[dontcensorme]

Hi geekarinos

Please help if you can, I'm desperate!

The computer has been running great since last week, today suddenly it started going really slow (so slow I thought it had crashed) and some programs have just disappeared. Netscape for one. The Netscape folder in programs was empty and it's icon was gone from desktop shortcuts.

I did a search for it and opened it from the files that were found. It ran and after that all the icons and stuff came back.

I'm getting random error messages and MS Paint has disappeared! If I try to open it I get Data Error (cyclic redundancy error) although there are several files on my PC called MSPaint.exe

I ran Scandisk and it went nearly all the way to the end then stopped and said it couldn't scan the disk.

Also if try to restore the system I get a message saying the restore has failed and no changes have been made to my PC

Help???

[Advertisements]

Sounds more like a virus. Do you have antivirus software installed?

Please run a free online virus scan here (tick the "Auto Clean checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

[admin]

Sounds more like a virus. Do you have antivirus software installed?

Please run a free online virus scan here (tick the "Auto Clean checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

[dontcensorme]

Hi again, thanks for reply!

Have done the trojan scan and nothing was found.

However, couldn't get the virus thing to do anything it says Java Applet loading and then does nothing. I get a little icon on the bottom of screen and when I opened it it said this:

Java™ Plug-in: Version 1.3.1_01
Using JRE version 1.3.1_01 Java HotSpot™ Client VM
User home directory = C:\Documents and Settings\Owner

Proxy Configuration: Browser Proxy Configuration



----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
q: hide console
s: dump system properties
t: dump thread list
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

load: class trend/javascan/JavaScan.class not found.

java.lang.ClassNotFoundException: java.io.FileNotFoundException: File not found: http://www.trendmicr...can/class.class

at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)

at java.net.HttpURLConnection.getResponseCode(Unknown Source)

at sun.applet.AppletClassLoader.getBytes(Unknown Source)

at sun.applet.AppletClassLoader.access$100(Unknown Source)

at sun.applet.AppletClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at sun.applet.AppletClassLoader.findClass(Unknown Source)

at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.applet.AppletClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.applet.AppletClassLoader.loadCode(Unknown Source)

at sun.applet.AppletPanel.createApplet(Unknown Source)

at sun.plugin.AppletViewer.createApplet(Unknown Source)

at sun.applet.AppletPanel.runLoader(Unknown Source)

at sun.applet.AppletPanel.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Is this anything to do with it?

I've got AVG anti-virus but I've noticed that it reports that some files cannot be opened for scanning, is that normal?

thanks

[admin]

Do you have antivirus software installed?

[dontcensorme]

AVG (the free one) I used to have Norton AV but I got rid of it after it didn't find a trojan that I had once and AVG did find it.

I have noticed recently that AVG reports that it cannot open certain files for scanning, is this normal?

[admin]

Hmmm... let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

[dontcensorme]

thanks again.

Here is the Hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 22:55:18, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\JavaSoft\JRE\131DB1~1.1_0\bin\java.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.com:8080;http=http://www-cache.freeserve.com:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\3j0j3nm0.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: MP3Collection - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5....m/c381/chat.cab
O16 - DPF: {1096842F-FEE8-11D2-965E-0010E3622565} (IFS_Lib00) - http://www.roylinedi...1.0/IFS_RYD.cab
O16 - DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} (IFS_Wizard1 Control) - http://www.roylinedi....0/IFS_Wz01.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://www.roylinedi....0/IFS_Lb04.cab
O16 - DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} (IFS_Wizard6 Control) - http://www.roylinedi....0/IFS_Wz06.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5....v43/yacscom.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://www.roylinedi....0/IFS_Lb10.cab
O16 - DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} (IFS_Lib07) - http://www.roylinedi....0/IFS_Lb07.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://www.roylinedi....0/IFS_Wz05.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://www.roylinedi....0/IFS_Lb08.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://www.roylinedi....0/IFS_Wz02.cab
O16 - DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} (IFS_Lib05) - http://www.roylinedi....0/IFS_Lb05.cab
O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://www.roylinedi....0/IFS_List.cab
O16 - DPF: {74545298-2152-11D2-8D16-0004ACF74B57} (IFS_Wizard3 Control) - http://www.roylinedi....0/IFS_Wz03.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://www.roylinedi....0/IFS_Lb01.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://www.roylinedi....0/IFS_Lb13.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://www.roylinedi....0/IFS_Lb12.cab
O16 - DPF: {B37DB118-5623-11D3-8769-0010E36241AE} (IFS_Wizard9 Control) - http://www.roylinedi....0/IFS_Wz09.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://www.roylinedi....0/IFS_Lb16.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://www.roylinedi....0/IFS_Lb02.cab
O16 - DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} (IFS_Lib11) - http://www.roylinedi....0/IFS_Lb11.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://www.roylinedi....0/IFS_Lb03.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://www.roylinedi....0/IFS_Wz07.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://www.roylinedi....0/IFS_Lb14.cab
O16 - DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} (IFS_Lib17) - http://www.roylinedi....0/IFS_Lb17.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://www.roylinedi....0/IFS_Lb06.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://www.roylinedi....0/IFS_Wz04.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://www.roylinedi....0/IFS_Serv.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6345D6-33ED-4C6A-A938-6CC5AC485E77}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

FYI, Royline is my Husband's bank.

I finally got the AV you linked me to to work, it is taking ages though. It's 11pm here and I might have to let it get on with it overnight, gotta be up early for work tomorrow If I go, don't think I'm being ungrateful! I'll be back tomorrow!
Good night

[ditto]

Is freeserver your ISP?

[dontcensorme]

Hi Ditto
Yes Freeserve is my ISP.