-
December 11th, 2008, 06:02 PM
#1
XP Home probem
My girl freinds computer became badly fouled last week after some questionable internet activity with her kids. I cleaned out over 350 nasties and did a repair install. The system worked fine for a few days, then she started having problems with internet explorer. It would navigate to her home page ok, but if you tried to use favorites to navigate the progam would just flash her home page then go blank ( including the tool bars ) then her home page would reappear then the same thing over and over until I tried to shut it down at which point the program would become unresponsive and ctl alt delete was needed to shut it off. So I did another repair install. I am at the point of reinstalling windows and I am getting an error message that reads:
The FILE ' asms' on windows XP Home Edition Service pk2 is needed
Type the path where the file is located, and then click ok
In the bar below that the path given as follows:
Global Root \ Device \ CDROM \
Copy files from 1386
I click ok and it does nothing.
I want to reformat the thing but she says no because the files I asked her to back up 2 weeks ago still have not been done and I cannot finish the repair install until this obstcal is resolved. There afew other issues but I will get to that when the repair install is complete. thanks.
ps the cdrom drive is not there I tried to uninstal the driver and reboot. It worked untill the point I am at, but now I am not sure. This thing is so fouled, i think a clean install is in order. Again thanks!
Happiness is a journey, not a destination. So work like you don't need money, Ride like you've never crashed, and dance like no one's watching!!!!!
-
December 11th, 2008, 06:41 PM
#2
-
December 11th, 2008, 07:04 PM
#3
cd rom works fine, when I booted from the cd rom and attempted a repair install. I made it to the point of installing windows (repair install). that is where I get the error message. I cannot access the internet with it. thanks
Happiness is a journey, not a destination. So work like you don't need money, Ride like you've never crashed, and dance like no one's watching!!!!!
-
December 11th, 2008, 07:16 PM
#4
You could try copying the I386 folder form the CD to an I386 folder on the hard drive, and then pointing the request for files there.
-
December 11th, 2008, 07:23 PM
#5
Thats an idea but the cd rom works up to the point off installing windows then quits. I have never seen a computer do ths before. thanks unless ''i could use my computer to do this.
Happiness is a journey, not a destination. So work like you don't need money, Ride like you've never crashed, and dance like no one's watching!!!!!
-
December 11th, 2008, 07:36 PM
#6
It could be a bad spot on the CD also. If you can copy the CD contents to the hard drive, that should work. Or, it might get an error when attempting to copy some files.
-
December 12th, 2008, 12:08 AM
#7
Ask problem
No I didn't use a cd. The search just appeared with Ask as the default search. I have been able to type in a word into my address line in IE and it would search with google as the search engine. But, all of a sudden it started coming up with the page showing Ask as the searcher. I do not like the page that Ask presents. I rather have the Google or yahoo back as my searcher. I have tried everything in the book to change it back even to going back several days and doing a system restore but it is still there, so I just went back to last night where I had included the google tool bar but it still didn't work. Of course it will if I type in the google page but I am use to typing into the address bar at the top of IE page.
-
December 12th, 2008, 06:43 AM
#8
Originally Posted by texan
No I didn't use a cd. The search just appeared with Ask as the default search. I have been able to type in a word into my address line in IE and it would search with google as the search engine. But, all of a sudden it started coming up with the page showing Ask as the searcher. I do not like the page that Ask presents. I rather have the Google or yahoo back as my searcher. I have tried everything in the book to change it back even to going back several days and doing a system restore but it is still there, so I just went back to last night where I had included the google tool bar but it still didn't work. Of course it will if I type in the google page but I am use to typing into the address bar at the top of IE page.
In Internet Explorer 7, click Tools | Internet Options | General tab. In the "Search" section, click the Settings button, then click the "Find more providers..." link (bottom left).
-
December 12th, 2008, 11:47 AM
#9
Thanks for the information. I did that and put in google. But when I typed in the main url it still came up with the Ask page. I then typed in the far right google blank and it worked. Why did it change to where I can't type into the main address blank? I had not changed it mysself it just appeared one day lately. Is it possible that it came with one of the windows updates and is there anyway of removing the Ask as a search? I keep my page on "Blank" until I decide where I want to go, and then click on my favorites or type in my search.
-
December 12th, 2008, 09:16 PM
#10
Originally Posted by texan
... is there anyway of removing the Ask as a search?
Go back into IE's Search Settings (see above), click "Ask" in the list of "Search Providers", then click the "Remove" button.
-
December 13th, 2008, 01:09 AM
#11
Ask problem
Still comes up with Ask as the searcher.
-
December 13th, 2008, 08:47 AM
#12
Download, install and run HijackThis:Then post the resultant HijackThis.log file.
