Can't attach logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ZenPup, Dec 1, 2007.

  1. ZenPup

    ZenPup Private E-2

    Please help:

    I am troubleshooting malware & need to attach my logs, but every time I click the Manage Attachments button, I get "error on page." If I temporarily disable pop-ups, it wipes my draft email & I have to start all over.

    I would throw the whole PC out the window (as I have been at this for over a month) but it is my last working PC. I need to get advice from Major Geeks since I've done all the malware troubleshooting steps (twice!) and have error messages with MGTools, too. And still I suspect my PC is a zombie. So first step is to be able to give you the logs, right? How?

    Thanks!
     
  2. ZenPup

    ZenPup Private E-2

    MGTools error msg even after fixing regedit

    I'm running XP Pro & apparently have malware. I went through the whole clean-up routine several weeks ago but am still having problems (CPU revving to 100% & freezing, phantom iExplore processes, etc.), so I started the cleaning process again yesterday (with the latest software & instructions).

    Then I got to running MGTools. It said it successfully ran runkeys & shownew. But when it went to update hijackthis.log, it popped up an error message:

    Process Dll.exe - Application Error​
    The application failed to initialize properly (0c0000135). Click on OK to terminate the application.​

    It looked similar to the Error Messages #2 listed in the MGTools info sheet, so I did the suggested fix to regedit, deleting & recreating VDD. Then I ran MGTools again, but I got the same error message. When I clicked OK on the pop-up, it appended this message to the command line window text:

    Could not find C:\Documents and Settngs\[myusername]\Desktop\procdll.txt​

    (I would attach the logs, but I can't get the Manage Attachments button to work at all. :confused)

    What should I do now?

    Thanks! :)
     
    Last edited: Dec 1, 2007
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: MGTools error msg even after fixing regedit

    Please remain in one thread for your problems. You have started 2 threads for your current issue:

    1st - Can't attach logs
    2rd - this current thread

    I will be merging all of your threads into one.

    Don't worry about the problem with running processDLL.exe right now. Also note it has nothing to do with the error messages mentioned on the download pages for MGtools. It does not even match those messages. The problem you are having may be due to missing certain Windows updates or due to an OS problem.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try another browser or try emptying your browser cache and then click refresh a couple of times.
     
  5. ZenPup

    ZenPup Private E-2

    Logs attached now

    Thanks & sorry about the additional threads.

    Here are my two logs. AVG (which I have been running for months) said "No report available."

    When I start IE, 75% of the time it doesn't fully launch. There is a process running at only 15k memory or so. But if I leave it there, soon my CPU is at 100%. And I can't tell whether it's the AVGS process or IE (via an invader) doing it. Everything freezes at that point. Am I a zombie or just checking everything too closely?

    Before I found MajorGeeks, I tried to close up everything related to cookies & popups, so now I even have to hold CTRL to launch IE. I don't know what the default or recommended settings are.

    I also now see a Windows firewall running that I don't think is my original firewall, though I'm not the one who set it up, so I don't know how to check if I have 2 firewalls.

    And to top it off, this PC is my only functioning PC, so even while troubleshooting it, I have to use it, which to me feels like driving a car with the engine half-dissembled.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Logs attached now

    I see left over processes from having Symantec installed at one time. You should run the below right now:

    Norton Removal Tool (SymNRT)

    Hopefully it will remove the remainder but just in case also do the below.

    Uninstall LiveUpdate 3.0 (Symantec Corporation) if you see it.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    If anything else remains (like a stuck service) we will remove it in the next set of fixes if necessary.

    Which version of AVG Antivirus are you running? Did you install just the Antivirus or did you install a Security Suite with a firewall? Did you buy it or are you only using free software?


    Now download and run FindAWF by noahdfear.
    • Please download FindAWF by noahdfear.
    • Save to your desktop.
    • Double-click the FindAWF icon.
      • If a Security Alert shows, allow the program to run.
    • As instructed, press any key to continue.
    • Use the following option: Press 1 then Enter to scan for bak folders
    • The scan may take a while, please be patient.
    • When done, a text file, Find AWF report is produced.
    • Please attach the Find AWF report in your next post.
    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

    After clicking Fix, exit HJT.

