Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32.Desktophijack HELP please!

Started by Jmg90300zx , Sep 20 2005 07:40 AM

  • Please log in to reply

#16
tampabelle
Posted 24 September 2005 - 06:14 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
please visit Windows security and critical updates and get all the updates and patches and install them on your PC.

Do not reboot the PC yet !!!!


download a copy of luna.msstyles here:
http://www.geekstogo...pe=post&id=3166


Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle

Reboot the PC.


Post a fresh HJT log and let me know how it goes
  • 0

Advertisements

#17
Jmg90300zx
Posted 24 September 2005 - 01:38 PM

Jmg90300zx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Windows update is telling me that my product key wont pass validation, and therefore it wont give me any new updates. I know that I previously installed all the updates available for service pack 1, and it let me update to service pack 1a. Guess I cant do anything else now tho.

The taskbar is back to XP style now. MUCH BETTER!

I think my only complaint now is that everytime I boot the computer Windows installer loads and tries to resume a previous setup of Internet Explorer. It wont let me get rid of it.

I also see a fair amount of things on the HJT log that looks like it could have been with the original virus. For example the Empire poker... actually i guess it got rid of the other stuff... before there were also a bunch of [bleep] websites under trusted zones. Otherwise computer is running much better!!

Logfile of HijackThis v1.99.1
Scan saved at 12:36:06 PM, on 9/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS1\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\wanmpsvc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS1\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jon.JON-8HX8MZ3KHTU\Desktop\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS1\UpdReg.EXE
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS1\System32\updatelavasoft.exe
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0b\cstray.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS1\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125267220564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127256435424
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.we...bex/ieatgpc.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS1\wanmpsvc.exe
  • 0

#18
Jmg90300zx
Posted 24 September 2005 - 01:41 PM

Jmg90300zx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Actually I do have another problem.... I use Compuserve, and now when I try to load compuserve it opens, I can enter my password it starts to connect, and then the program dissappears. Basically like it exited by itself, and completely dissappeared. I checked the task manager and it was gone, I tried it again, and same thing!

No idea!!
  • 0

#19
tampabelle
Posted 25 September 2005 - 08:15 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts

Windows update is telling me that my product key wont pass validation, and therefore it wont give me any new updates.  I know that I previously installed all the updates available for service pack 1, and it let me update to service pack 1a.  Guess I cant do anything else now tho. 

View Post



Let me ask you, do have a legal copy of Windows XP ???
  • 0

#20
Jmg90300zx
Posted 25 September 2005 - 12:24 PM

Jmg90300zx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I was under the impression that it should be a legal copy.... I believe its the same copy that came with the computer...

But my brother uses this computer also, so I guess im not 100% sure.
  • 0

#21
tampabelle
Posted 25 September 2005 - 05:09 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download Windows Installer CleanUp.

Save it on your desktop and run it to extract the files and save them on your desktop.

In case you have any issues with extracting the files, then there is a fix for it.


The trouble with developing windows installers is that sometimes they crash leaving the install partially finished. Any attempt to run an install after that results in the dreaded "Another installation is already in progress" message. Now you probably want to run an installer at some point again in the future, but until you clean up the install that crashed, you can't (I believe that it an install mutex is locked, among other things) .

So the Windows Installer Clean Up Utility is you friend. Trouble is the Windows Installer Clean Up utility comes as a windows install. So when you try to install it you are just going to get "Another installation is already in progress".

Digging a little deeper you may learn that the cleanup utility is just an app called msicuu.exe which is a front end to msizap.exe. You can extract both from the Windows Installer Cab file (msicuu2.exe) with a tool like WinRAR, or it is available with the support tools for the Windows OS you are using (usually on the install CD under support\tools or dowloadable from the web). That gets around the need to run the install.

[It also forms part of the Platform SDK Components for Windows Installer Developers (with a lot of other useful tools for installer work like Orca.exe which allows you to view msi files)].


Run msicuu2.exe. It will give you a list of programs.

Please give me the list of items it finds.
  • 0

#22
Jmg90300zx
Posted 26 September 2005 - 02:20 AM

Jmg90300zx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Im guessing that this is what your looking for. I cant figure out how to copy it so I will type it out. So here is what it says.... Let me know if that was correct what your looking for..

(all users) Adobe Reader 7.0 [7.0.0]
(all users) ccCommon [103.0.1.26]
(all users) Easy CD & DVD Creator 6 [6.00.0000]
(all users) Internet Worm Protection [11.0.1]
(all users) Micorsoft .NET Framework 1.1 [1.1.4322]
(all users) Microsoft Office XP Professional with FrontPage [10.0.2627.01]
(all users) Norton AntiVirus 2005 [11.0.1]
(all users) Norton AntiVirus Help [11.00.00]
(all users) Norton AntiVirus Parent MSI [11.0.1]
(all users) Norton AntiVirus SYMLT MSI [11.0.1]
(all users) Norton WMI Update [2005.1.0.111]
(all users) SPBBC [1.00.0000]
(all users) Symantec [11.0.1]
(all users) Symantec Network Drivers Update [5.5.1.6]
(all users) Symantec Script Blocking Installer [11.0.1]
(all users) SymNet [5.4.0]
(all users) WebFldrs XP [9.50.5318]
Macromedia Flash Player [7.0.19.0]
Windows Installer Clean Up [2.05.00.0000]
  • 0

#23
tampabelle
Posted 26 September 2005 - 07:41 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
You had said earlier that Internet Explorer was being installed (and it hangs without completing it). However IE is not listed here.

Are you still getting the installation error ???


Please click on Start ---> Settings ---> Control panel.

Double click on Administrative Tools ---> Computer Management.

Now click on System Tools ---> Event Viewer ---> System.

can you see if there are any errors in the recent past (last 1 day preferably)??

If there are any errors, give me the details of them.

Also check for any error listings under Application and Security under Event Viewer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP