[Wizard]

I was a little concerned that the files I deleted did not go into the recycle bin - there were only 24 .t files. Is that a problem?

Thats different,we will rebuild the recycle bin once the machine actually reboots into normal mode.


Lets me know when you get to that point.

[Advertisements]

Okay- is there another way to get to the machine debugger?

I can get into msconfig and I tried unchecking it and unchecked everything in the startup tab as well and rebooted into normal.

Same things are happening - user init logon Dr Watson etc.

Now what?

[sheba123]

Okay- is there another way to get to the machine debugger?

I can get into msconfig and I tried unchecking it and unchecked everything in the startup tab as well and rebooted into normal.

Same things are happening - user init logon Dr Watson etc.

Now what?

[Wizard]

You werent able to access the Services page?

Scan with HijackThis again and post that log,lets see where we are at.

[sheba123]

okay,

here's the latest HJT log in normal mode

Logfile of HijackThis v1.99.1
Scan saved at 3:33:01 PM, on 11/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\userinit.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\HijackThis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {8c33d0d0-5261-4591-8a52-f8a6371b5553} - C:\WINDOWS\System32\bfc42u.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movi.../altpmtscab.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {666E4D35-E955-11D0-A707-000000521958} - http://ads.dropspam....aab/upgrade.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8349EA6-D911-4E6D-93C4-9DDB9A84C87C}: NameServer = 62.217.54.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3327B8-2B86-4331-AFD7-5C51EAE90275}: NameServer = 62.217.54.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{E261D78B-D5D0-4514-B3D0-AF709AD230CD}: NameServer = 62.217.54.69
O20 - Winlogon Notify: bfc42u - bfc42u.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

[Wizard]

O my,the whole thing has decided to reinstall it would appear.


Time to make a decision,we very well may spend more time trying to fix this and never get there.

Whereas,you may be able to backup all your documents to disc.

This thing only targets Archives(Zips),exe and scr files.

I have to imagine you want to save things suchs as txt files and documents and not executables and whatnot.


To be honest,I dont know if I can clean this machine up to where it would even be usable again.


So,whatcha wanna do?


If you want to keep trying,go to the trend site again and get the latest virus pattern file.

Go to DrWeb and get the latest CureIt download.

Repeat and scan in safe mode with both.

Let me know when finished?

[sheba123]

[bleep]! - are you saying the virus is back?

If that's so - I give - I'll start loading my docs and pics on disk and I'll let you know when I am done.

It's friday - are you planning on being around a while tonite? I would really like to get this back up and running so I can get back to school work

[Wizard]

Yeah,Im here for the weekend.

You got msn messenger or yahoo messenger.

We can chat as you back up stuff.

This is the only resolution left,the machine isnt anywhere close to being safe whatsoever.

Lemme know if ya gotta messenger app handy?

[sheba123]

I don't have a messenger handy

ALso -just forget about backing up - it's whacked the cd drive programs - nothing will copy over

Let's just get it over with

[Wizard]

Try this,stick a fresh CD in the Drive.

Go to a folder of documents you want to save.

Right Click and Select Send To

Then select your CD Drive as the destination.

XP has its own burning software from Roxio I think.

Anyways,its worth a shot.

[sheba123]

Nope - it's whacked too and Dr watson is popping up faster and faster.

Time to get it done.....

[Wizard]

Whats the brand name of the Computer?

I assume you have tried using your floppy drive to atleast extract your schoolwork?

[sheba123]

Well, there is a god....

I booted back into safe mode and managed to get 99% of my files onto a CD

So what's the next step in nuking this nasty and getting my poor guy revived - I'm going to have to rename him Frank now... LOL!

and does this nasty have an official name?

[Wizard]

Whoops,I guess I failed to realize you were trying this in normal mode.

I assumed you were using safe mode since it didnt look like Normal Mode was very good.


The reason I keep asking for the brand name of the PC is so I could provide you with some possible links for step by step instructions to perform a destructive recovery.


Basically,power the machine down.

Power up and as soon as the machine starts,press F10

Atleast I think its F10,someone wont tell me what kinda PC they have.

There should appear some options on the next screen.

I havent a clue what all they will be.

You want to find the option to perform a destructive recovery.

Get to the F10 menu and let me know what ya find there?

[sheba123]

Look you......

It's an HP pavilion and I'll be back in aminute to tell you what the option are....

[sheba123]

Okay I did the following

Shut down completely and turned it back on - hit F8 and got the screen asking which OS I wanted to use picked XP

It gave me a blue setup screen and I hit f2 for the recovery console and now I am at a propmpt which reads.....

1:c/windows

Which installation would youlike to log on to?


Duh there is only 1!