    Now reboot your PC.

    After reboot, run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created. And don't forget the log from FindAWF. We have somethings to fix related to this.

    Make sure you tell me how things are working now!
     
  7. ZenPup

    ZenPup Private E-2

    Re: Logs attached now

    Thank you so much for your detailed instructions! Unfortunately, my life has been beyond hectic, so this is the first chance I've had to sit down & do it in a focused environment. (Plus, my browser windows are pooping out so often now that I really can't do much else but troubleshoot.)

    Oops, now that I'm replying, I think I forgot to do step #1, removing Norton, unless I did it as soon as I read you email days ago & just don't recall. :eek: Should I do that now, after the fact, anyway? Do you need me to re-run any of the steps below?

    I did find LiveUpdate and uninstalled it, but first it wanted me to uninstall other Symantec software. All I could see was Symantec Tech Support Web Controls, so I uninstalled it, but it claimed there were others but I have no idea which. Nothing else said Symantec or looked appropriate. So I uninstalled LiveUpdate anyway.

    I did the fixME.reg.

    I am running AVG 7.5. In August I bought a 2-year license for Anti-Spyware only because it is supposed to have the Shield, but now when I open the software, under Shield it says "not available in the free version," which leads me to believe that I've overwritten my purchased software with a free version. My "regular" AVG is free edition. I didn't buy the security suite with a firewall.

    I did the FindAWF and am trying to attach the log, AWF.txt, but the button (even when holding CTRL) gives me "error on page". I will try to send logs with another reply.

    I ran MGtools/analyse.exe & deleted only the lines you quoted. Then I rebooted & ran GetLogs.bat. Again, I will try to attach the log with another post.
     
  8. ZenPup

    ZenPup Private E-2

    Logs attached now. REALLY. No, really!

    Here they are, MGlogs.zip & AWF.txt

    (I think I'm finally getting used to this message posting system... which is maybe not a good thing since it means I've had extended conversations about ongoing problems!)

    Thanks again for whatever you can suss out. :)
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Logs attached now. REALLY. No, really!

    Let's remove a remaining service from Symantec.
    • Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
    • On the page that opens, scroll down to Symantec Core LC
    • then right click the entry, select Properties and press Stop Service.
    • When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
    • Click OK until you get back to Windows.



    Now please download DelDomainsand unzip it to your desktop. Do not run it yet.
    • Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.
    Next, we need to run FindAWF again.
    • Double-click the FindAWF icon.
      • If you receive any security alerts and/or warnings please allow the utility to run.
    • As instructed, press any key to continue.
    • Use the following option: Press 2 then Enter to restore files from bak folders
    • A text file opens called: files.txt
    • Click below the line and paste the following list of files to be restored:
    • Next, close and click Yes to save the changes.
    • Once files.txt is saved, FindAWF does the following:
      • It attempts to terminate the process represented by each filename on the list, if running
      • Deletes the rogue file from the parent folder, if present
      • Copies the original file to the parent folder
    • When done with the above, it automatically runs a new scan and opens a new log.
    • Please attach the new FindAWF log to your next message.
     
  10. ZenPup

    ZenPup Private E-2

    Re: Logs attached now. REALLY. No, really!

    [I ran the Norton remover because I felt guilty. :eek: ]

    I did the services.msc.

    I did the deldomains.inf.

    I ran FindAWF again as directed (with lines added).

    I have attached the new log.

    Standing by to receive further direction. :)

    Thanks!
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Logs attached now. REALLY. No, really!

    Are you sure you used step 2 for FindAWF? It did not work as desired. Do you know how to copy files from one folder to another? For example if I say the below can you do it?

    copy this file: C:\Program Files\QuickTime\bak\qttask.exe
    To this folder: C:\Program Files\QuickTime

    Which will overwrite a copy in the To folder.
     
  12. ZenPup

    ZenPup Private E-2

    Re: Logs attached now. REALLY. No, really!

    I'm not sure I understand what you are saying.

    Do you mean "did you press 2?" or do you mean "did you do the second bulleted item?"

    And if the latter, I'm still confused because nothing with the FindAWF instructions seems to have me copying files to various folders. But I do know how to copy files. (I even used to teach Unix SysAdmin a decade ago.)

