Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Current invasion of spyware/viruses

Started by irocstang , Jan 16 2007 02:53 PM

  • Please log in to reply

#16
coachwife6
Posted 25 January 2007 - 02:55 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
yes, I went out of town on business for two days in a row and I apologize.

have you backed up all your data? Is this the worst it has gotten or did it get really bad after a certain step?

Run through this, then retry it

Click start then run, type prefetch then press enter, click edit then select all, right click any file then click delete, confirm delete

Click start, all programs, accessories, system tools to run disc clean up, then from system tools, run disc defragmenter.

Click start then run, type sfc /scannow then press enter, you need the XP CD

Windows File Protection will show a blue onscreen progress bar, when the bar goes, reboot

If you do not have an XP CD you can borrow a same version as was originally installed XP CD, if you downloaded SP2 then you need an SP1 XP CD

Download and install Tune Up 2007 Trial

Run Tune Up Disc Clean Up

Run Tune Up Registry Clean Up

Click Optimize and Improve to run Reg Defrag, which will take a few minutes and need a reboot. You should disable the antivirus programme to run this

Check the anti virus is running after the reboot

After the reboot, click optimize then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot

After the reboot, click optimize then system optimizer to run system advisor
  • 0

Advertisements

#17
irocstang
Posted 25 January 2007 - 03:23 PM

irocstang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
the worst its got is after i preformed the previous steps.

With this prefetch thing do I select all and delete them all? (dont want to peform step without confirmation that this is what i should do)

After I have recieved an ansewer about this i will do it....along with the other steps!

Also my windows xp pro disk is on Vancouver island and im in vancouver going to school so ill have to find one that i can borrow from someone else...unless we can skip that step by doing another step or something

hope to hear from you soon

thanks

R

Edited by irocstang, 25 January 2007 - 03:34 PM.

  • 0

#18
coachwife6
Posted 25 January 2007 - 04:52 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Do you know how to set your system to go back to a date prior to when the problems became increasingly worse?

Go to start - all programs - accessories - system tools - system restore. Go back to a day before things got worse.

Then, I want you to:

Download and install Tune Up 2007 Trial

Run Tune Up Disc Clean Up

Run Tune Up Registry Clean Up

Click Optimize and Improve to run Reg Defrag, which will take a few minutes and need a reboot. You should disable the antivirus programme to run this

Check the anti virus is running after the reboot

After the reboot, click optimize then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot

After the reboot, click optimize then system optimizer to run system advisor
  • 0

#19
coachwife6
Posted 25 January 2007 - 04:52 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
BTW: I am glad you joined GeekU. We always need good helpers. :whistling:
  • 0

#20
irocstang
Posted 26 January 2007 - 01:33 PM

irocstang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
did as you requested (above)

new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:28:50 AM, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5547BC29-2ABE-031F-C54D-2A07E4A2ECB3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VSOS - {4FB26B73-D6E6-4e1f-A8BE-4980D1760EAB} - mscoree.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/229?64ffde1f4a3b4f5cb462afac53f34922
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/230?64ffde1f4a3b4f5cb462afac53f34922
O8 - Extra context menu item: VSOS Business Search - file://C:\Program Files\Verdada\VSOS\Scripts\VSOSBusinessSearchScript.html
O8 - Extra context menu item: VSOS Product Search - file://C:\Program Files\Verdada\VSOS\Scripts\VSOSProductSearchScript.html
O8 - Extra context menu item: VSOS Save - file://C:\Program Files\Verdada\VSOS\Scripts\VSOSSaveScript.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://citymap.nanaimo.ca/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114545663156
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave...gwebinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {ABAB45AD-4D69-4C01-A4A4-DD105F1EAE61} (mgToolbarPub.Toolbar) - http://citymap.nanai...eX/Toolbars.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

please analyse this list and tell me what you want me to do next....
still slow on startup ect

also getting this message on start up:

16bit MS-DOS subystem
C:\PROGRA~1\HP\HPSOFT~1\HPWUSC~1.exe
The NTVDM CPU has encountered an illegal instruction
CS:Odc2IP0112 OP: C78b11f350
would you like to terminate or ignore
I have pressed ignore for now untill i figure out what is safe to do

also after I did the registry defrag on startup i got this error:

Windows could not start because the following files are missing or corrupt:
Windows root>\System32\ntoskrnl.exe
Please re-install a copy of the above files.

