preconmanager
-
Posts
86 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by preconmanager
-
-
This morning, I went into the command prompt and there were trails of internet sites I have recently visited from this machine. This isn't common. It's like someone writing command scripts. I went to open Notebook to record it, and in going back to the CP, the script had disappeared.
I do remember this site being in there and I had trouble getting to the sign in on this site (monitor interference-grey undulating).
I hate sounding like a hypocondriac, and I know we have run every AV test coming in clean, but I can sense things are still not right. Is there a way to trace this action?
-
[c:\windows\system32\drivers]
103c_hp_cpc_er890aa- (not the full name)
eappkt.sys
mhndrv.sys
nvphy.bin
nvtcp.sys
pxhelp20.sys
usbkey.sys
These are all unsigned, and if I remember, they were related to comm or DCOM. I understand these can be hijacked.
What did you come up with on the hosts_bak_188 driver? I cant find its use.
I also have the following unsigned file that in the past has been deemed viral. I was just in the process of running it through VirusTotal
[c:\windows\system32]
ps2.bat Unknown None Not Signed N/A
-
Yes, It was just getting updates from MS. But they were minor. Should I be concerned about the drivers might be corrupted or not working correctly. Some of them relate back to DCOM and my DVD Drive
-
I ran all my hosts files in etc through VirusTotal...they came back clean. These are my unsigned drivers;
Microsoft Signature Verification
Log file generated on 2/3/2013 at 8:56 PM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 323, Signed: 312, Unsigned: 10, Not Scanned: 1
User-specified search path: *.*
User-specified search pattern: C:\Windows\system32\drivers
File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
103c_hp_cpc_er890aa- 5/23/2009 None Not Signed N/A
eappkt.sys 10/9/2007 500.1001.802.2007 Not Signed N/A
mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A
nvphy.bin 7/8/2008 None Not Signed N/A
nvtcp.sys 7/29/2005 1.0.0.5009 Not Signed N/A
pxhelp20.sys 4/25/2005 2.3.32.0 Not Signed N/A
usbkey.sys 11/18/2005 None Not Signed N/A
[c:\windows\system32\drivers\etc]
hosts 1/29/2013 None Not Signed N/A
hosts.ics 1/22/2013 None Not Signed N/A
hosts_bak_188 1/10/2013 None Not Signed N/A
Unscanned Files:
------------------
[c:\windows\system32\drivers\umdf]
msftwdf_user_01_00_0
I was researching these drivers to find either there service connection or driver updates when I found the driver in question.
-
[c:\windows\system32\drivers\etc]
hosts_bak_188 1/10/2013 None Not Signed N/A
-
I ran ESET. During the scan at about 32k the monitor distortion started and I could not see what was being scanned at times.
I have a hosts file driver that when I searched for it in search engines, the only response was this thread. (Just like the DOS File search).
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=40576895d7b7ac4987066433e17a8e5e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-04 09:26:12
# local_time=2013-02-04 01:26:12 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 100 91 0 135758244 0 0
# scanned=125991
# found=0
# cleaned=0
# scan_time=12328
-
OK, I have been updating all day...BIOS, graphic & monitor drivers, program updates. I am able to run alot of diagnostics that I wasn't able to recently, which is a very good sign that my PC is getting healthy, however, I have one issue left then I might be able to let this rest. I have a list of unsigned drivers (9 total). I went to Microsoft Malware Security site to check them, and I am prevented from going in there (monitor goes black). I will run these drivers in VirusTotal and see if I have issues. My question is..Do you know why I would have a driver with no prefix file name?
-
sfc /scannow completed and no error messages. I ran chkdsk /f, it ran for 4 minutes then rebooted (I could not see the results-black screen below blue). I am still getting the distortion so I will work on Media Center so at least so it does not create conflict. I just wish I knew what is creating this "black-out" of a portion of the screen. Scan should come clean....but who knows after the successes and drawbacks of today.
Windows Updates has given me an update (driver?) for my monitor within the past few weeks, and this is not what has caused my distortion in the first place, but....Would you suggest I try and reload my monitor program from its CD (I do have that) just in case that is the problem? What hardware would possibly be causing this?