    The only thing I did differently is that I very carefully typed in the lines rather than pasting them because I hadn't gathered from the instructions that I needed to have copied your version to a notepad file first. It wouldn't have been a big deal except that the whole big problem I'm having is getting my browser to open (25% success rate) and stay open (very low success rate), so to me it seemed easier to just type it in & proofread thrice.

    Do you want me to run it again carefully using the original instructions? (I'll know this time to actually COPY, SAVE, and paste the text if that makes a difference.)

    Also, I left my Explorer up all night and day today & came home to multiple application error boxes and an alert that I've seen before recently saying that my virtual memory was low & was being increased. My total paging file for all drives is 576 MB. The current setting is custom size 576-1152, with 12,547MB space available. Should it be set higher? How does one know?

    Thanks!
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Logs attached now. REALLY. No, really!

    When you run FindAWF it gives you a menu of things to press. My last instructions had aks you to your the Press 2 option which looks like the below on your screen.

    FindAWF.jpg


    Any slight mistake could cause it not to work. It is best if you can follow the procedures as written. However try doing the below since you know how to copy files and note that you may be overwriting existing files and will have to OK the popup.

    copy this file: C:\Program Files\QuickTime\bak\qttask.exe
    To this folder: C:\Program Files\QuickTime
    Then delete this folder: C:\Program Files\QuickTime\bak


    copy this file: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\bak\InvokeSvc3.exe
    To this folder: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
    Then delete this folder: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\bak


    Also delete the below folders:
    C:\Program Files\WinPortrait\bak
    C:\Program Files\Java\jre1.5.0_08\bin\bak



    Please attach the new FindAWF log to your next message.
     
  14. ZenPup

    ZenPup Private E-2

    Re: Logs attached now. REALLY. No, really!

    Will there be a log if I do what you wrote in the last post? Did you also want me to run FindAWF again or will manually copying files produce the log? If I'm supposed to run FindAWF again, at which point do I run it.

    I'm sorry if I sound persnickety. Just want to get it right & get on with it.
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Logs attached now. REALLY. No, really!

    Sorry! Things are too hectic here! I have a ton of threads going. I meant to word that differently. Re-run FindAWF. Use the Press 1 option.
     
  16. ZenPup

    ZenPup Private E-2

    One more time please!

    First, let me say for the record that I completely appreciate all the volleys of postings that you are dealing with to get me to this point. And you all are definitely a wonderful resource. Thank you for volunteering your time and expertise to fix some of the horrors of cyberspace.

    Yet I still need clarification. I'm trying to follow instructions, but they're coming at me piecemeal & I'm not sure if all the previous steps still apply & if so, in what order. Please bear with me.

    You said:
    Then in the next email you told me to re-run FindAWF using option 1. When? Before, during, or after I copy and delete the stuff above from your previous post?

    I feel like I'm being totally annoying with the multiple posts to get minor clarifications, and the drawn-out process is driving me nuts. My computer is barely functional and completely undependable, and I don't even understand what is wrong with it because all I get is step-by-step that still doesn't seem to improve performance.

    I think a lot of my frustration is that you just say "do A, do B, do Z" when what my rational mind needs is the overview & reason as well. If you say "you're going to delete old foobar folders to update the gizmo, then you'll re-run the SuperSpySpanker, then reset the KeepOut setting" before you give the detailed steps, I'd at least have an earthly idea when, where, and why and wouldn't seem so clueless. I'd also know what has been changed on my system, which is in fact my responsibility as an owner. (If I let enough random people tell me to change things, I will definitely end up reformatting!)

    I'm not threatening, just letting you know that I am at the breaking point: I think if it's not fixed completely in a day or two, I'm punting. That doesn't mean calling Geeks on Call, it means buying the first laptop I see in stock at Costco & starting my entire life from scratch. I do not have the energy or the cycles for this elaborate dance with Bill Gates. And did I mention that the UI of this website drives me nuts too, especially when it logs me out in the middle of a post even though I checked "Remember me"? WAY too much stress for all that.

    At least giving up will ironically get something moving on this particular crisis, which is more than I can say about the equally protracted & convoluted issues I'm having concurrently with troubleshooting both septic problems & my dog's incontinence. (I know it's TMI, but does that give you an idea why I'm ready to give up?)

