TechSpot

Startup Issues

By jdl26
Jul 27, 2008
  1. I have been having alot of system issues, like not being able to start Windows Vista with doing a repair and then that usually doesn't work so I have to do a system restore. I attached my hijack this log info, can someone please help me in correcting this issues?
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Do you have iTunes installed? If you do, please disable .xml file indexing from the advanced options.

    Also I suggest to remove KHALMNPR.EXE (SetPoint mouse driver)

    You have: SpybotDeleting things going on, that should have been removed on next Windows startup. It concerns me that there were so many (Spyware)

    Actually your log is generally very long
    With "files missing" (which can be removed) including your old Symantec (norton) stuff

    I would suggest to reduce the overall size (and probably make your system run much quicker, do the following (restarting after each one is complete)

    Run CCleaner: http://www.ccleaner.com/
    Run Startup Control Panel (and remove any not required startups: http://www.mlin.net/StartupCPL.shtml
    Run MalwareBytes full updated scan: http://www.malwarebytes.org/mbam.php
    Run HiJackThis again, and remove all the Missing file entries

    Restart
    And then post a fresh HJT log (it'll be a lot easier on all of us!)
     
  3. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    Sorry bout that, I had some spyware to remove once restarted when I ran it, here is a new file after doing what you recommended.
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    SmitfraudFix

    • Download SmitFraudFix to your deskop
    • reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infect files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt (Attach the log to your next reply)
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks xxdanielxx, for taking over. I hate HJT logs they're too long!

    Personnaly I'd say remove this immediately:
    O4 - HKCU\..\Run: [?????????] ??????????????e

    But you still decided to keep that Mouse (resource hog) thingy going, so oh well.

    Anyway, I'll leave you in xxdanielxx's safe hands
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    It looks like you have AVG and Norton installed do you if so uninstall 1 of them

    Norton Removal

    • Download Norton Removal to your desktop
    • Run the Uninstaller
    • Reboot computer

    AVG Uninstaller

    • Download AVG Uninstaller to your desktop
    • Run the Uninstaller
    • Select Uninstall
    • Reboot computer

    Open Hjackthis and place a check next to the items below

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll<---scan
    O3 - Toolbar: (no name) - {DAFF005C-497A-4FD2-A9C9-5B8D1CE60806} - (no file)


    ------------------------------------------------

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the contents of main.txt and extra.txt in your next reply.
     
  7. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    Thank you guys for all of your help! Here is the main.txt and extra.txt files after I did what was requested. I also decided to remove AVG and Norton and went with Avira.
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Open up HijackThis, and click Do a system scan only. Next, click the Config button. On that page, under configuration, click Backups. Inside of there will be a list of everything that you have removed. Simply put a checkmark next to the item below and click

    backup-20080727-233320-948 O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

    Now locate the file below and check the size of the file then post back here

    C:\Windows\system32\ActiveToolBand.dll
     
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    can you attach the smitfraud fix log
     
  10. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    It's 292 kb
     
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ok that is a legit file you can leave it alone do not remove it.
     
  12. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    I'll have to do the smithfraud test again and save the log and then I'll post it. I'll do that tomorrow I gotta get to bed. Thanks again xxdanielxx!
     
  13. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    Here is the file. I am still having issues at startup. I do the Windows Startup Repair and then the program says that it's unable to fix the issue, so then I have to do a system restore to get it to boot
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    can you post a fresh hijackthis log
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I'd say might be the most challenging issue for xxdanielxx to deal with.

    The point being that xxdanielxx is trying to help you, running system restore may not be the best approach, when trying to remove Spyware etc

    Usually once all is complete System Restore is wiped clean anyway (sometimes during the cleaning process)

    It takes a good support helper (ie xxdanielxx) to help deal with this
     
  16. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    Thank you very much guys for all your input, I am now able to run my system again with no issues. I had to update 3 different drivers, correct a usb card reader issue, and follow all of your previous instructions.
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Clear system restore points

    • Clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    we are not done yet you can still be infected please post a fresh hijackthis log
     
  19. jdl26

    jdl26 TS Rookie Topic Starter Posts: 35

    Here it is.
     
  20. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Run hijackthis and place a check next to the items below

    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O4 - HKCU\..\Run: [?????????] ??????????????e


    ------------------------------------

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    -------------------------------------------


    Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

    Then post a fresh hijackthis log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...