Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I've been getting A LOT of pos.tmp etc. files in my C: Drive and My Docs. I also have a Red X for the icon of my C Drive. I also have these "system messages": this is driving me crazy!! it slows down my computer so bad
System Warning:
Windows performed illegal operation. Your system files could have critical errors.
It could cause unpredictable or erratic behavior, freezes and crashes.
Fixing these errors can increase your computers's performance and prevent data your personal data loss .
Would you like to open System Troubleshooting center to fix the problem? (Recommended)Your system could become unstable
A potential problem has been detected and Windows has been shutdown
buggy application to prevent damage to your computer .
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)SysFader: IEXPLORER.exe - Potential Application Error
The instruction at "0x01d62739" referenced memory at "0x02354e50".
The memory could not be "read. Click OK to terminate.Important - Potential Errors found in the system
During a scan of files at system startup,
potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLEDHow do I fix this? i'm becoming extremely frustrated! Thanks in advance.
Go to the this link:
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".Once you click yes, your desktop will go blank as it starts removing
Vundo.When completed, it will prompt that it will reboot your computer,
click "ok".Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.Please download ComboFix to the desktop from one of the following links:
Link 3
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.
0 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:40 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adam\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - (no file)
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.0.24\SmrtShpr.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.24\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.24\SmrtShpr.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {D9285060-10C7-4BA8-A53F-7C6B8363A6E2} - http://home.excite.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://home.excite.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {3B238BE6-B83C-7B0C-7DDF-709F0D5245DD} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcapl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--
End of file - 3798 bytes
0
i have tried to run Combofix but it says some files could not be created please close all programs, reboot and run program again and i did but it still says the same thing??
0
Sorry, looks like I overlooked your post.
Please download Deckard’s Syatem Scanner (dss): Copy the following bolded address into your browser.
http://www.techsupportforum.com/sec...
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
0
Ok so i run DSS twice and got the same results...when openning Notepad i get two blank pages and it says the system cannot find the path specified
0
Lets try this>
Go to start> run> type in Combofix /u click ok.
Download Combofix again and try to run it, perhaps the first download became corrupt.
0
now i got a bow titled combofif with a message saying windows cannot find 'combofix' make sure ive typed it in correctly. which is strange cuz its right here on my desktop
0
Well, lets see if we can run an online scan.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
0
Can you save it as a .txt file to your "my documents"? Or just copy/paste it into the comments box and post it.
0
hey jabuck, i finally got the Kscan done after 3 trys and 13 hrs each but now when i go to copy and paste it to you in this post box it freezes...do you have an email that i could send it to or another way to get it to you?
thanks
0
I sent you an private message. On the right left of this page click "my computing.net" to access the pm.
0
Go to start> run> type in cmd> press enter> type in cd %system%> press enter.
Now type in the following commands one at the time and press enter:
(Note the space after attrib,-s,-h and del)
attrib -s -h netstat.com
Press Enter
del netstat.com
Press Enter
attrib -s -h cmd.com
Press Enter
del cmd.com
Press Enter
attrib -s -h ping.com
Press Enter
del ping.com
Press Enter
attrib -s -h regedit.com
Press Enter
del regedit.com
Press Enter
attrib -s -h taskkill.com
Press Enter
del taskkill.com
Press Enter
attrib -s -h tasklist.com
Press Enter
del tasklist.com
Press Enter
attrib -s -h tracert.com
Press Enter
del tracert.com
Press Enter
Exit the Command PromptDownload this free antivirus then update it:
AVG Free AntivirusTry to post the combofix log please.
0
When i type cmd in the run box it doesn't work i get the following error:
"cmd is not a valid Win32 application"
but if i type cmd.exe then it works fine. but what you told me to try and type in doesnt work at all...
0
That's a slick little baddie.
Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.Navidate to and delete these files if found:
netstat.com
cmd.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.comLet us know when you are finish and which files you found.
0
ok did what you said and found all of them...haha thats prolly bad but it just stinks...i seached for them and deleted them here is the list i found:
netstat.com
cmd.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.com
0
Go to start> run> type in combofix /u (note the space after combofix)> then click ok.
Redownload combofix from one of the links in response #! and try to post the combofix log please.
0
ok i tried the combofix /u thing and it said the same thing as i did before like its not even there...then i deleted the copy i had and downloaded another one and it still says some files could not be created..and whatever i did by deleting what you told me to delete my computer or those files didnt like it cuz its gone crazy...haha
0
Download SDFix to your desktop from the following link:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt.
0
Additional info for using the SDFix tool:
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe
0
hey there jabuck...i tried this with no success...it told me that some files could not be created...and when SDFix was doing its thing after i saved it to my desktop everything it tried to do said cannot create..then all the file names...my computer must really be screwed up..and for some reason before i ran this program and i deleted those files you wanted me to search and delete...the command prompt pops up really quick every once and awhile words appear really fast then shuts off and goes away...does this mean anything? do you have any clue why my computer wont let me create anything to get this fixed?
0
The virus is stopping any of our attempt to clean up the computer.
Lets see if it will run in safe mode.
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.Once again delete these files:
netstat.com
cmd.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.comNow try to run combofix from safe mode and if combofix will run let it finish then run SDFix from safe mode.
Save those logs so that you can find them then post them please if possible.
0
ok jabuck i tried what you said in safe mode and when i went to search for the files you wanted me to delete they were not there anymore after the first deleting. so i tried Combofix and SDFix and still nothing. both said some files could not be created. again thank you so much for your help...im sure this is getting a little drawn out..but i do want to let you know i appreciate it hopefully we can find a solution soon!
0
Get the free version of AVG, you can download it at this link:
AVG Free AntivirusReboot into safe mode and try to run SDFix and AVG antivirus from safe mode.
0
hey there...so i downloaded it and ran it in safe mode and Avg said i could not open or run in safe mode...and SDFix still said some files could not be created as well as Combofix..
0
hey did you ever fix your computer cause i have teh same things but i fixed all of teh pop ups and everything the red X is still there and the pos files but everything runs fine and if you still havent fixed download kaspersky security suite or the anti virus then download ccleaner and if it doesnt run correctly still i would guess formatting you computer would probably do something unless you cant or dont or have very important stuff on there
And don's take my advise if you dont want to this is just how i fixed mine i didnt reformat it but i am not a trained pro at computers or any of that i know more than a lot of people but i mess up a lot also
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