    Thanks again for your assistance. I just wish I could get it in a condensed version!
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: One more time please!

    Sorry but most of the time with malware issues there is no condensed version. Whatever we post is the just the steps that are required to get things fixed. Let's continue like this more slowly. Just do the below and tell me when you have finished if you had any problems and then attach the new MGlogs.zip file. The reason for doing the below copying is to restore the original uninfected files which could help with your performance problems since you are running infected processes.


    copy this file: C:\Program Files\QuickTime\bak\qttask.exe
    To this folder: C:\Program Files\QuickTime
    Then delete this folder: C:\Program Files\QuickTime\bak


    copy this file: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\bak\InvokeSvc3.exe
    To this folder: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
    Then delete this folder: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\bak


    Also delete the below folders:
    C:\Program Files\WinPortrait\bak
    C:\Program Files\Java\jre1.5.0_08\bin\bak


    Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.
     
  18. ZenPup

    ZenPup Private E-2

    Re: One more time please!

    FYI, the QuickTime was replacing a newer file with an older file; the Linksys was an identical file being replaced.

    Can you tell me what the heck we just did? And what is the next step (in concept as well as specific directions?)

    I really don't live on the computer, so it may be tomorrow before I can get the next step done. (In between, I still have to use this broken machine since it's the only one left working in my home.) But please feed me as much as you can per post since one step per day is kinda nuts. I promise not to jump ahead if you make it clear where I should stop for you to review logs.

    Please let me know what you're seeing, doctor, and when we are actually making any progress. I just don't want to be a victim of House (the character on TV), who runs lengthy tests to disprove zebra ideas (Occam's Razor).

    Again, thank you for your help!
     

    Attached Files:

  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: One more time please!

    Yes but the newer one was not valid. It was infected.

    Can you tell me what the heck we just did? And what is the next step (in concept as well as specific directions?)[/quote]Your logs showed signs of an Agent.AWF infection. You can read about this in the below links:

    http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Agent.awf&threatid=70517
    http://www.avira.com/en/threats/section/details/id_vir/2820/tr_dldr.agent.awf.14.html
    http://paretologic.com/resources/definitions.aspx?remove=Agent%20AWF%20Trojan

    Part of what this infection does is move valid files into a bak folder and puts an infected file in place of the original in the normal operational folder.

    What we are doing is try to restore your original uninfected files and then delet the infected folder. We are not just running a test on your PC. Search the forum for FindAWF and you will see many threads with this getting fixed. Search the internet and you will see thousands.

    Now let's see where things stand with AWF

    Double-click the FindAWF icon.
    • If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 1 then Enter to scan for bak folders
    The scan may take a while, please be patient.
    When done, a text file, Find AWF report is produced.
    Please attach the Find AWF report in your next post.


    If you are are still experiencing performance issues, you could have other hidden malware which will will run a rootkit scan to look for any rootkits OR you could be having hardware issues.

    Please run this Running GMER to detect rootkits and attach the requested log.
     
  20. ZenPup

    ZenPup Private E-2

    Re: One more time please!

    Okay! :) Now I get it! Thank you for the background. I'll skip reading all the threads for now though.

    I've attached the FindAWF report.

    System seems to be running faster--I'll try to ride it hard to see if I can recreate previous problems.

    Do I still need to run GMER or only if I still have problems?

    Gosh, I don't want to jinx myself (or you!) but wouldn't it be GRAND if this were the end of the trouble? (I think I have a bottle of Veuve Cliquot in the fridge that would be appropriate! ;) )
     

    Attached Files:

    • awf.txt
      File size:
      612 bytes
      Views:
      1
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: One more time please!

    Only if you still have a problem.


    Empty your Recycle bin to remove this: C:\Recycled\Dc12\qttask.exe
    Also you need to delete the below folder:
    C:\Program Files\QuickTime\bak


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
     
  22. ZenPup

    ZenPup Private E-2

    Re: One more time please!

    It was rockin! The system was zooming. I had 4 IE sessions running & all was well. I followed your clean up directions (thank you for cleaning me up again!) & got to #10...

