Startup Issues

[jdl26]

I have been having alot of system issues, like not being able to start Windows Vista with doing a repair and then that usually doesn't work so I have to do a system restore. I attached my hijack this log info, can someone please help me in correcting this issues?

 

[kimsland]

Do you have iTunes installed? If you do, please disable .xml file indexing from the advanced options.

Also I suggest to remove KHALMNPR.EXE (SetPoint mouse driver)

You have: SpybotDeleting things going on, that should have been removed on next Windows startup. It concerns me that there were so many (Spyware)

Actually your log is generally very long
With "files missing" (which can be removed) including your old Symantec (norton) stuff

I would suggest to reduce the overall size (and probably make your system run much quicker, do the following (restarting after each one is complete)

Run CCleaner: http://www.ccleaner.com/
Run Startup Control Panel (and remove any not required startups: http://www.mlin.net/StartupCPL.shtml
Run MalwareBytes full updated scan: http://www.malwarebytes.org/mbam.php
Run HiJackThis again, and remove all the Missing file entries

Restart
And then post a fresh HJT log (it'll be a lot easier on all of us!)

 

[jdl26]

Sorry bout that, I had some spyware to remove once restarted when I ran it, here is a new file after doing what you recommended.

 

[xxdanielxx]

SmitfraudFix

• Download SmitFraudFix to your deskop
• reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
• Double-click SmitfraudFix.exe
• Select 2 and hit Enter to delete infect files.
• You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
• A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt (Attach the log to your next reply)

 

[kimsland]

Thanks xxdanielxx, for taking over. I hate HJT logs they're too long!

Personnaly I'd say remove this immediately:
O4 - HKCU\..\Run: [?????????] ??????????????e

But you still decided to keep that Mouse (resource hog) thingy going, so oh well.

Anyway, I'll leave you in xxdanielxx's safe hands

 

[xxdanielxx]

It looks like you have AVG and Norton installed do you if so uninstall 1 of them

Norton Removal

• Download Norton Removal to your desktop
• Run the Uninstaller
• Reboot computer

AVG Uninstaller

• Download AVG Uninstaller to your desktop
• Run the Uninstaller
• Select Uninstall
• Reboot computer

Open Hjackthis and place a check next to the items below

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll<---scan
O3 - Toolbar: (no name) - {DAFF005C-497A-4FD2-A9C9-5B8D1CE60806} - (no file)

------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the contents of main.txt and extra.txt in your next reply.

 

[jdl26]

Thank you guys for all of your help! Here is the main.txt and extra.txt files after I did what was requested. I also decided to remove AVG and Norton and went with Avira.

 

[xxdanielxx]

Open up HijackThis, and click Do a system scan only. Next, click the Config button. On that page, under configuration, click Backups. Inside of there will be a list of everything that you have removed. Simply put a checkmark next to the item below and click

backup-20080727-233320-948 O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

Now locate the file below and check the size of the file then post back here

C:\Windows\system32\ActiveToolBand.dll

 

[xxdanielxx]

can you attach the smitfraud fix log

 

[jdl26]

Now locate the file below and check the size of the file then post back here

C:\Windows\system32\ActiveToolBand.dll

It's 292 kb

 

[xxdanielxx]

ok that is a legit file you can leave it alone do not remove it.

 

[jdl26]

I'll have to do the smithfraud test again and save the log and then I'll post it. I'll do that tomorrow I gotta get to bed. Thanks again xxdanielxx!

 

[jdl26]

Here is the file. I am still having issues at startup. I do the Windows Startup Repair and then the program says that it's unable to fix the issue, so then I have to do a system restore to get it to boot

 

[xxdanielxx]

can you post a fresh hijackthis log

 

[kimsland]

so then I have to do a system restore to get it to boot

I'd say might be the most challenging issue for xxdanielxx to deal with.

The point being that xxdanielxx is trying to help you, running system restore may not be the best approach, when trying to remove Spyware etc

Usually once all is complete System Restore is wiped clean anyway (sometimes during the cleaning process)

It takes a good support helper (ie xxdanielxx) to help deal with this

 

[jdl26]

Thank you very much guys for all your input, I am now able to run my system again with no issues. I had to update 3 different drivers, correct a usb card reader issue, and follow all of your previous instructions.

 

[kimsland]

Clear system restore points

• 
  Clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

 

[xxdanielxx]

we are not done yet you can still be infected please post a fresh hijackthis log

 

[jdl26]

Here it is.

 

[xxdanielxx]

Run hijackthis and place a check next to the items below

O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKCU\..\Run: [?????????] ??????????????e

------------------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-------------------------------------------


Please run an on-line virus scan at http://www.kaspersky.com/virusscannerKaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Then post a fresh hijackthis log