER cannot look for any files to update the driver upon restarting. Is there any way to do that?

Is there something to do with the .INF file?

I'm just not sure and I don't dare to delete it too.
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Susan528 » May 21st, 2007, 8:07 am

Go to Device Manager; find the device with the problems. Highlight it and click (maybe double-click), a pane should appear. At the top of the pane, there should be a Driver tab, and click that tab. You should be on a pane now that has Uninstall Driver. Then uninstall the driver. I would then reboot and then proceed with trying to install the driver from where-ever you have downloaded it.

Please be patient. Working with Drivers can be a pain.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Tommie » May 21st, 2007, 8:29 am

Yea i've tried your way many many times.

But it's still state the driver are missing or corrupted.

I just don't know what's wrong with the driver. Or maybe Windows auto load the default files located in my drive?

I'm not so sure.
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Tommie » May 21st, 2007, 8:34 am

No matter how many times I uninstall the driver, when I restart it, the message will always be that the driver is missing or corrupted.

Even when I've downloaded a fresh copy from IBM's website, the message will still be the same.

What I thought is that to find the root for the driver files and manual delete it all at once. It's just after a reformat where I need to install the drivers one by one.

Is there any way that can do my way?

Thanks! = )
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Susan528 » May 21st, 2007, 8:59 am

http://www.microsoft.com/windowsxp/expe ... sloc=en-us

http://www.microsoft.com/windowsxp/expe ... g=en&cr=US

I am sorry, I do not know enough to help you now. I would post out to the Microsoft newsgroup for hardware or networking and ask.

I gave you link to US newsgroup but they do have newsgroups for other countries if you need another country.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware