Jump to content

Strange Pinned topic -


noknojon

Recommended Posts

  • Root Admin

Best to just stay here and on one topic. Doing other things form another site can interfere with what Exile is doing.

Exile can't really ask for this log since he is in school, but it would be good to get another update set of logs from DDS now that you've removed all this other junk.

AutoRuns is good but might miss some things.

Link to post
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Personally I would review and remove these items unless you really want or need them.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} Yahoo! Companion BHO

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068}

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo toolbar

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page software

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - AVGTOOLBAR (probably left over from an AVG intsall)

TB: {BC3ABE80-8CCD-4093-955D-A087DDA18266} - Shareware.Pro-EN Toolbaro - a Conduit "Community Toolbar"

TB: {A8BAADDD-AB98-4CDB-84CC-3C9ED9F38D1E} - Online TV Toolbar - a Conduit/EffectiveBrand "Free Community" toolbar

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar

This actually warrants further review:

LSA: Notification Packages = :\WINDOW

Please click on START - RUN and copy/paste the following into the run line and click OK. That will create a new WinLogon.txt file on your desktop, open it and post back the contents.

cmd /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>"%USERPROFILE%\Desktop\WinLogon.txt"

Do you really need and want cpuz132 loading on the system? (CPUID Driver from Windows ® Codename Longhorn DDK provider.)

Not 100% certain but it looks to be from here: http://www.cpuid.com/cpuz.php

You're also running AdAware, Microsoft Malware Protection Driver, SAS, Family Safety Filter Driver (TDI) from Microsoft

As startup services that run each time, nothing wrong with them, just want you to be aware of them and keep them updated as well.

You have some old folders that appear to be left over from Microsoft Security Updates that can probably be removed

C:\7152b6531dc1aee22594

C:\0dd3b020c540ff8c2fd63d49c74c

C:\a69ed7005224f43c8f974fb7d7b229

C:\16315dcc99bad959c1e6de7936746e

C:\a1cf19b7a9227a5d4e84

Are you using the Folder Lock program?

When is the last time your ran a full disk check on the drive?

Link to post
Share on other sites

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>"%USERPROFILE%\Desktop\WinLogon.txt"
    echo Please report any errors that are displayed above to AdvancedSetup in your PC Help topic
    pause
    "%userprofile%\desktop\WinLogon.txt"
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file Winlocheck.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply and report any errors that were shown in the black command prompt window.

Link to post
Share on other sites

  • Root Admin

All the Toobars and BHO are still showing in the log but as said that is just my own preference. I have no use for all these toolbars and even if I did I'd probably only choose 1 and not multiple ones.

You also have/use this program which can very quickly sneak in and infect the computer: LimeWire 5.1.4

Link to post
Share on other sites

I deleted 3 toolbars - That was all I could remove ?? If Ask is still there then it was deleted several times from several places -

Also ran the AVG cleaner in case there was any bits of toolbar there ??

Limewire has not been installed by me ?? - Had a trojan dropper last night (removed by MBAM full scan) -

Will look for Limewire ?? and shoot the person who put that there -

EDIT-

It takes over 50 items listed -

Even used HJT to remove several items ??

Link to post
Share on other sites

Your last log shows that you failed to fully complete the steps I outlined (some entries were still present that should've been deleted and some entries were still checked that should've been unchecked). Please go through the steps again, making sure you follow it very carefully and then do the following so we can finish the cleanup, then we'll work out the issue with the pinned topic problem in IE8:

Delete the attachment of the previous Autoruns.zip file you uploaded by clicking My Controls at the top of the forum page and then clicking Manage Your Attachments on the left.

Then delete the Autoruns.arn and Autoruns.zip files from your desktop and run Autoruns again:

  • Double click Autoruns.exe
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

Link to post
Share on other sites

That looks much better <_<

I did notice that there were some items unchecked that I never asked you to though. You really shouldn't experiment while I'm trying to help you as it can cause confusion and possibly problems. I just hope you didn't delete anything I didn't tell you to as Autoruns doesn't create backups when something is deleted, only when it's unchecked. The items I had you delete were safe to do so, but if anything else was removed it may not have been safe.