-
December 13th, 2008, 02:23 PM
#13
I had just finished doing the Trend and will send you the picture of it. It seems that is isn't finished yet but I didn't necessarily want to take out my Microsoft Word 2000. I will just close the page and do the Trend Micro Hijack and see what happens there.(as it doesn't seem to be doing anything about finishing the process) Thanks for being so patient with me and the problem.
Last edited by texan; December 13th, 2008 at 02:59 PM.
Reason: how to send picture of my page in this mail to you?
-
December 13th, 2008, 02:56 PM
#14
How to run HijackThis and post the resultant "hijackthis.log" file here on VirtualDr:- When you first start HijackThis, you'll probably see a screen with six buttons. Click the one at the bottom labeled "None of the above, just start the program".
Note: You can disable this opening screen by deselecting the "Show this window when I start HijackThis" option at the bottom.
- You're now looking at a blank HijackThis screen. Click the "Scan" button down near the bottom left.
Note: It can take a minute or two for HijackThis to scan your system. Exactly how long depends on how much needs to be scanned and the speed of your system.
- When HijackThis is finished scanning your system, the "Scan" button is now labeled "Save Log". Click it, and then the "Save" button in the "Save logfile..." window that pops up.
Note: If you have saved another hijackthis.log file in the same location on your hard drive, you will be prompted if you want to overwrite. Click Yes.
- Notepad will now pop up with your "hijackthis.log" in it. Press [Ctrl]-[A] (or click Edit | Select All) to copy it into memory on your computer.
Note: Make sure "Word wrap" is disabled (unchecked) in Notepad. Click "Format" to see. If it's checked, click it to uncheck it.
- Back here on VirtualDr, start a "Post Reply" to this thread. Click once inside the "Message" box and then press [Ctrl]-[V] (or click Edit | Paste in your browser). This will paste what you copied to memory on your computer into the Message box.
- Add any other comments you like to the message and click the "Submit Reply".
- Close HijackThis and Notepad.
Last edited by SpywareDr; December 13th, 2008 at 03:24 PM.
-
December 13th, 2008, 03:19 PM
#15
Trend Micro Hijack report
Logfile of Trend Micro HijackThis
v2.0.2
Scan saved at 1:14:34 PM, on
12/13/2008
Platform: Windows XP SP3 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Java\jre1.6.0_07\bin\jusched.ex
e
C:\Program
Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark
X74-X75\lxbbbmgr.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.E
XE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program
Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark
X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32
X86\3\E_FATIBIA.EXE
C:\Program
Files\MusicMatch\MusicMatch
Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program
Files\AGI\common\win32\PythonService.
exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnas
vc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\m
cproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.
exe
C:\Program
Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.
exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkI
d=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkI
d=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkI
d=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkI
d=69157
R3 - URLSearchHook: AGSearchHook
Class -
{0BC6E3FA-78EF-4886-842C-5A1258C4455A
} - C:\Program
Files\AGI\common\agcutils.dll
O2 - BHO: (no name) -
{089FD14D-132B-48FC-8861-0048AE113215
} - C:\Program
Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AGSearchHook Class -
{0BC6E3FA-78EF-4886-842C-5A1258C4455A
} - C:\Program
Files\AGI\common\agcutils.dll
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA578C2EBDC3
} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHel
perShim.dll
O2 - BHO: ZKBho Class -
{56071E0D-C61B-11D3-B41C-00E02927A304
} - C:\Program Files\Zero
Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43
} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy -
{7DB2D5A0-7241-4E79-B68D-6309F01C5231
} - C:\Program
Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) -
{9AA2F14F-E956-44B8-8694-A5B615CDF341
} - (no file)
O2 - BHO: Google Toolbar Notifier BHO
-
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D
} - C:\Program
Files\Google\GoogleToolbarNotifier\4.
