| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 108362 | 2010-03-25 10:36:00 | Hal.dll error help | Rahotep (14854) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 870029 | 2010-03-28 00:09:00 | Hi again, Thanks for the great responses. I will look into doing all of your suggestions after lunch. A couple of notes though: I already had an updated Spybot S&D on the PC and have scanned it several times. All is clear in this regard. Also, CCleaner has been run on the PC too and has done its cleaning yet there still seems to be a mass of temp files (and the recycler issue as mentioned before) in the girl's logon. Is this because CCleaner cannot access her recycle bin and her temporary folders etc or is there some other issue I am missing? Her logon has a password if this affects it at all. I am on the admin account on the PC though. Thanks again, will update with results as I continue. |
Rahotep (14854) | ||
| 870030 | 2010-03-28 00:16:00 | Use malwarebytes instead. No CC should remove temp files and files from the recycle bin. Thats what its for. Remember to close browsers first. If more than 1 user logs in, you'll have to login to each then run ccleaner | Speedy Gonzales (78) | ||
| 870031 | 2010-03-28 01:05:00 | Is this because CCleaner cannot access her recycle bin and her temporary folders etc or is there some other issue I am missing? NO you are missing nothing, just the programs are not as good as some my think - they do have faults - nothing is perfect. Malwarebytes & Ccleaner -- wouldn't use just them - while they are OK they do miss plenty. You NEED combinations of programs. Classic examples: Customers PC on Friday cleaning out infections -- Ran malwarebytes, removed some infections,( from memory about 30 odd) ran super antispyware and Spybot directly after and between the two, removed a further 283 infections and 7 rootkits that malwarebytes missed. Ccleaner-- same thing, ran it, cleaned out the general rubbish, unhide the temp file in the user account as I mentioned before, and what do you know :rolleyes: 400+ MB of crap it didn't remove. I see those sorts of results almost daily. The malwarebytes log even proves it in both cases: C:\Documents and Settings\Morgan\Local Settings\Temp\Saf40D.tmp\install_flash_player.exe (Trojan.Downloader) -> No action taken. WHY didn't either program clean it ???????? Edited: last few times I have run Spybot ( never been on the PC) it asked to remove those temp files before scanning, and this is after Ccleaner had been run. |
wainuitech (129) | ||
| 870032 | 2010-03-28 02:32:00 | Hi again, I have just completed following all the advice given in the past few posts. The only thing I didn't do was to delete M1000Rmv.exe mentioned by Speedy Gonzales as you put 'whats this' above it so I wasn't really convinced you actually wanted me to delete it since it sounded like you weren't sure what it was. As I said apart from that I followed pretty much all advice, deleted the HJT items, uninstalled Norton, ran Superantispyware (9 items + lots of cookies detected/deleted - all of the items were for FunWebSearch). I couldn't find anyway to successfully delete the rest of the temp/recycler files yet (the only one that seemed to work was MalwareBytes but it deletes 1 file at a time, not folders and there's several thousand files in there so this is just not possible. There seem to be conflicting opinions on whether the files can be deleted without me being logged into the other login. So I'm not sure how exactly to resolve that still. Anyway, I avoided restarting until absolutely necessary but have done so now. Sure enough, hal.dll showed up again and I'm rebuilding the boot file again as I type this. Further advice anyone? I'll post another HJT log once up and running again. Then I'll do the sfc /scannow suggestion. Thanks again. |
Rahotep (14854) | ||
| 870033 | 2010-03-28 02:42:00 | Did you uninstall mywebsearch? Uninstall funwebsearch as well | Speedy Gonzales (78) | ||
| 870034 | 2010-03-28 02:51:00 | Neither of them show in the uninstall list, so I couldn't do this. I assume the parts picked up by that last scan were just remnants of the program after the various spyware programs have detected it and they both "appear" to be gone now. PC is up and running again, did a couple of the faster scans and all clear so far. Will post new HJT log in a moment, then run sfc. Thanks again. |
Rahotep (14854) | ||
| 870035 | 2010-03-28 02:59:00 | New HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:55:19 PM, on 3/28/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\WebCam\M1000\M1000Mnt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.nz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Sheryll\LOCALS~1\Temp\isDel.bat" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?7b2e68148d2146b0acd578c28689d203 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?7b2e68148d2146b0acd578c28689d203 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing) O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Morgan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - www.bebo.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - webdl.symantec.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com O17 - HKLM\System\CCS\Services\Tcpip\..\{A6922802-08A6-4AEC-97D6-8480AE87388E}: NameServer = 202.27.158.40,202.27.156.72 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- |
Rahotep (14854) | ||
| 870036 | 2010-03-28 03:00:00 | Try Glary Utilities (http://www.glaryutilities.com/) for the temp files, It does a better job than Ccleaner on them. Just BECAREFUL when installing it, look at each window before clicking next, UNTICK the boxes that say to install Ask.com, then carry on. |
wainuitech (129) | ||
| 870037 | 2010-03-28 03:04:00 | Dont know what the bat file is doing O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Sheryll\LOCALS~1\Temp\isDel.bat" Unless some program put it there That other entry belongs to a cam O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt If this has been uninstalled, then you dont need these O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing) O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing) And you dont need this if you uninstalled it O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) |
Speedy Gonzales (78) | ||
| 870038 | 2010-03-28 03:29:00 | Good news! (touch wood?): just restarted the PC and for the first time since I started looking at it the hal.dll error didn't occur when booting! went straight through to windows. I don't want to jump to positive conclusions just yet though... Speedy, I deleted the extra things you suggested above from HJT. wainuitech, I installed the file shredder of spybot before you'd posted and this seemed to pick up (all?) other temp files, but it could not got at the recycler files still, these seem to be more tricky to get at. So I haven't tried Glary yet (will do so if you guys advise it as necessary still as things develop). New HJT log to follow. |
Rahotep (14854) | ||
| 1 2 3 4 | |||||