Please re-check the following:

Click on the Explorer tab at the top and under HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components re-check the following:

  • Fax ADVPACK (Verified) Microsoft Windows Component Publisher c:\windows\system32\advpack.dll
  • Fax Provider Microsoft Fax Optional Component Installer (Verified) Microsoft Windows Component Publisher c:\windows\system32\setup\fxsocm.dll
  • IE Tour Reset Stub ADVPACK (Verified) Microsoft Windows Component Publisher c:\windows\system32\advpack.dll

Under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad re-check the following:

  • SysTray Systray shell service object (Verified) Microsoft Windows Component Publisher c:\windows\system32\stobject.dll
  • UPnPMonitor UPNP Tray Monitor and Folder (Verified) Microsoft Windows Component Publisher c:\windows\system32\upnpui.dll

Under HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks re-check the following:

  • SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
  • Windows Desktop Search Namespace Manager Windows Search Namespace Manager (Not verified) Microsoft Corporation c:\program files\windows desktop search\msnlnamespacemgr.dll

Under HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved re-check the following:

  • Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

I know that some of these entries are harmless to mess with (such as the Windows Media Player context menu entry), but you should get into tweaking after we're done with the cleanup of obsolete software and disabling unneeded services. I just want to make sure that no unforeseen side effects cause issues while we're working on this.

Once you've done that delete the attachment of the previous Autoruns.zip file you uploaded by clicking My Controls at the top of the forum page and then clicking Manage Your Attachments on the left.

Then delete the Autoruns.arn and Autoruns.zip files from your desktop and run Autoruns again:

  • Double click Autoruns.exe
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

Thanks ;)

Link to post
Share on other sites

Ok, once you've gotten the other ones re-enabled open Autoruns again and right click on the following entry and select Delete:

Click on the Drivers tab and under HKLM\System\CurrentControlSet\Services delete the following:

  • SiSCom File not found: D:\Drivers\Display\WinXP_2K\utilDLL\SiSCom.sys

Then do the following to see if it corrects the blurry display issue:

Update your Video Drivers:

  • Download the latest drivers for your video card from here by clicking on AGREE & DOWNLOAD and save the file to your desktop or another location where you can easily find it.
  • Click on Start and select Control Panel
  • Open Add or Remove Programs
  • Uninstall NVIDIA Drivers and reboot your computer
  • Once Windows loads again run the 175.19_geforce_winxp_32bit_english_whql.exe file you downloaded in the first step to install your new drivers.
  • Once installation completes restart your computer and see if things look better.

Let me know how things look and if there are still issues with your display we'll troubleshoot that issue further.

Next, delete the attachment of the previous Autoruns.zip file you uploaded by clicking My Controls at the top of the forum page and then clicking Manage Your Attachments on the left.

Then delete the Autoruns.arn and Autoruns.zip files from your desktop and run Autoruns again:

  • Double click Autoruns.exe
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

Thanks <_<

Link to post
Share on other sites

Alright, sounds good ;) . You missed a couple though <_< :

Under HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks re-check the following:

  • SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
  • Windows Desktop Search Namespace Manager Windows Search Namespace Manager (Not verified) Microsoft Corporation c:\program files\windows desktop search\msnlnamespacemgr.dll

Those particular entries aren't too consequential (although the SAS entry might affect it's usefulness), but I still don't want any "unknown variables" that might mess up the works regarding the fixes :D .

Once all of that is done, restart your computer and see if the screen is still blurry and if you're still having issues with IE8.

For the screen problem, should it still be present, please give me the exact manufacturer and model # of your monitor, that will help me to know what its default refresh rate settings should be so we can check them, as that's often the cause of such issues.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.