Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Followed the guide now i'm lost?


  • Please log in to reply

#1
bcasper916

bcasper916

    New Member

  • Member
  • Pip
  • 3 posts
:) :)

Sorry i know this post is long but i am trying to get as detailed as i can about my nightmare....i recently fell victim to a virus so i ran AVG and had many issues and it seemed that Avast couldn't get the virus off my pc. after lots of searching i finally realized that some of the files in Avast were corrupted by the virus so i uninstalled Avast and ran the XP fix and it did fix some of the problems that were caused by the corrupted AV but not all. I reinstalled Avast ran the AV again and this time it fixed the virus problem (i think)I can boot up in safe mode no problem but the desktop icons don't come up so i have to enable explorer.exe through task manager. Did another repair of XP. At the last part of the installation now i get two error codes......

C:\windows\system 33\system 32\inetcomm.dll may not have been installed or is corrupted
C:\program files\outlook express\msoe.dll may not have been installed or is corrupted

the reason for the system 33 is because about 4 months ago we had another virus (not my fault this time) and a friend helped me create system 33 and then just imported files over from system 32. I hope that makes sense as i am fairly noob at things like this but am not totally tech inept. i am running windows xp sp.2 on a dell dimension 4500. I have done all the steps in the MALWARE removal guide and it appears that the virus is gone but when i try to log in to windows i either get directly logged off or i get my wallpaper and nothing else not even ctrl-[bleep]-esc. works?? But can still get in to safe mode and have to enable explorer.exe through task manager.

I am so lost and frustrated at this point that i tried to backup all the important files and format/reinstall but for some reason my disk drives won't recognize any of the blank disks (is this because of safe mode?) i'm putting in. Also somehow i now have 4 different systems to log into when i start windows,

1.MICROSOFT WINDOWS XP home edition<--The current (system33)
C:\WINDOWS\System 32
HKEY_LOCAL_MACHINE\software\microsoftNT\current version\winlogon1
MICROSOFT WINDOWS XP<-----original XP that had the first virus

i will post the HJT log but will it be helpful if i post my MBAM log as well?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:37 PM, on 5/25/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\SYSTEM33\System32\smss.exe
C:\WINDOWS\SYSTEM33\system32\winlogon.exe
C:\WINDOWS\SYSTEM33\system32\services.exe
C:\WINDOWS\SYSTEM33\system32\lsass.exe
C:\WINDOWS\SYSTEM33\system32\svchost.exe
C:\WINDOWS\SYSTEM33\system32\svchost.exe
C:\WINDOWS\SYSTEM33\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\SYSTEM33\System32\svchost.exe
C:\WINDOWS\SYSTEM33\System32\svchost.exe
C:\WINDOWS\SYSTEM33\System32\svchost.exe
C:\WINDOWS\SYSTEM33\System32\svchost.exe
C:\WINDOWS\SYSTEM33\TEMP\gbfwrj.exe
C:\WINDOWS\SYSTEM33\explorer.exe
C:\WINDOWS\SYSTEM33\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1.HMD\LOCALS~1\Temp\3030054278.exe
C:\WINDOWS\SYSTEM33\TEMP\2791805732.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM33\System32\userinit.exe,C:\WINDOWS\SYSTEM33\System32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: C:\WINDOWS\SYSTEM33\System32\sdjee3inf.dll - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\SYSTEM33\System32\sdjee3inf.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM33\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM33\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM33\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\SYSTEM33\System32\reader_s.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\SYSTEM33\services.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM33\System32\ctfmon.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\ADMINI~1.HMD\LOCALS~1\Temp\3030054278.exe
O4 - HKUS\S-1-5-21-776561741-1390067357-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM33\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1390067357-839522115-500\..\Run: [Diagnostic Manager] C:\DOCUME~1\ADMINI~1.HMD\LOCALS~1\Temp\3030054278.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM33\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\SYSTEM33\TEMP\gbfwrj.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\SYSTEM33\system32\config\systemprofile\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM33\System32\ctfmon.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM33\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM33\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1238927230671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1238928287561
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: afipyesj - C:\WINDOWS\SYSTEM33\SYSTEM32\afipyesj.dll
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\SYSTEM33\System32\sdjee3inf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM33\system32\nvsvc32.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\SYSTEM33\System32\ups.exe (file missing)

--
End of file - 6603 bytes
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP