pc very ill

hi

i'm running xp pro sp2 and my pc has lost functionality; can't use cd-rom, can't boot to

safe mode,all progams in start menu seems to be diabled, can't retrieve ms updates and pc

seems to hang when shuting down and seems very slow in performing tasks.

when i try to use the cd rom the pc crashes and displays a blue screen with the message "

to prevent damage to your machine windows has closed". it identified first that the file

ATI2dvag could be corrupt or missing or maybe the hardware itself is faulty. subsequent

crashes identified a couple more missing or corrupt file; GD123.dll and hal.dll

i've run all avg scans; virus, spyware and rootkit, spybot, counterspy, ms defender and

they all come back clean.

ive included a hjt scan and was hoping a kind hearted techy could look at it and give their

opinion.

much apprieciated, niall

 

Hi niall,
Welcome to Major Geeks!

You have two antivirus programs running on your computer: AVG and Symantec. Please decide which one you want to use and remove the other. AVG can be removed via add/remove programs. Symantec can be removed with the following two links. It is important to completely remove one or the other of these from your system, but not both. You can keep AVG Antispyware regardless of which of the two antivirus programs you choose to remove.


If you decide to remove Symantec you will need to do two steps:

Go to Removing Files from Norton Antivirus Quarantine. If you have any files in quarantine, remove them using this tool.

After you complete this, run the Norton Removal Tool & Instructins from Symantec
Read the warning associated with it to see if it is a concern for your computer. If so, back up the data as they request.

After you complete the above, reboot your computer.

Run a fresh HijackThis log and attach it using the Manage Attachments button beneath the box you put your reply into.

Let me know how this went!!

abri

 

hi abri

thanks for taking time to answer. i deleted norton a few days ago before i got your post but didn't use to first step of removing the files that you mentioned .
anyhow, still didn't improve the pc at all. have included hjt update as requested

regards niall

 

Hi niall,

This is what I wrote:

We don't use inline logs, for one reason because they contain live links which visitors to your thread may click on to malware sites. Please use the Manage Attachments button.

The problems you describe sound like they could be related to malware so I would like for you to go through the instructions in the READ & RUN ME FIRST and attach the requested logs when you get finished.

Thanks.
abri

 

hi abri

thanks for the tip with inline logs. i hope these scans shed some light. sb and sas kept crashing so it did take a very long time to complete them.sb didn't find much and reported no immediate threats but crashed (3rd time) before i could delete the 3 items it found, hence no sb log.

have a good weekend and thanks again for your help

regards, niall

 

ps i just had to restart my pc after another freeze and an adobe player security warning popped up telling me about:blank is trying to contact acvs.mediaonenetwork.net

 

Hi niall,

1) Please disable your guest account if this hasn't already been done.

2) Then I would like for you to open Windows Explorer and click on desktop and look at what files and folders are in there. Do you recognize everything? If not, please right-click on those entries you don't recognize and go to Properties. See if there is any information about the files/folders in properties. For instance, do you know what the following file is? (Don't open any files - only use right-click)

C:\Documents and Settings\niall\Desktop\"
314060.exe May 2 2008 130920 "314060.exe"

3) Download and install Erunt. Use it to create a backup of your registry.

4) Now I would like for you to go to the following site and see if you can find any remaining entries from Counterspy: Manual Uninstallation of CounterSpy 1.0, 1.5, & 2.x


5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


6) Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


After you click fix, just close hijackthis.



7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

8) Now run CCleaner at the default setting with the Windows tab as the top one.

9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

hi abri

not too much difference i'm afraid, although i can boot into safe mode now and pc is more responsive. all programs is still left click disabled and i get that blue screen crash when i use the cd/dvd rom with same message ATI2dvag is in an infinite loop

regards, niall

 

Hi niall,

Being able to get into safe mode means that something happened. Did you forget step 9?

abri

 

had a little trouble attaching them won't let me attach mglog i'll change the name...still no good

 

had a little trouble attaching them should work this time

this seems to be the only way i can attach them changed the file name several times but said it was already used in the thread:confused

 

last one!!

 

Hi niall,
The reason for the message you're getting is because you're attaching the same logs. The hijackthis in your zip file in post 5 has the same date and time as the hijackthis you posted in post 11. Please do the following:

Go to USING MG TOOLS and follow the instructions for downloading the tools. Allow them to install over the existing ones. Then continue to follow the instructions and run them again. Try uploading the new logs when they are finished. The logs will already be zipped. You do not have to zip them again. Simply click on the Manage Attachments button when you go to post your next reply and look directly under C:\ where you'll find the file MGlogs.zip. Allow this to upload and after closing the upload window, click on submit. Be sure to write something into the message box like "here are the logs".

abri

 

thanks abri
these are the new logs

 

Hi niall,

Please run Avenger again as you did in Post 7, Step 7 only this time use the contents of this box:

After you finish, please run CCleaner again and then attach the new Avenger log with your next post.