I then turned off the computer and then restarted again and it started up finally but slowly.

please get back to me as soon as you have time available
thanks

Edited by irocstang, 26 January 2007 - 01:45 PM.

  • 0

#21
coachwife6
Posted 27 January 2007 - 12:01 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5547BC29-2ABE-031F-C54D-2A07E4A2ECB3} - (no file)

O3 - Toolbar: VSOS - {4FB26B73-D6E6-4e1f-A8BE-4980D1760EAB} - mscoree.dll (file missing)

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Reboot.

You will need your XP disc. I don't believe your problem is malware-related at the moment. I believe you have some other program problems.

Click start then run, type prefetch then press enter, click edit then select all, right click any file then click delete, confirm delete

Click start, all programs, accessories, system tools to run disc clean up, then from system tools, run disc defragmenter.

Click start then run, type sfc /scannow then press enter, you need the XP CD

Windows File Protection will show a blue onscreen progress bar, when the bar goes, reboot

If you do not have an XP CD you can borrow a same version as was originally installed XP CD, if you downloaded SP2 then you need an SP1 XP CD

Download and install Tune Up 2007 Trial

Run Tune Up Disc Clean Up

Run Tune Up Registry Clean Up

Click Optimize and Improve to run Reg Defrag, which will take a few minutes and need a reboot. You should disable the antivirus programme to run this

Check the anti virus is running after the reboot

After the reboot, click optimize then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot

After the reboot, click optimize then system optimizer to run system advisor.
  • 0

#22
irocstang
Posted 27 January 2007 - 11:23 AM

irocstang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
well i did everything you said up to defraging under accessories/system tools. It started to defrag. I went out for awhile to do some stuff and when i returned I realized my problems had gotten worse:

It was at a blue screen that said something like the following. Windows did not or could not totally defrag. Then something about a physical memory dump.

After I rebooted nothing happened just a clicking in my hard disc following by CHDisk which came up with several errors and said i was missing a file and i would need to install that file for windows to work. I then turned it off as i was getting quite upset.

This morning i turned it on and hit space bar a few times and set windows to the last good working configuration or something. Windows managed to come up finally but was slow and not working properly at all errors, this and that programs not starting, start up menu failing, internet not working. I then fiddled with it and turned it off and on a few times and finally got into windows where it would allow me to do some stuff. I thought I should do a quik system restore backt to right around the time I started to mess with stuff (god oh god). System went about its thing and when it went to restart it kept loading then rebooting time after time. I then powered down and started skipping CHDisk. When i got to the desktop It said system restore failed for some reasons like corrupt files. I then restarted again, skipped CHDisk and got to the desktop. Now everything is working half ok. Weird. Im thinking maybe i should just back up my files now, then reformat and install windows xp home.

What are your thoughts?
I have 3 hard disks. C:\ has the OS. The other 2 are for storage of files. Can I make a buckup of files I need on one of the not OS disks and have them there after a reformat of C:\ with XP home on it?
Also Can I use my copy of windows xp home that came with my laptop on my home pc?

Please let me know about all above before my computer blows up! Thanks again
R
  • 0

#23
coachwife6
Posted 27 January 2007 - 12:18 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I would definately back everything up. And I would reformat. You have problems unrelated to malware. It may have started out with malware but I don't know what problems were caused by the malware and what steps were taken before you came here. Malware is my area in which I am most familiar and I am not able to sufficiently answer your questions with the utmost confidence.

You can start a new thread in the windows 2000/xp forum and explain your problem and provide a link to this thread. I will keep this thread open, that way the expert in the xp forum can assist you and we can provide input if need be.

Good luck.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP