Computer Hope
Software => Computer viruses and spyware => Topic started by: jpfenski on July 21, 2005, 09:33:30 AM
-
OK. My problems first began when a few days ago I booted up my computer
for the first time in a while, as I usually hibernate the system at
night and dont do a full shut down. I found that windows XP would not
boot and I ran Checkdisk using the Windows Recovery Console. The system
then booted fine except that I had no taskbar and my icons were locked
on the screen (immovable). System Restore says it cannot protect my
computer, I cannot load windows Search function, I have very limited
copy/paste abilities (only notepad text will function, and I cannot
move any files). After some playing with the taskbar properties I was
able to show the bar at the bottom; however, minimized windows show
above the taskbar and not in it as usual. The system still takes an
inordinate amount of time to load windows at startup. I have ran Avast,
Grisoft AVG, Ewido, Xoftspy, Registry Mechanic, Registry Fix, Malware
Remover, PCBugDoctor Ad-Aware, Spybot, CCleaner, Mcaffee Stinger, Ace
Utilities Etc; all failing to fix my problem. I have been searching
throughout the internet for days trying to figure out just what has
infected my computer. I tried the Smitrem file and that also failed. I
looked at my HiJack This log and cannot see anything unusual. Im hoping
someone can help me as Im out of ideas.
BTW: whatever has infected my system is also preventing me from running
online scans such as Panda and Trendmicro.
Logfile of HijackThis v1.99.1
Scan saved at 11:26:27 AM, on 7/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\John Fenski\Desktop\framxpro\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\John Fenski\Desktop\Desktop Shortcuts\Internet and Security Programs\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\John Fenski\Desktop\framxpro\FreeRAM XP Pro 1.40.exe" -win
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Virus scanners
AVG Free (http://free.grisoft.com/doc/1)
-- Anti virus scanner
Anti spy/malware
Microsoft Antispyware (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en)
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy (http://www.safer-networking.org/en/mirrors/index.html)
-- Anti spyware scanner
Adaware SE Personal (http://www.lavasoftusa.com/software/adaware/)
-- Anti spyware scanner
Firewalls
Using only one firewall is advised. Dual firewalls may cause problems.
Using a hardware firewall and a software firewall is even more adviced.
ZoneAlarm Free (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp)
-- Free firewall - more user friendly
Sygate Personal (http://smb.sygate.com/products/spf_standard.htm)
-- Free firewall - more configuration options
Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind
HijackThis (http://www.merijn.org/files/hijackthis.zip)
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger (http://vil.nai.com/vil/stinger/)
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder (http://www.intermute.com/spysubtract/cwshredder_download.html)
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.
-
Missed spysweeper......from webroot......i would boot pc hold down the f8 safe mode and scan from there......and disconnect from the net while running any scans.......most virus/trojans/worm hide in system restore and windows make it worst by backing the files up..... my system restore feautre has never been used.....its disabled...my choice i may add!
-
tried spysweeper with no positive result.
-
jpfenski.....Just read your post...and I would try this ......
reboot into safe mode .......then turn off system restore .
then run your scans from there starting with your anti virus ..........
BTW ...your hijackthis log file is clean.......
let us know
dl65 ::)
-
I dont think i can turn off system restore bc when i try to load the program it tells me that "system restore cannot protect your computer. please reboot and try to run system restore again" no matter how many times i reboot, safe-mode or not.
i cannot enter system restore to make any changes whatsoever.
-
jpfenski.......Ok .......can you fully boot up in safe mode ?
If you can ...have you tried to run your anti virus from safe mode ?
Do you know if your system restore is turned on or off?
Do you have a floppy drive on your pc ?
dl65 ::)
-
I can fully boot up in safe mode. I ran antivirus in safe mode and saw no difference in detection.
I have no idea if my windows restore is on or off it simply says that system restore cannot protect my computer and to resatart.
I do have a floppy.
-
jpfenski....Ok .....Click ......START/ALL PROGRAMS/ACCESSORIES/SYSTEM TOOLS/SYSTEM RESTORE .........when the restore window opens click on " SYSTEM RESTORE SETTINGS" .......System properties will be displayed .......click on the system restore tab............ In the little square box , is there a check mark ? If there isn't one it's turned on and if there is one it's off ........ It should be off the do the scans ........
We will deal with the floppy after you reply to this post .
dl65 ::)
-
system restore will not open at all.
-
If you need to disable system restore, you can also do it by taking these steps:
1. Start
2. Run
3. Type services.msc
4. Right click on system restore-service
5. properties
6. Startup type: disabeled
System restore will now be disabeled.
-
John you could also do this >...http://www.michaelstevenstech.com/XPrepairinstall.htm
Unplug the pc from the net if you are going to do the above.......Is this desktop/laptop?
-
when i right click and select properties nothing happens. i cannot change anything in the services.
same goes for local security as i tried to disable the "ctrl-alt-del" at startup procedure. whatever has infected my desktop is probably blocking my ability to change anything in here.
-
Something else to do in the cmd prompt:SFC - System File Checker - (SFC /Scannow)
/SCANNOW
Scans all protected system files immediately.
/SCANONCE
Scans all protected system files at the next boot.
/SCANBOOT
Scans all protected system files at every boot.
/REVERT
Windows XP: Return to default settings.
Chdsk /r <did you try it?
-
ran chkdsk and scannow. no change in my problem. i think the infection is blocking scripts bc neither trendmicro housecall nor panda activescan will work from the web.
-
John did you have a look at this >...http://www.michaelstevenstech.com/XPrepairinstall.htm
Or type this in the run box regsvr32 /i shell32 it should bring all the folders etc back......
-
how much of a risk do i run of losing my personal files if i do a repair installation? i ask bc i have no ability to manipulate my files in anyway besides deleting them so i cannot back anything up...
-
i ran "segsvr32 /i shell32" to no effect. not actually sure what you meant bye "it should bring all the folders back"?
-
Commands key words are......chkdir reg recover<typed after the cmd propmt> if these fail, the regestry is badly damaged/corupted.and the only options are repair xp or reinstall it again!.....Have you tried using the short cut keys on the keyboard to safe data to disks.......is this a laptop//or desktop ?a bad hard drive may also cause the problem you have?And load of schools of thoughts on a parallel winxp install>http://www.windowsreinstall.com/winxppro/installxpwindowsparallel/indexfullpage.htm
-
im not sure what you would want me to try with the "chkdir" "reg" "recover" commands...
And this is a desktop. and i doubt it is a damaged harddrive, only because of symptoms such as script blocking, crippeling of explorer, etc...
-
ok forget the last idea........try this one Start / Run / rundll32 setupwbv.dll,IE6Maintenance and chose the repair option
-
the window comes up but i cannot select any options...they are all muted and i cannot select any of the three.
-
Do you have any virus scanning software??on disks....if you have run em and disconnect from the net.........your options are running out......re-install the o/s or repair it..