sachin042
asked on
Everything on my PC appears as some Junk ascii characters
hi,
Today morning when i booted up my PC, all the text, including the Welcome message on Welcome Screen appeared as some junk ASCII characters like ÙB¨Ëe"Ë
Even the folder names, My Computer, all text on desktop, all text is appearing like some ASCII characters but not the normal english.
Can someone please help with this?
Today morning when i booted up my PC, all the text, including the Welcome message on Welcome Screen appeared as some junk ASCII characters like ÙB¨Ëe"Ë
Even the folder names, My Computer, all text on desktop, all text is appearing like some ASCII characters but not the normal english.
Can someone please help with this?
Just curious, was anyone messing with the language settings recently? Can you still log in?
ASKER
I can log in,...
Only i use my laptop and i havent touched the language settings :)
I remember doing a registry fix run using Bitdefender.. can this have caused the problem.
Only i use my laptop and i havent touched the language settings :)
I remember doing a registry fix run using Bitdefender.. can this have caused the problem.
Definately. There are two ways to procede. The first is going to take more details of the problem to possible find a solution. The second is to do a repair install (this will not remove data and will rewrite some of the registry). I would be willing to help you with either way.
ASKER
hi cycle303...
One problem is I do not have the WinXP re install CD with me right now... can it be done without the OS cd?
Will system restore help?
One problem is I do not have the WinXP re install CD with me right now... can it be done without the OS cd?
Will system restore help?
System restore will wipe data. This is an option if you have everything backed up. The next question is, do you have a valid XP serial number?
As a sanity check, boot from a boot disk and see if text is garbled then. If you don't have a boot disk, the UBCD is a good one and handy to have.
http://www.ultimatebootcd.com/download.html
If test is garbled when booting from a non-Windows disk, try replacing your video card.
http://www.ultimatebootcd.com/download.html
If test is garbled when booting from a non-Windows disk, try replacing your video card.
ASKER
The OS i am using is original.. is there a way to get the Serial Number from the OS itself? As i left my CD at someother place and will take time to get it back from there.
Yes there is, but if the text is garbled, it won't do you any good. Is there a license sticker on the machine itself? Another option like the one mentioned above would be to try to boot into safe mode. After the bios screen, hold the F8 key and wait for a meny. Select boot into safe mode--no networking. See what the screen looks like then.
ASKER
will have to check below the laptop to see if the key is there.... havent got my laptop with me right now.. will check n let u know.
i tried booting in safe mode, even there the text is garbled..
i tried booting in safe mode, even there the text is garbled..
If you haven't done a whole lot since the problem occured ( I would assume not). Try system restore first. If you have no luck, let us know.
ASKER
One more thing.. after this problem started.. everytime i boot up my system.. i get a pop uo related to EULAlauncher.exe. Cant make out what the pop up says, as its all garbled.
Just added if this EULAlauncher.exe helps..
Just added if this EULAlauncher.exe helps..
Also, send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.
Yes, looks like you have Malware, as orangutang has inferred!
I'd already composed this comment but found the last poster had already replied! Will post it anyway, it may help ....
Try running Trend HijackThis 2.02 >>
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html
The technique is to create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder. It is important that you download this file to its own folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.
Run Hijackthis scan, save the log file, then upload it by clicking the "Attach File" box, and pasting it in the dropdown page.
If you're familiar with using HijackThis you'll know what items to FIX.
I'd already composed this comment but found the last poster had already replied! Will post it anyway, it may help ....
Try running Trend HijackThis 2.02 >>
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html
The technique is to create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder. It is important that you download this file to its own folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.
Run Hijackthis scan, save the log file, then upload it by clicking the "Attach File" box, and pasting it in the dropdown page.
If you're familiar with using HijackThis you'll know what items to FIX.
By running HijackThis & even if it cannot Fix any nasty, at least it will point us to an appropriate tool to remove an infection. Suspect you'll need to follow it with Combofix.
So when you're ready, download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may hang (stall). It is absolutely normal for you to see just a blue screen with flashing cursor, and this can last for up to an hour. Just let it run.
You will have to disable NAV if you have it installed, it's been reported that it can interfere with the cleanup.
So when you're ready, download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may hang (stall). It is absolutely normal for you to see just a blue screen with flashing cursor, and this can last for up to an hour. Just let it run.
You will have to disable NAV if you have it installed, it's been reported that it can interfere with the cleanup.
Also, SUPERAntiSpyware (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE)
:)
:)
ASKER
so is this EULAlauncher.exe a malware? I thought it comes preinstalled with all DELL laptops.
It began to look like Malware so did some searching >>
"eulalauncher.exe is taking 50%+ of my CPU Processing":
https://www.experts-exchange.com/questions/22844864/eulalauncher-exe-is-taking-50-of-my-CPU-Processing.html
Then >
"eulalauncher.exe - eulalauncher - Process Information":
http://www.liutilities.com/products/wintaskspro/processlibrary/eulalauncher/
So running HJT would be prudent.
