Critical System Errors! too

By cspang
Dec 3, 2006
Topic Status:
Not open for further replies.
  1. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Can you tell me what this programme is and did you install it yourself?

    C:\Program Files\CDAnywhere_Free\insdrive.exe

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Foxrunweb

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Foxrun.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØ - C:\Program Files\FlashGet\jc_link.htm

    O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet\jc_all.htm

    O15 - Trusted Zone: http://free.aol.com

    O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_admin88&url=http://cli ent.jogo.cn/download/cnnic/cdn_eng_nt.cab

    O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab

    O23 - Service: Foxrunweb - Unknown owner - C:\WINDOWS\Foxrun.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\Foxrun.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of cspang only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  2. cspang

    cspang Newcomer, in training Topic Starter

    Hi,

    Thank you so much for your prompt reply. I have done what you have advised and the irritating icon is now gone. :)

    Attached is the new HJT log file.

    As for the C:\Program Files\CDAnywhere_Free\insdrive.exe file, I could not find the directory inside Program Files, so I fixed the entry inside HJT. I hope this is correct.

    My system is running okay now but I think I would need some further advise from you. Ever since my system has this infection, Windows XP loads real slow and Windows Live Messenger seems to be having some problems. Even though I have cleaned up the system (which I hope I have done correctly), these two problems still persist.

    I do not know what causes the slow loading but I observed that I have several Spybot resident boxes popping up. I have installed Spybot the first day I have my system and my black and white lists have built up ever since. So I wonder whether this could be one of the reasons for the slow loading up? Or is my system still infected?

    My Windows Live Messenger is made to auto load and auto login the moment the system is boot up. But after successful loading of the messenger, I could not change my status. I will always have this error message, "Messenger could not change your status.....". Then it will re-login again. After this, it will work fine. And by the way, I am using ZoneAlarm as my firewall and it is always the last to be loaded into memory. Could this be a possible reason?

    Once again, thank you for reading this lengthy message and advising me. Really appreciate your help!

    Cheers!
  3. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    CDAnywhere_Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    StormSet.exe
    insdrive.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

    O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file)

    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti

    O4 - HKLM\..\Run: [CD Anywhere Launcher] "C:\Program Files\CDAnywhere_Free\insdrive.exe"

    O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} -

    O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} -

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\CDAnywhere_Free<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    One reason your system is slow, is due to Symantec/Norton antivirus software. It`s a real resource hog. You might want to consider getting rid of it and installing the free antivirus and firewall programmes in this link HERE.

    Uninstalling and reinstalling your Windows live messenger programme may help with that particular problem.

    Regards Howard :)

    This thread is for the use of cspang only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  4. cspang

    cspang Newcomer, in training Topic Starter

    Hi Howard,

    Thank you so much for your help :)

    Attached is the new HJT log file.

    My system is running significantly faster now after I removed Norton and installed AVG instead, and my Windows Live Messenger is working fine now.

    Once again thank you so much. Really appreciate it!

    Cheers :grinthumb
  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of cspang only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. cspang

    cspang Newcomer, in training Topic Starter

    No problem. You have been a great help to me and this forum is great too! Will come back here if I have any further questions or problems. :)

    Cheers!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.