[WeedBag]

Hello,

I come here asking for help as my computer has developed several strange problems after my brother was doing God knows what on here last week. I started noticing a couple of errors after he used it, so like should be done, i switched to safe mode and ran my scanners (AVG, Avast!, Ad-Aware, Bazooka and HT) and found a bunch of virii that was not there before I used it. I deleted everything, rebooted, ran boot scans, rebooted again and saw if my problems persisted and they did. Here are my problems:

-Windows runs fine with a taskbar and everything, but explorer.exe is nowhere to be found!
-cannot delete some old folders (Error: Cannot Delete x: Archive is not empty)
-cannot send anything to the recycle bin

I have tried everything for this, for the folder error, i tried deleting them using command prompt but to no avail. I have tried to start explorer manually but it does not show up in the Tasks, yet there is a GUI. About the recycle bin, I think folders are deleting off the hard drive and bypassing the bin (which is empty) even though i have the bin's properties set to NOT do this.

Please help this is becoming very irritating.

Hijack This Log from safe mode:
Logfile of HijackThis v1.99.1
Scan saved at 11:24:50 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\chkdsk.exe
C:\Documents and Settings\Lou\Desktop\Games\HijackThis.exe

O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


as you can see (or not see hehe) explorer.exe is nowhere.

[Advertisements]

I'd say there is still something on your machine, probably best to post in here

Geeks to Go Malware

[DeSade]

I'd say there is still something on your machine, probably best to post in here

Geeks to Go Malware

[Kat]

That log does indeed show malware. However...where is the rest of it? PLEASE tell me you didn't already fix things with it?

[WeedBag]

That log does indeed show malware. However...where is the rest of it? PLEASE tell me you didn't already fix things with it?

No, that is the full log i have been getting for the previous 5 scans, but AVG, Ad-Aware and Avast! removed a lot of malicious files.

[gerryf]

Is your PC booting in safe mode, because that log is way short...

[WeedBag]

Is your PC booting in safe mode, because that log is way short...

Yeah that was a safe mode log, here is my regular log:

Logfile of HijackThis v1.99.1
Scan saved at 12:46:20 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lou\Desktop\Games\HijackThis.exe

O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


pretty much the same.

[gerryf]

still way too short....

just as a test

start > run
msconfig
<enter>

go to startup tab

anything there?

[WeedBag]

there are two three-square symbol keys enabled both \currentversion\run keys and an windows/svchost.exe one that is disabled