    ...but opening that extra window (it was only 2 at that point) did me in. Everything froze, screen wouldn't repaint, pointer stayed an arrow. All just like before :(

    And I was gonna take out the champagne!

    I suppose now I've deleted all my tools, but that's the least of my worries.

    I'm still wondering whether it's paging & memory when it acts like this or when IE doesn't launch fully. What do you think?

    I'll go run GMER & send the log. Wah!
     
  23. ZenPup

    ZenPup Private E-2

    GMER log

    Okay, I ran GMER & went to bed. Here's the log.

    I also noticed when I went to start IE to send this post that Task Mgr showed 6 (a record!) running iexplore processes even though I had no windows open (and was even disconnected from the web to run GMER). I still have to try several times (and delete several orphan processes) to get my IE to start up.

    Thanks again for your persistance!
     

    Attached Files:

  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: GMER log

    I'm not sure if this is your problem or not but I have seen many people have a variety of problems which even include BSOD crashes when using Daemon Tools which you have installed. I think it would be worth a quick try to uninstall it and also make sure after the uninstall that the below file was deleted:

    d347bus.sys
     
  25. ZenPup

    ZenPup Private E-2

    Daemon tools?

    What daemon tools? What were they installed as/with?

    And how do I uninstall them?

    Did the GMER log tell you anything? Am I completely free from malware at this point? Is it time to go slaying daemon tools before we know that for sure?

    (Sometimes your replies are such non-sequiturs!)

    They've got a nice little Sony laptop in my favorite color on sale at Staples. It's just calling my name...

    Please give me some hope now that I don't have to resort to replacing hardware this week! I need a map--PLEASE give me an idea of what we've done, where we are, and where we're going with the Journey to Fix My PC. I feel like Alice in Wonderland.

    Are there any women Major Geeks? Maybe it's a Venus-Mars communication thing & I could make better sense out of the whole process with someone who speaks my dialect, nothing personal.
     
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Daemon tools?

    Sorry but you installed it. It is on your PC and it is not an application that is installed with Windows. Since it is your PC, you are the one that has to keep track of what you install. Daemon Tools is not malware. I'm merely stating a known fact that some people have problems due to it and the problems include possible crashes. See the below which you could easily search for yourself

    http://www.daemon-tools.cc/dtcc/download.php?mode=ViewCategory&catid=5

    Same as all installed programs and that is Add/Remove Programs.

    It showed no malware and merely reminded me that you have Daemon tools installed because I saw the d347bus.sys driver for it showing up.


    We have checked you system for malware and removed it and also removed a few other unnecessary startups. Your logs are clean. Your problems are not malware (unless you reinfected yourself somehow after message # 21). Our journey is over. You need to look elsewhere. You may want to start checking your system for possible hardware issue if uninstalling Daemon Tools does not help.
     
  27. ZenPup

    ZenPup Private E-2

    Re: Daemon tools?

    I uninstalled the Daemon tools, whatever that was. I haven't had a freeze of IE so far. But I still have to start IE 3-4 times to get it fully running.

    Thank you so much, Chaslang, for all your patience and perserverance! Things are SO much better than they were at the beginning of this "journey" that I am hopeful I can troubleshoot & fix the other annoyance as well.

    My pocketbook thanks you, my blood pressure thanks you, my internet activities thank you!

    Virtual champagne to you,
    --ZenPup
     
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Daemon tools?

    I'm not exactly sure what you mean by this. Can you describe this problem with more detail and if you get any error messages tell me exactly what they are. This may not be malware.

    Also please download the newest version of MGtools from MGtools.exe Download to C:\MGtools.exe and overwrite your old version. Then run MGtools.exe and attach the new C:\MGlogs.zip file that will be created.
     
  29. ZenPup

    ZenPup Private E-2

    Re: Daemon tools?

    Oh, didn't realize we were still in gear! I thought I'd been graduated to the great beyond! Thanks for still caring ;)

    I'm not sure I know how to describe it better.

    When I try to start Internet Explorer, regardless of where I start it, it may take 4 attempts to get the window to actually open & run. The false starts show on Task Manager as "iexplore.exe" without any running CPU numbers and with only about 12,000 to 15,000 under Mem Usage, whereas a full-blown session shows CPU usage and runs 50,000-80,000 Mem Usage.