After you do the above, please take a look at this thread. There are several suggestions regarding the ATI2dvag is in an infinite loop message. It seems there is not a standard fix for this and that it is not caused by the same things, but there might be something in these suggestions which helps you. Read it all the way through before you see if there is any comparison with your own situation. http://www.techspot.com/vb/topic15393.html


Thanks.
abri

 

thankyou for your research abri

i'll go to the link now

 

Hi niall,

The Avenger log is the old one. Please post the newest Avenger log which accompanies the instructions in post 15. The log should be a report on just 3 files this time.

abri

 

oops! sorry about that

 

hi abri

i finally got start >all programs to open by typing regsvr32 /i shell32.dll into the run box:-D so now the only problem is the cd rom crashing the pc

regards, niall

 

Hi niall!

I'm glad that worked with your All Programs!

The Avenger log is still the old one from Post 7, Step 7. I need for you to rerun Avenger and allow it to produce a new log. You can see when you open the log you are posting to me that there is mention of C:\xrkey00.txt but as you can see in the contents of the box in this post, there is no C:\xrkey00.txt That file was already removed the first time you ran Avenger so it would not be showing up in your current Avenger log which should have overwritten you other log. Are you getting an error message which is preventing Avenger from running? Even if you get an error message, your log from running Avenger this time should be different than the first time you ran it.

After you run Avenger again using the contents from the above box, please run CCleaner. Then attach the new Avenger log.

abri

 

ok will do. but they were the only two logs i had

 

hi abri

hope this one works, my apologies. i deleted all the old ones before i ran the new test.no error message but i did get one on previous runs

i just noticed now that i can access all programs, that windows update is disabled. a blank explorer window opens with no url and an error message cannot open (null) file

i can however access updates page with firefox but can't download

thanks niall

 

Hi niall,
Avenger ran but didn't find the entries I asked it to delete. I need to know if, since the beginning of this thread, you've been able to get your Windows updates or not? Is there anything new you reported in your most recent post or are these the same problems you reported in your very first post?
abri

 

hi abri

no new problems since first post i seem to be able to do manual updates on some things but auto updates fail. defender won't update either

 

Hi niall,

In post 7, step 2, I asked you about the following file. You can right-click on it and look at properties for more information, but don't left-click on it. It's still showing in your logs and I would like to know what it is. If you don't know what it is, please upload it to either jotti or VirusTotal and have it scanned. If you do this, please post the results.

C:\Documents and Settings\niall\Desktop\314060.exe

Also, with regard to your computer crashing, was there anything helpful in the website I pointed you towards that deals with the same error you're getting?

Please attach a fresh MGlogs.zip with your next post (obtained by doubleclicking on C:\MGTools\GetLogs.bat

Thanks.
abri

 

hi abri
C:\Documents and Settings\niall\Desktop\314060.exe is a MS tool i downloaded to remove the upper and lower filters on the cd-rom following a MS KB FIX but ran a scan on it anyway

as you pointed out, there doesn't seem to be "A FIX" for ati2dvag and i tried each and every one of them on that forum plus a couple more.

MS KB says this loop is caused by either incorrect bios settings or defective ram. i then updated the bios then set it to optimal fail safe and cleaned and swapped the ram and ran norton checkit diagnostic on them and they came back ok

also managed after about 6 hours and a dozen or more crashes to boot into repair consul and run disk repair. it found errors and fixed them and i also ran fixboot and fixmbr while i was there but, alas, still crashes when trying to use cd rom with same error message .

thanks again, abri

 

Hi niall,

Almost done.

1) Please go to the following folder and delete all the files out of it that Windows will allow you to delete. It won't allow you to delete those with the current date.

C:\WINDOWS\TEMP\

2) Then find and deleted these:

C:\WINDOWS\system32\OLD807.tmp
C:\WINDOWS\system32\OLD86F.tmp
C:\Program Files\Internet Explorer\OLD80C.tmp

If you can't find them, tell me.

3) Now run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

After you click fix, just close hijackthis.

4) And finally, please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

When you've completed the above, reboot and see how your computer is working. It is is working well except for the cd problem, I would like to go ahead and give you the final clean up instructions, then send you to the people in the Hardware Forum where you'll be able to get more input. Since the error you mentioned brings up a lot in google, it means it's a known problem, which is in your favor. When you start a thread in the Hardware Forum, tell them what you told me in your first post (yoiu can post the link to here) and tell them what got fixed and what is still not right. See if they can help you. Also, mention the Adobe error you got. I checked the website and it comes up okay in SiteAdvisor. That may give another hint about what's going on. about:Blank probably refers to the address in the browser at the moment. This is not malware.

Here are the final cleanup instructions. Wait a day or so before going through them to make sure nothing new is showing up:

abri

 

hi abri

pc seems more responsive ms updates are enabled, except for defender, but ithink i'll ununstall that antway and replace with one from the list you sent along with a different firewall.

all files deleted except C:\WINDOWS\TEMP\hsperfdata_SYSTEM, tried to upload it for a virus scan but it wouldn't let me.

the other steps went well

all seems good except for the cd rom now.

i'll perform the final clean up tomorrow and let you know

thanks, niall

 

Hi niall,

hsperfdata_SYSTEM is a legitimate file


I hope you'll continue your search for the solution to the ati2dvag problem in the hardware forum. I'd be very interested in knowing what they have to say about it.

All the best in your quest!
abri

 

dear abri

thank you so much for your kind assistance.it never ceases to amaze me how many people like yourself are so willing to invest their time and energies to help total strangers in trouble, it truly is a wonderful community out there!

i'll let you know how it goes

many thanks, niall:wave

 

You're welcome!