"eulalauncher.exe is taking 50%+ of my CPU Processing":
https://www.experts-exchange.com/questions/22844864/eulalauncher-exe-is-taking-50-of-my-CPU-Processing.html
Then >
"eulalauncher.exe - eulalauncher - Process Information":
http://www.liutilities.com/products/wintaskspro/processlibrary/eulalauncher/
So running HJT would be prudent.
ASKER
ok. will run hijackthis...
i have been seeing this eulalauncher.exe in my startups from when i have bought my DELL laptop.. so dont think it has caused the text to be garbled.. anyway will run HIJACKTHIS and let u guys know.
i have been seeing this eulalauncher.exe in my startups from when i have bought my DELL laptop.. so dont think it has caused the text to be garbled.. anyway will run HIJACKTHIS and let u guys know.
Ok, thanks. Incidently in the E_E thread quoted above, the last comment by stepnharp is interesting & could be your preferred way out.
Have you booted from a CD to determine whether it's OS related or not?
ASKER
Hi,
I was able to fix it using system restore.... :)
Also here is the HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:23 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\SYSTEM32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYS VC.EXE
C:\WINDOWS\System32\bcmwlt ry.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc3 2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\UPHClean\uphclean.ex e
C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\system32\RUNDLL 32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY .exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMa in.exe
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\Program Files\Dell\MediaDirect\PCM Service.ex e
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\cmd.ex e
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Search,Default_Pa ge_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071120
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F 45BD3D40CF 4} - c:\PROGRA~1\mcafee\msk\mca pbho.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5 B79BFDFEA6 0} - C:\Program Files\BitComet\tools\BitCo metBHO_1.1 .11.30.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d 13f3d2976a c} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B A8D5E23E04 5} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\2 .0.1121.24 72\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6 4B5B4FF55D 0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A 07C3DB8F77 7} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8 377850BF20 5} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6 4B5B4FF55D 0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F C6124A40F8 C} - C:\Program Files\BitDefender\BitDefen der 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr ay.dll,NvT askbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY .exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMa in.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCM Service.ex e"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALaunc her.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.ex e/AddLink. htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.ex e/AddVideo .htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.ex e/AddAllLi nk.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.h tm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \Office10\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.h tm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C 1E3DC1AF43 A} - res://C:\Program Files\BitComet\tools\BitCo metBHO_1.1 .11.30.dll /206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{5 69C4DD4-4A A3-4BD1-9A 49-443CBC1 4A942}: NameServer = 202.144.105.4,202.144.10.5 0
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~ 2\GOEC62~1 .DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS WINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc. exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3 2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe diaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYS VC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
--
End of file - 10270 bytes
I was able to fix it using system restore.... :)
Also here is the HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:23 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\SYSTEM32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYS
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\system32\spools
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchos
C:\Program Files\UPHClean\uphclean.ex
C:\Program Files\Common Files\BitDefender\BitDefen
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\RUNDLL
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMa
C:\Program Files\Common Files\InstallShield\Update
C:\Program Files\Dell\MediaDirect\PCM
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\BitDefender\BitDefen
C:\Program Files\SUPERAntiSpyware\SUP
C:\Program Files\Google\GoogleToolbar
C:\WINDOWS\system32\ctfmon
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\cmd.ex
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitDefender\BitDefen
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\BitDefender\BitDefen
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKLM\Software\Microsoft\In
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMa
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCM
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALaunc
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.ex
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.ex
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.ex
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.h
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYS
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefen
--
End of file - 10270 bytes
At least the text is no longer garbled. For the most part, your hijackthis report looks harmless.
Your analysed HijackThis logfile>
http://www.hijackthis.de/logfiles/370c5284134955cb98c2d574f104c587.html
From the logfile please see if you recognise these three entries. An initial check & they look harmless>
C:\WINDOWS\system32\KADxMa in.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMa in.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
This 4th entry is slightly different>
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
Details>
"oem02mon.exe - oem02mon - Process Information":
http://www.liutilities.com/products/wintaskspro/processlibrary/oem02mon/
So even though your problem appears resolved, and that's good, it's advisable to rescan for virus & Malware. Although unlikely, it's conceivable that a nasty is/was hidden in the System Restore folder.
http://www.hijackthis.de/logfiles/370c5284134955cb98c2d574f104c587.html
From the logfile please see if you recognise these three entries. An initial check & they look harmless>
C:\WINDOWS\system32\KADxMa
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMa
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
This 4th entry is slightly different>
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
Details>
"oem02mon.exe - oem02mon - Process Information":
http://www.liutilities.com/products/wintaskspro/processlibrary/oem02mon/
So even though your problem appears resolved, and that's good, it's advisable to rescan for virus & Malware. Although unlikely, it's conceivable that a nasty is/was hidden in the System Restore folder.
ASKER
can i have this question deleted and get my points back please?
Did none of the information above help in any way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't honestly know the process because I have never posted a question. I would assume someone else makes that call.
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator