nickg5
asked on
what caused these failures on boot up?
My computer has been running fine for years. I shut down properly last night. Today when I booted up, I could not open anything on my desktop. I would click the icon twice and also right click and open. One was IE and the other was an investment software independent of any Windows programs. MSN messenger opened but I could not open hotmail by clicking on the little icon that told me how many new messages I had. I shutdown using the start button. I rebooted. Again no program icons would open when clicked. This time I could not open the start button. It would not open. I just turned my computer off manually and rebooted. Same result, no programs would open. I turned my pc off again. Then I was able to get Ad-Aware and AVG running. No virus. Ad-Aware did find a new item in addition to the normal tracking cookies. It found something called "diaremover". It has never found that before, whatever it is.
AVG made changes to kernel32, user32, shell32, and ntoskrnl.exe. My computer is fine now. What was going on and where did it come from over night? I am the only user so no usage between my last successful shutdown last night and my initial boot up this morning.
AVG made changes to kernel32, user32, shell32, and ntoskrnl.exe. My computer is fine now. What was going on and where did it come from over night? I am the only user so no usage between my last successful shutdown last night and my initial boot up this morning.
You should beware of things you click on - diaremover advertizes itself as a spyware remover, but it is a spyware itself that takes over your machine: http://paretologic.com/resources/definitions.aspx?remove=Diaremover. In this day of spyware, just running a browser with ActiveX enabled can let them install on your machine. Keep your genuine anti-spyware programs running all the time or run them frequently. I also avoid Internet Explorer because it is so well-known that hackers target its weaknesses.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
so diaremover was my problem?
I did not click on anything abnormal from my desktop, IE, investment software, etc. and nothing would open up.
I did not click on anything abnormal from my desktop, IE, investment software, etc. and nothing would open up.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I would recommend downloading hijackthis from the following link...
http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1
Run this on your computer and copy/paste the log file here and will be happy to help you.
http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1
Run this on your computer and copy/paste the log file here and will be happy to help you.
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 12:26:08 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
C:\WINDOWS\WDVRCtrl.exe
C:\WINDOWS\System32\igfxtr ay.exe
C:\WINDOWS\System32\hkcmd. exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\G7PS\Shared Files\Qchex\Qchex.exe
C:\Program Files\Yahoo!\Messenger\yms gr_tray.ex e
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\Schwab\SSPro\SSPro.e xe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nick\LOCALS~1\ Temp\Tempo rary Directory 1 for hijackthis[1].zip\HijackTh is.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.my.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAl ert.Exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [POPUPWATCH] C:\Documents and Settings\Nick\My Documents\My Pictures\SpywareRemover\po pup-watch\ PopUpWatch .exe /STARTUP
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\Best PopupKille r.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah ooMessenge r.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateMana ger.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office (2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Qchex Tray Icon.lnk = C:\Program Files\Common Files\G7PS\Shared Files\Qchex\Qchex.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-0 08048fdd81 4} (MeadCo ScriptX Advanced) - http://69.41.164.115/smsx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-0 0A024541EE 3} (Citrix ICA Client) - http://dl.boston.runaware.com/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C 9A1EB4EBB3 1} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {49232000-16E4-426C-A231-6 2846947304 B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D 305C1750EF 3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0 040963251E 5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqaio/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5 009F29E09E 1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-0 0C04F72DAE B} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3 197142AD97 9} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
Scan saved at 12:26:08 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Logitech\QCDriver\LV
C:\WINDOWS\WDVRCtrl.exe
C:\WINDOWS\System32\igfxtr
C:\WINDOWS\System32\hkcmd.
C:\PROGRA~1\Grisoft\AVGFRE
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\G7PS\Shared Files\Qchex\Qchex.exe
C:\Program Files\Yahoo!\Messenger\yms
C:\PROGRA~1\Grisoft\AVGFRE
C:\PROGRA~1\Grisoft\AVGFRE
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\wuaucl
C:\Program Files\Schwab\SSPro\SSPro.e
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nick\LOCALS~1\
R0 - HKCU\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [POPUPWATCH] C:\Documents and Settings\Nick\My Documents\My Pictures\SpywareRemover\po
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\Best
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateMana
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office (2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Qchex Tray Icon.lnk = C:\Program Files\Common Files\G7PS\Shared Files\Qchex\Qchex.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {1663ed61-23eb-11d2-b92f-0
O16 - DPF: {238F6F83-B8B4-11CF-8771-0
O16 - DPF: {2DFF31F9-7893-4922-AF66-C
O16 - DPF: {49232000-16E4-426C-A231-6
O16 - DPF: {4C39376E-FA9D-4349-BACC-D
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {88D969C0-F192-11D4-A65F-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {C3DFA998-A486-11D4-AA25-0
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE
Do NOT post HijackThis logs here - they take up a large amount of space, they don't help people with different problems, and there is an online analyzer here: http://www.hijackthis.de/index.php?langselect=english