I've tried removing start up entries which re-appear upon next boot, tried running Search & Destroy which, when first opened, alerted me a message stating something similar to, "This program has been modified. Since S&D does not modify itself, we strongly suggest scanning your computer for malware/virus immediately!!!" which was a serious heads up. I've ran HJT and removed suspiscious or unwanted entries but have seem to either re-appear or not solve anything. I've run Full system scans with Avast which will crash my system at random points. Im using Firefox now, but my IE will not load and seems to have a different start page than my usual google.com. After my system crashes i recieve a message saying,"Windows has recovered from a serious error." and my desktop configuration/wallpaper is a IE message saying my page has expired with an option to restore my settings.
Hrmm..what else??? I'm having trouble updating or installing any software; my windows firewall and Auto-update have mysteriously been turned off each boot...but yet anytime I scan for malware, the scan either comes up clean i.e. Ad-aware SE, or crashes my computer into a reboot. Sometimes windows explorer will crash and hang up my system...Thats the basic jist of it...cant seem to find what's wrong..hoping you folks can lend me a helping hand...i've had a little experience dealing with these sort of things..but this one seems to be a bit outta my league.. Thanks in advance!
Here's the log i've got now:
Logfile of HijackThis v1.99.1
Scan saved at 11:45:36 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Avast\ashDisp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Avast\ashMaiSv.exe
D:\Avast\ashWebSv.exe
C:\Documents and Settings\FunkFuzz\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: LEDKQKI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FunkFuzz\LOCALS~1\Temp\LEDKQKI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe (file missing)
O23 - Service: QEAJETN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FunkFuzz\LOCALS~1\Temp\QEAJETN.exe
O23 - Service: RHOISMLTHSA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FunkFuzz\LOCALS~1\Temp\RHOISMLTHSA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\TuneUp\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XARDKCBJJU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FunkFuzz\LOCALS~1\Temp\XARDKCBJJU.exe
I wanted to add that I've recieved a message at startup from CWS that a version of CoolWeb (cws.smartsearch.2) has tried to close this program etc....so CWS starts with random code in its head. I've been researching cws.smartsearch.2 trying to find some relevant information. I know if I run the newest version (Jan/06) of CWS, the window on startup is simply a plain white screen, blocking out the text. I know this because I have the same version on a different system, where the screen is not white.
I also wanted to add that I had recently installed Panda Anti-Virus from a disk, ran a scan & cleaned, but began to uninstall it due to memory insufficiency. The problem was/is Panda will not un-install from any source (Add/remove etc.) and even when I use Autoruns or HijackFree to remove its startup entry, it will immediately re-check its box and refuses to delete.
Hope someone has an idea about this...
THanks, B
Edited by laiforv, 11 January 2006 - 09:05 AM.
Sign In
Create Account