Will worry about this tomorrow.....to the bat cave......
-
I got sfc /scannow to run.....kept "retry". What do I do when it is through checking?.....no message of any errors
-
Yup, sfc /scannow still asks for the disk...
-
Updating Windows Media Center might interfere with Avast as it requires updating through windows, I couldn't find the path. It looked
like some of the options would have conflicted...Media Center is just a package of music, gaming, DVD naming, ETC, which I already have
in other programs so its redundant. I thought maybe there was a conflict in the video streaming.....
This is just and old OS (like me). It goes in and out....in fact things are just fine at this point in time....but tomorrow is another day.
I believe just the opposite, before you started working with me things were alot more deteriorated than they are now.
-
Well that was an interesting exercise....I am not sure what to make of the log files in Registry, a few were skipped from repair because of wildcards. I had Avast running (forgot to shut it down) so you're probably aware of those errors. And I am not sure about what I am seeing in the Windows logs file, as I am not sure if the WMI, Firewall and CatRoot2 got repaired. And there are a few issues (I guess) with Drivers.
I could not get Step 3 to complete without a CD. Maybe I will try sfc /scannow.
I am seeing some fluttering in the graphics, and I think I am going to either update or carefully reinstall my Media Center Edition update files (over the top). I have been reading up on that today. I went into Media Center earlier today and the monitor wouldn't let me see what was going on in the menu.
I updated my wireless adapter through Windows Update and when rebooting I have to remove/replace it to get into the Internet. I lose my wireless account. I tried repair the connection with windows and it didn't work.
I watched the repair sequences, there were quite a few changed, unknown and deleted files that this program repaired/replaced, it's a wonder this computer was working at all at start up. The Windows Start Up folder was the most affected.
Should I run Avast at this point? It is due to run in the AM by schedule
-
Avast found no malware in the offline startup. The computer is acting alot better. And Avast is parked in my IE and Firefox. I like this AVS. Of all the programs we have run, which one would you trust to try and fix the corruption, or do you have further suggestion (besides the Windows XP CD I dont have).
-
Avast can run a scan post boot, and it is running now (I think) I have the same screen I described in Chkdsk (black and blue). I just hope it is not the screen that warns of harm to the computer. But it should have stopped the HD by now. I thought I would let it run its course.
I have run scannow previously and it asks for the Windows CD. So yes, there are some files corrupted or missing.
-
I have installed Avast. Yes the monitor did play up when Avast was installed. It wasn't difficult seeing the download button, but once selecting it for download, the monitor went nuts. I have finally succeeded in getting it setup though and Avast is running full scan this morning. MSE is removed.
I copied those DOS files to CD and removed them from the computer to see if this might help my situation. Things are a bit shaky, but lets see what Avast comes up with now that the DOS files are gone. Do I understand correctly that if the virus were to be crippled by the missing DOS (should these be the culprits) that anti-malware might pick up the remnants?
I tried to run Chkdsk last night to see if corrupted files may be creating my problem, I set it to repair....and then I got the half blue screen with the Microsoft logo, the rest of the screen went black. It ran quite awhile, but I did not get the results.
-
Ran MDO and got BSOD, the drive light ran for about 6 minutes then nothing....
-
MSE came in clean, but I'm not sure I trust MSE yet, the monitor really acts up when I use it. I thought I would try MDO. What do you think?
-
I copied the two DOS files to desktop and renamed them (added text to the end). I deleted the files from the C: program files and rebooted. They were gone. No issues came about. I ran MBAM afterwards and the scan took 4 hours 10 minutes with no malicious items found. I think MBAM hasnt seen these files in awhile.
After the scan completed, my computer is locked up (I am on a friends computer) and I have a heavy file running in the background which I believe in MSE (MsMpEng). I think it kicked in after so many files were scanned. My MSE isn't scheduled to run until AM.
This lengthy scan did give me the opportunity to watch, what I think is the best Batman film, and that was the one from 1989 with Keaton, Nicholson and Basinger....
