Search:

registering srchui.dll didn't seem to fix it.

However, I found this article http://support.microsoft.com/?kbid=831430 that said to Re-register Jscript.dll. That seems to have fixed the issue....

All the major problems seems to be resolved now thanks!

The only two minor things I have left, is the "blank search panel" and fixing windows update (which is currently disabled because of the...

says text/file was to big, zipped and attached

tool ran as described and appears to have cleaned up the registry entries.

PC now boots up much faster (basically no wait now between "black windows logo" screen and "blue windows starting up"...

done http://thespykiller.co.uk/index.php/topic,9047.new.html#new

found it, but get error when trying to upload it to bleeping computer site. Could it be size? original file is 79M, zipped file is still 11M.

correction, the file I found was c:\windows\system32\config\system

The directory c:\windows\system32\erdnt\ does not exist... do I need to create a registry backup first??

The only "system" file I found under c:\windows\system32\ was...

submitted packed file...

able to boot to safe mode, but GMER still behaves the same. Starts automatically and runs VERY slow scanning thorugh HKLM\System\CurrentControlSet\... and does not...

Volume in drive C has no label.
Volume Serial Number is 24FD-74B7

Directory of C:\WINDOWS\system32\drivers

12/29/2009 11:55 AM <DIR> .
12/29/2009 11:55 AM <DIR> .....

Malwarebytes' Anti-Malware 1.42
Database version: 3450
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/29/2009 12:36:08 PM
mbam-log-2009-12-29 (12-36-08).txt

Scan type:...

came back... not sure when (as pc doesnt get reboot all the time) but noticed it last night. re-ran registry script from my previous replies and it cleared up the problem again (shuts down ok, still...

note, contains three different boot ups... two on 12/22 and a third this morning on 12/29.

sorry, lots of family Christmas celebrations recently, so haven't been able to look further, will do more this afternoon. Thanks for your patience

restarted GMER and got blue screen of death...

running, but very slow, 3-4 hours now. still cycling through SYSTEM\CurrentControlSet\Services\nnnnnnnn.sys and getting progressively slower as it goes up to 943448b6.sys and so slow its not...

Was able to get a bit of boot information (pick the "enable boot logging" from the boot menu ...duh /chuckle)

Anyway, there are a couple hundred (thousand??) lines like this... that seem very...

OK, running the script above definitely fixed the slow shutdown. PC shut's down quickly now with no errors.

Still takes a very long time to boot up (sitting at a black screen for ~2 mins doing...

Kaspersky shows clean now... Still need to try the DCOM fixes (was waiting for kaspersky to finish) will post how it comes out.




KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday,...

running a really long time, wife had to kill it to do some work on PC. will re-run it overnight tonight.

Did find some info on the DCOM errors, seems to be related to windows automatic update.
...

So it still takes the PC a long time to reboot. 12 minutes just now.....


Click "shutdown on menu... between ~2 minutes before the "standby, turnoff, restart" pop-up comes up.

Then UI...

DDS (Ver_09-12-01.01) - NTFSx86
Run by Trica at 13:25:21.48 on Sun 12/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.498 [GMT -5:00]
...

ComboFix 09-12-19.03 - Trica 12/20/2009 12:13:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.456 [GMT -5:00]
Running from: c:\documents and settings\Tony\My...

blue screen of death this time ..... but I had not disabled McAfee.. have done so now and restarted GMER

There's no chance for me to "uncheck" anything in GMER. It starts executing scan as soon...

GMER started scanning as soon as I clicked the .exe file, ran for a very long time. When I came back pc was non-responsive and I had to cycle power. found this in the event log....


Event...

thank you thank you :)

Here are DDS files. GMER still running...

Detect.Txt
---------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Trica at 10:19:06.62 on Sat 12/19/2009
Internet Explorer:...

Suspect that wife's PC is infected now... (this forum was very helpful in fixing problems I had a year or two ago.. thank you thank you)

Symptoms: very slow startup/shutdown, blue screen when...

Looks good, no symptoms at all currently.

Thanks ever so much!

Ran OTMoveit and rebooted
Ran ATF-Cleaner
Turned off System restore, rebooted
Turned system restore back on.

Looks to be clean? Do you need any additional logs?

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2788 (20080113)...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:10 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
...

Combo fix log from above CFScript.txt file

ComboFix 08-01-11.1 - Tony Bailey 2008-01-13 16:02:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -5:00]
Running...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:32 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
...

Combofix logs after running with above CFScript.txt:

ComboFix 08-01-11.1 - Tony Bailey 2008-01-13 15:10:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.693 [GMT -5:00]...

downloaded and ran combo fix, log below

ComboFix 08-01-11.1 - Tony Bailey 2008-01-11 18:09:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT -5:00]
Running...

I am seeing a couple symptoms at the moment

Duplicate running processes with space in name (like "TeaTimer.exe" and "TeaTimer .exe" below
Periodicly internet explorer opens to random pages
...

Scan was too long so cut out most of the "restore point" infection lines
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday,...

Definitely infected, and would appreciate help.

Symptoms:
- internet explorer randomly starting up a new window
- several processes listed twice in process viewer and second copy had a space...