[Lilz]

I have a serious problem that I hope someone may be able to help me with please. I am not a techie, but can understand a lot of "PC Speak!"

Running Windows XP Home Edition on Dell - has been fine for over a year now.

For a start, here is a list of things we cannot do - just incase any of you may have some ideas/answers:

Cannot boot up in Safe Mode - get BSOD (blue screen of death)
Cannot download any security updates from Microsoft without an error
Cannot run or install AVG or Zone Alarm or anti-virus and Firewall software except SpyHunter and RegClean.
Cannot run or install HighJack This to get a system log
Cannot run any "fix pc" type software like CClean.
Cannot run check hard disk thingy from DOS without a crash.

AVG and Zone Alarm were running fine a couple of days ago, then I downloaded some files from Emule - right clicked them to scan with AVG as I always do with all files I download. One had a virus so I deleted it without opening it. Next thing AVG and Zone Alarm had vanished from my system tray. I ran that virus check on Symantec and it said we had "Zlob" and "Beagle32". I manged to get a copy of SpyHunter and that installed and ran and I managed to get rid of everything except msxml3a.dll which was infected with Avenue Media trojan? SpyHunter kept saying that it would remove it on restart but couldn't. I just deleted that file in the end manually.

Now when I run the online virus check on Symnatec (did it again this morning) - no virus found. SpyHunter finds nothing too - except the odd cookie thingy as we are having to browse the net with no security.

I run Uniblue Registry Booster 2 and it has a gazillion errors. It fixes them and I restart PC - run it again and if finds 3-4 more and I do this over and over! I have found a file called ctfmon.exe that was always running at startup. If I disable it - it returs. I cannot delete it because when I do - it returns instantly. I have researched this file and understand that it is "supposed" to be a Microsoft Language file, etc. But this one is definately a virus file.

Every time I try and run any kind of antivirus software - the PC comes up with an error (not a valid WIN32 application) and closes the program. I am convinced we have a virus that is monitoring EVERYTHING we do via IE and is stopping me from fixing the problem.

Hubby says that next steps are to completely wipe the system - I was hoping to beat this problem without doing that.

Any help would be brilliant! I understand that you may not be able to do much without a HijackThis log - but I cannot run that software!

Thanks so much!

Lilz

Edited by Lilz, 15 March 2008 - 08:54 AM.

[Advertisements]

a backup your data and a clean install isn't a bad idea...BUT you could also try repairing xp so you don't have to tweak all the settings and reinstall your software...the how to is here..
you should still backup all your data whichever you chose to do...

[happyrock]

a backup your data and a clean install isn't a bad idea...BUT you could also try repairing xp so you don't have to tweak all the settings and reinstall your software...the how to is here..
you should still backup all your data whichever you chose to do...

[Lilz]

Thanks very much for your reply - I will show it to my husband tomorrow when he returns. We have XP Home Edition on this PC - we didn't have an XP disc from Dell so he is bringing home one from work, but that is XP Pro - will that work OK even though we have XP Home please?

I was hoping to try and remove that ctfmon.exe manually - any ideas or is that just the least of my problems?

Thanks so much.

[Lilz]

Just an update - I managed to run a checkdisc on my hardware - it took ages but I am assuming it was OK as when I came back to look at it it had finished and had restarted my PC!

Any other ideas how to run a software check without having to download and install software to do this please?

[happyrock]

We have XP Home Edition on this PC - we didn't have an XP disc from Dell so he is bringing home one from work, but that is XP Pro - will that work OK even though we have XP Home please?

nope...has to be the same flavor of xp...borrow one from a friend...
when you ran chkdsk did you use the... /f or the /r option

[Lilz]

I read another post on this forim that said to right click on the c drive and go to properties, tools, blah..... Did it that way on restart.

I just ran FixIEDEF.exe also found on this forum and got this log file:

********************************************************************************
* *
* FixIEDef Log *
* Version 1.2.10.3145 *
* *
********************************************************************************

Created at 17:10:13 on Saturday, March 15, 2008

Time Zone : (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Operating System : Microsoft Windows XP Home Edition
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\Uninstall.ico

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

Any help? I could really do with running HijackThis I guess

[happyrock]

as for ctfmon

Microsoft Windows 2000 and Microsoft Windows XP:
1. Quit all Office programs.
2. Click Start, point to Settings, and then click Control Panel. NOTE: In Windows XP, click Start and then click Control Panel.

3. In Control Panel, double-click Add/Remove Programs.NOTE: In Windows XP, click Add or Remove Programs.

4. In the Currently installed programs list, click to select Microsoft Office XP product, where Office XP product is the name of the specific Office product being used. If you are using a standalone version of one of the Office programs, click to select the appropriate product in the list. Click Change.
5. In the Maintenance Mode Options dialog box, select Add or Remove Features, and then click Next. This displays the Choose installation options for all Office applications and tools dialog box.
6. Click the plus sign (+) next to Office Shared Features to expand it.
7. Click the icon next to Alternative User Input, and then select Not Available.
8. Click Update.
NOTE: If you have multiple Office XP products installed, for example, Office XP Professional and Publisher 2002, you must repeat the preceding steps for each installed product.
Step 2: Remove Alternative User Input Services from Text Services
1. Click Start, point to Settings, and then click Control Panel.
2. In the Control Panel, double-click Text Services.NOTE: In Windows XP, click Date, Time, Language, and Regional Options, and then click Regional and Language Options. On the Languages tab, click Details.

3. Under Installed Services, select each input item that is listed, and then click Remove to remove the item. All items must be removed, one by one, except the following input service:
English (United States)- default Keyboard United States 101
Step 3: Run Regsvr32 /U on the Msimtf.dll and Msctf.dll Files
1. Click Start and then click Run.
2. In the Run dialog box, type the following command:
Regsvr32.exe /u msimtf.dll
3. Click OK.
4. Repeat steps 1 through 3 for the Msctf.dll file.


Please go to the malware forum Start HERE....

That will help you clean up 80 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then start a new topic in the MALWARE FORUM forum here...
if you can't run any of those programs ...post a hijackthis log with the topic title CAN'T RUN ANY OF THE TOOLS at the second link...

Edited by happyrck, 15 March 2008 - 12:40 PM.

[Lilz]

Edited!

Edited by Lilz, 15 March 2008 - 12:38 PM.

[happyrock]

Just ran a hijack thingy from WinPatrol!!!!! Sorry if this is the wrong thread - but I need to keep all this info together in one thread if that is OK please

sorry..the logs have to go in the malware forum...
please use the the edit button and delete your log

Edited by happyrck, 15 March 2008 - 12:37 PM.

[happyrock]

...thanks

[Lilz]

Done! Sorry I am new to Forums - especially one as high tech and well run as this one! Thanks for your help