    That in itself seems to be merely annoying. But I have tied it, correctly or not, to the problem I've been having when I have more than one IE session up & running and the secondary or tertiary, etc. window freezes.

    I haven't had IE freeze in a few days, so maybe you cured that with the malware clean-up. But I still have the issue with trying to start IE.

    I'm so paranoid about those false starts that I clear the process from Task Manager just in case. And I've found that if Task Manager is running & not minimized, for some reason (maybe superstition) IE will start just fine.

    BTW, when I try to click on the MGtools.exe link above, it goes to http://forums.majorgeeks.com/attachment.php?attachmentid=78148&d=1197578213
    & says "invalid attachment". :(
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Daemon tools?

    This may not be malware.


    That's because it has been updated since my last post. The current link is: MGtools.exe This link will only be good until the program is updated again; however if you goto the READ & RUN ME and find the link given in the READ ME, it will always be correct.
     
    Last edited: Dec 16, 2007
  31. ZenPup

    ZenPup Private E-2

    MGlogs attached

    Enjoy! ;)
     

    Attached Files:

  32. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: MGlogs attached

    Your logs are still free from malware but I do suggest you do the below.

    Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
    C:\Documents and Settings\Sally\Local Settings\Temp


    Also it seem strange for the below items to continue to be in your logs. They have been there for a while. I'm not sure why these supposedly RunOnce items for AVG have to keep running more than once:
    Let's fix the above and see what happens although I don't think it is a reason any problems.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

    After clicking Fix, exit HJT.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

    Make sure you tell me how things are working now!
     
  33. ZenPup

    ZenPup Private E-2

    MGlog.zip attached

    I have long suspected that AVG is not running properly for my system. I have even taken to (gasp!) turning it off on occasion because it is a hog. I am dismayed to see that you recommend it for protecting from malware (once I'm all fixed up) because I'd rather never see it again. Any alternate software that I could use instead?
     

    Attached Files:

  34. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: MGlog.zip attached

    Your log is clean.

    AVG runs perfectly fine in all cases where we have tested it. And it is one of the best (if not thee best) free AV. Your problems with it sound like they could be due to any of the below:
    1. an improper installation
    2. installing it more than once when already installed
    3. installing it while another antivirus was still installed
    4. or installing another antivirus while AVG is installed and then uninstalling the second antivirus leaving AVG in possibly an unstable state
    5. or malware issue.
    Based on the fact that we needed to do some cleanup from Symantec 2,3, and or 4 come into play.


    Also are you installing just the free antivirus or are you installing the security suite?
     
  35. ZenPup

    ZenPup Private E-2

    Re: MGlog.zip attached

    I installed just the free antivirus.

    My internet explorer is getting worse. Even reboots don't help out. This morning I had to launch it 6 or 7 times to get it to actually start up. And the freezing is happening more often and more quickly. It seems like the memory or something just gets overwhelmed.

    What should I do next?
     
  36. ZenPup

    ZenPup Private E-2

    Re: MGlog.zip attached

    Wow! That last post froze the window, shot the CPU up to 99 and hung for over a minute--I was surprised it even recovered without me manually ending the process.
     
  37. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: MGlog.zip attached

    In my final steps given in message # 10, I gave you a link to FireFox. Here it is again: Mozilla FireFox Please download and install it. Then try using it to d your browsing. Do you still have problems when using FireFox?
     
  38. ZenPup

    ZenPup Private E-2

    Woo hoo!!!!!!

    Chaslang, I could KISS you!!! :celebrate

    I am in LOVE :drool with Firefox--no problems whatsoever browsing now! And apparently no malware problems at all anymore either.

    You are a godsend and a very patient person to work through all this with me, even in my dark hours when I questioned my own sanity & communication skills.

    Where do I ship the champagne? :drink

    --Zenpup
     
  39. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Woo hoo!!!!!!

    You're welcome.

    You should consider trying to figure out what your problems are with Internet Explorer. This would be a topic for the Software Forum. Without IE, you will not be able to work with many websites. One of the most important sites you will have problems with is Microsoft Update which means you cannot download and install required updates from for your Windows OS or other Microsoft software.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds