HiJack This Report

Hello,
I have a brand new 4 week old Alien computer that the hard drive went bad supposedly a bad sector. I installed new HD last week and am again having problems with pop up errors telling me the program has stopped working and
will close. Most of the time the programs don't stop and appear to continue on normally. The Alienware Tech told me I have a virus and to install the OS. I just put in the new drive and OS only 5 days ago. He can't possibly know that just because of these messages popping up. I have run virus and spyware scans daily and with the exception of a few spyware cookies showing up everything else comes up clean. I've attached a Highjack This report in hopes of someone possibly knowing what might be happening.

Thanx for any help :confused
Bren

 

Hi Brendy59,
Welcome to Major Geeks!

What is the nature of the popups? Are they appearing at startup? Are they in association with your browser? Is it possible you are reinfecting your computer by installing things that were infected from an external drive like a cd or flash drive?

If you have not changed anything during the installation of HijackThis, by default it will create a backup for certain of the files that are removed. Please run it and after closing all your browsers, have it fix the following item. See if the popups are still there. If they are, you can restore this item from the backups.

O4 - HKLM\..\Run: [AlienFX Controller] "C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe"

If this does not remove the popups problem, please go to the READ & RUN ME FIRST and follow the instructions there. When you finish, attach the requested logs with your next post.

abri

 

Hi Abri,
Thanx for the response. When I reinstalled my files onto the new HD they came from my mini hard drive. These pop up messages are saying they've stopped and will shut down and then I immediately get a pop up about the Data Execution Prevention and how I can click on the box and change setting to allow certain programs to run with it disabled. This 2nd box doesn't pop each time but it does often. It doesn't matter what I do or open I get these. When my CA Anti-Virus updates I get the same message about it must close because it has stopped working, yet anti-virus continues to run.

I have followed the instructions for running the Super Anti-Spyware, Malawarebytes, combofix and MG tools.

With the Combofix the instructions for changing the name and then inputting the command into the run box the "%userprofile%\desktop\cf.exe"/killall was not recognized. So I just clicked the icon on the desktop and ran it. It seemed to stall out at the end after it said the log would be presented in a few minutes. I waited more than 30 minutes then shut the system down.

I then tried to run the MGTools and it will not run. The program has stopped working and the CLSID verification boxes continue to pop up and not allow the MGTools run.

O4 - HKLM\..\Run: [AlienFX Controller] "C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe"

The above is an application for changing the lighting on the tower, if I remove this won't this prevent the application from working?

I'm frustrated because my laptop has also spit the hard drive out and I'm trying to also save files that are next to impossible to get off the system. I'm about to have 2 computers down and that's not a good feeling.

I will go ahead and remove the above application and run the Highjack again and then attach it for your review. Thank you for your time.

Bren

 

Here is the log after removing the suggested item.

Also here are the other logs for the spyware and combofix

Bren

 

And the Makwarebytes log

 

Hi Brendy59,

I don't think the problem you're having is a malware problem. You have Webroot Desktop Firewall running together with CA Security Suite. Does the problem continue if you unintall the Webroot?

The Alien entry you removed with HijackThis can be recovered by starting HijackThis, clicking on None of the above, just start the program, then clicking on Config and finally on the Backups button at the top of the page. This will give you a list of things you've fixed. Check the one you want to restore and the click on restore.

abri

 

Hi Abri,
I suppose there could be a conflict between CA and Webroot. I didn't install the CA Firewall with the suite because it blocks zips and exe attachments which was a real hassle.

I wonder if there is a possible problem from when I copied my whole user file onto the new hard drive? I had installed my Vista Utlimate and then copied the user file from my mini hard drive. The OS I had from that user file was Vista Home. Once I copied it in I kept seeing things like Documents(2) pHOTOS(2) and so on. I deleted the folders that had the (2). Perhaps I messed something up when I did that.

Bren

 

Hi Brendy,
I've asked someone to look at this who knows a lot more about Vista than I do.
abri

 

Abri,
Thanx for you time! It's really appreciated very much.

Bren

 

Hi Brendy,
This is Halo's answer. He said he'd be watching for your reply:

So there you go. What do you make of it with regard to the issues you mentioned at the start.

abri

 

Thanx Abri,

Ok those "program has stopped working pop ups" happen when ever the CA anti-virus does it's updates which is once or twice each day. I use the 2007 Microsoft Office Professional. Sometimes I get both pop ups when opening a new Word doc., sometimes when I click on an attachment in Outlook mail I get it, And I also got them when I tried to run the MGtools. Even though I get the pop ups with Word I can still use the program without any problems as far as I can tell. I am unable to open pdf files when I get the pop ups.

I may try to remove the webroot firewall and use just the Vista firewall. I thought the firewall with XP and Vista were not considered very safe. This is why I haven't used it.
Thanx to both of you for helping me with this issue.

Bren

EDIT: I just added the Verclsid to the allow in the webroot firewall. I'm going to reboot and see if anything has changed. Sometimes it takes a a little time just playing around to get something to pop up.

 

Hi Brendy59,
Just curious. How did it go? Did you keep 'Webroot?
abri

 

Hi Abri,

I ended up just reinstalling the OS. It just seemed to get worse as time went on. I removed the Webroot firewall and just went back to the Vista firewall. I still want to upgrade the OS back to the Ultimate Vista. Right now it's just the home version. But I figured I'd take my time installing things and setting a restore point with each install just to be safe. So far it's been going good. But I do still have a few programs to get back on here. My networking problems have cleared up too. I can only guess that with installing the new HD that the 1st reinstall of the OS must have been corrupted and caused all of these problems. Again thank you for your time and help with trying to work thru it all.

Bren

 

Hi Brendy59,

You're welcome and thanks for reporting back. I'm a great support of restore points. They've proven very useful.

You may find the Software Forum quite useful if you haven't had time to visit there yet.

All the best to you.
abri