-
The DOS files?
-
Sorry again for double posting, but you and I posted within minute of each other. I ran kb190900. DxDiag came back with no problems. Would you like to see the entire text file?
-
TDK
I hate to double post....
I have been reading about DOS Attacks since you enquired about the DOS File on my computer. I could not find those DOS files in any search engines, and in fact the search came back
to this blog site. I deleted all of the items in those Program Files EXCEPT the DOS Files. All files deleted OK without messages popping up so they were either dead or were not
part of the original programming.
I went to the official IE8 download center and reloaded IE8 on my computer, but an interesting thing happened during reinstall. The DOS command box opened and cmd started very
briefly. Upon reinstall I went to the Program Files and iTunes had been reinstalled in that location. I think we have a DOS Attack (no paranoia).
I ran an MSE scan on the DOS files and came back clean,I could not run MBAM on it, I have the free version. I uploaded the latest iTunes 11 which deleted my old edition 10.7 and rebooted.
The iTunes file is no longer in the Program Files standing alone. The DOS files are still there. If the DOS Files have been creating this problem, I will report it, so I have kept them.
After doing all this, I currently have no issues in my monitor, although I do see some flickering so it may not be totally fixed. I tried going to to an Anti-Malware site (AVG) and even
got to the download button without the monitor blanking it out so this is a good sign.
Good call TDK! I think you're onto something.....
-
No need for apologies....really glad you're here.
It was very difficult uninstalling Firefox, but it has been deleted and reloaded. I still have the effects. Now IE8 wants to install an upgraded version which I already have.
The file you question is an MS-DOS File created in January 2012. Not quite sure what it does. There are two of these type files sitting in the Program Files tree and are not up in the subfolders. The other file was created 11/2011.
I question also the other files (create date) in that location should be in their respective sub folders, IE8-WindowsXP-X86-ENU (4/2011)(No File Logo)(self-extracting cabinet file), iTunesSetup (11/2011)(Box File Logo)(iTunes Installer File),
FileFormatConverters (4/2011)(Software Logo)(same description as file name)(says it is from Microsoft)(version 12.0.6500.5000), and a aa_demo_setup (4/2011)(setup file). I question again why they are in this location.
-
I saw nothing in the threads that would be deemed similar or offer a solution.
-
This instance is only similar by the fact that I got the same message from my computer. I saw nothing similar in subsequent threads on that site relative to my symptoms.
I have not been trying to get any gaming started, or connecting new hardware. Remember, I had been working in the MMC without issue very recently, I had set my RSoP and everything was fine and I was running an analysis of these. What I cant figure out is why these MMC, RSoP issues have only arisen today.
I am novice, but did the MiniToolbox report cause you any concerns or were the results to be expected by the way that program operates?
Virus attacking my graphics
in Resolved Malware Removal Logs
Posted
I have done some diagnostics on my graphics driver and monitor as suggested by MS again (have done this many times over the past few months).
Monitor- I did not have any wiring within 3 feet of the monitor, no motors or electronic devices (cell phone)(TV off and unplugged for a day), no neighborhood radio interference is apparent (not affecting any other computers in the house) and have checked the monitor on another computer. I had replaced the power cord, surge protector and connector cable (upgraded to Belkin Pro) in December. I am going to take the monitor for testing just in case.
Graphics Driver- Troubleshooter ran...no problem...I can get to YouTube and play videos...no problem...I can get to my homepage and perform searches (incl AV) over IE and Firefox....no problem (was problem in the recent past)...scripts running in websites...no problem...I have a few games (installed for years) that I can run...no problem...go to adjust my Avast, download AV (then abort), now Malwarebytes Forum (within the past day)....BIG problem.
I've looked back through this thread (as you have), the symptoms have definitely reduced, but I have noticed that AV interaction has been my main issue. I have removed all known old traces of AV that I can find on this machine with the exception of quarantined virus. On second thought, maybe I should do that.
I am trying to locate an XP Pro Disk, as this might be the solution as you have suggested.
At this point, I need to here that we have done everything you can prescribe, so that I do not overtax this site.