1.805.4472\swg.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC
} - c:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: &Zero-Knowledge Freedom
-
{FA91B828-F937-4568-82C1-843627E63ED7
} - C:\Program Files\Zero
Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: McAfee SiteAdvisor -
{0BF43445-2F28-4351-9252-17FE6E806AA0
} - C:\Program
Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run:
[SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.ex
e"
O4 - HKLM\..\Run: [SiteAdvisor]
C:\Program
Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [S3apphk]
S3apphk.exe
O4 - HKLM\..\Run:
[RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.E
XE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2]
C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp]
c:\hp\drivers\printers\photosmart\hph
prld.exe
c:\hp\drivers\printers\photosmart\set
up.exe -d
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [Lexmark X74-X75]
"C:\Program Files\Lexmark
X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.E
XE /h
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service]
C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [mcagent_exe]
"C:\Program
Files\McAfee.com\Agent\mcagent.exe"
/runkey
O4 - HKLM\..\Run: [McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe
/hide
O4 - HKLM\..\Run: [EPSON Stylus
CX6000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32
X86\3\E_FATIBIA.EXE /FU
"C:\WINDOWS\TEMP\E_S118.tmp" /EF
"HKLM"
O4 - HKLM\..\Run: [mmtask]
"C:\Program
Files\MusicMatch\MusicMatch
Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program
Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices:
[RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.E
XE
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
1
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\Go
ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works
Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS]
"C:\Program
Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [EPSON Stylus
CX6000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32
X86\3\E_FATIBIA.EXE /FU
"C:\DOCUME~1\Owner\LOCALS~1\Temp\E_SD
6.tmp" /EF "HKCU"
O4 - .DEFAULT User Startup:
AutoPlay.exe (User 'Default user')
O4 - Startup: Webshots.lnk =
C:\Program
Files\Webshots\Launcher.exe
O4 - Global Startup: Update
Concourse.lnk = C:\Program Files\Book
Systems, Inc\Concourse\ConcUpdt.exe
O4 - Global Startup: Update eZcat.lnk
= C:\MLSROOT\MLS\eZcUpdt.exe
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501
} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501
} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MktBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA
} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser
_Launch.xpy
O9 - Extra 'Tools' menuitem:
MarketBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA
} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser
_Launch.xpy
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21
} - c:\Program Files\Microsoft
Money\System\mnyviewer.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583
} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583
} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program
Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683
} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
@C:\Program
Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683
} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF:
{03F998B2-0E00-11D3-A498-00104B6EB52E
} (MetaStreamCtl Class) -
http://www.viewpoint.co.kr/vet_instal
l/MetaStream3.cab?url=http://www.sams
ung.com/Products/Monitor/LCD_Digital/
web3d/931BF/page_931bf.html
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700
} (Windows Genuine Advantage
Validation Tool) -
http://go.microsoft.com/fwlink/?LinkI
D=39204
O16 - DPF:
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB
} -
http://ak.imgfarm.com/images/nocache/
funwebproducts/ei/PopularScreenSavers
FWBInitialSetup1.0.0.15.cab
O16 - DPF:
{3D3BF1F8-9696-4A5E-B4F1-49101C997B70
} (VaxSIPUserAgentCAB Control) -
http://labs.jaduka.com/VaxSIPUserAgen
tCAB.cab
O16 - DPF:
{49232000-16E4-426C-A231-62846947304B
} (SysData Class) -
http://ipgweb.cce.hp.com/rdqcpc/downl
oads/sysinfo.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C
} (WUWebControl Class) -
http://update.microsoft.com/windowsup
date/v6/V5Controls/en/x86/client/wuwe
b_site.cab?1119620172712
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3
} (MUWebControl Class) -
http://update.microsoft.com/microsoft
update/v6/V5Controls/en/x86/client/mu
web_site.cab?1125700384875
O16 - DPF:
{9522B3FB-7A2B-4646-8AF6-36E7F593073C
} (cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/405
8/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF:
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF
} (Live365Player Class) -
http://www.live365.com/players/play36
5.cab
O16 - DPF:
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7
} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.
com/products/acrobat/nos/gp.cab
O23 - Service: AG Windows Service
(AGWinService) - Unknown owner -
C:\Program
Files\AGI\common\win32\PythonService.
exe
O23 - Service: getPlus(R) Helper -
NOS Microsystems Ltd. - C:\Program
Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service
(gusvc) - Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: LexBce Server
(LexBceS) - Lexmark International,
Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services
(mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent
(McNASvc) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnas
vc.exe
O23 - Service: McAfee Scanner (McODS)
- McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service
(McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\m
cproxy.exe
O23 - Service: McAfee Real-time
Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.
exe
O23 - Service: McAfee SystemGuards
(McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.
exe
O23 - Service: McAfee Personal
Firewall Service (MpfService) -
McAfee, Inc. - C:\Program
Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper
Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name)
-
http://groups.msn.com/_Secure/0aQAsA8
UhGBD*veMdy2fBS1Q11VTYVrhmCxDzhJ6onrU
EvKXRWZE00xCTXNfGmUI*OqrIQ*Vbm7!eZscz
Sk1Skl8lZuKvsgG*o0RI36Mi0FPOKnCTowSCI
RVu06k4yYQOhvFrQtiYCtIpliKDRy4WSg6vnb
0iVnCF/New%20pieceJan2005.JPG?dc=4675
508496003781131
--
End of file - 11028 bytes
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|