Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need a Miracle

Started by L0$t , Jun 16 2005 08:32 AM

Please log in to reply

#1
L0$t

Posted 16 June 2005 - 08:32 AM

Member

Member
15 posts

I have a huge problem, I bought a dell.....anyway, guess i might have contracted a virus while surfing the net. After I got off the net, I tried to run Norton SystemWorks cause I had a lot of pop-ups and also Norton kept informing me about Trojan prgrams it kept deleting. Norton would not come up no matter how i tried to start it. I ran Ad-Aware SE to rid any spyware and that was successful but still no norton. Then i started to get the "Explorer experienced an error and needs to shut down, do you want to send the error code...blablabla" block even if i clicked "Do not send". Basicly the laptop was in a loop, so i rebooted. It started just fine, loaded all my start up programs than the error messege came up again. After clicking "do not send" the page reboots itself and so do all the applications. Nothing works except for a few apps.........HELP ME>>>>>>.

#2
kool808

Posted 16 June 2005 - 08:34 AM

Visiting Staff

Member
1,690 posts

Hello and welcome to Geeks to Go! I'm kool808 .

Please download Spybot Search & Destroy 1.4 then follow and print the instructions found HERE. For Ad-Aware 1.06 follow and print the instructions found HERE. Read More...
Please Download the stand-alone version of CoolWebShredder , Extract it & run the program. Click the Check for Updates, download if there is available, then click Fix ->.
Download and install Cleanup, then run.

Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, I recommend at least one online scan.

Now, REBOOT in Normal Mode and have an On-line scan at this sites: Trend Micro or Panda Scan or BitDefender.

REBOOT again.

Lets see how it goes.

#3
L0$t

Posted 16 June 2005 - 08:48 AM

Member

Topic Starter
Member
15 posts

can't log on, I use sprint wireless internet, so it's not recognising my cell phone. Also that windows explorer error screen keeps popping up and after i hit "don't send" the "Active Desktop recovery" screen comes up and the explorer error screen soon after that.... stuck in a loop......need help.....

also, when i drag box across the screen it leave a trail...don't know if it helps..

Edited by L0$t, 16 June 2005 - 08:53 AM.

#4
gerryf

Posted 16 June 2005 - 08:54 AM

Retired Staff

Retired Staff
11,365 posts

does that mean you followed the advice above...or cannot?

#5
L0$t

Posted 16 June 2005 - 09:04 AM

Member

Topic Starter
Member
15 posts

does that mean you followed the advice above...or cannot?

i can't get online (using work pc right now), the only thing i did was run Ad-Aware SE and luckly i got NSWorks to come up, doing a one button checkup but the repair is taking forever.....don't know if doing a virus scan will help but running it anyway....norton cleanup scan showed 8804 errors but i think it froze up when started the fix....

Edited by L0$t, 16 June 2005 - 09:12 AM.

#6
kool808

Posted 16 June 2005 - 09:13 AM

Visiting Staff

Member
1,690 posts

Did you mean you lost your Internet connections? Or its just your PC wont recognize a connection?

Download and run WINSockFixXP, if you lost your internet connections due to malware.

#7
L0$t

Posted 16 June 2005 - 09:18 AM

Member

Topic Starter
Member
15 posts

Did you mean you lost your Internet connections? Or its just your PC wont recognize a connection?

Download and run WINSockFixXP, if you lost your internet connections due to malware.

i connect on my laptop through my cell phone, but right now the program i use for connecting will not recognise the cellphone and will not link it to the laptop... also at start up "Ware-out" program comes on, even though i never downloaded it....says it's a spyware program....

#8
gerryf

Posted 16 June 2005 - 09:22 AM

Retired Staff

Retired Staff
11,365 posts

lost, get a copy of hijackthis and put it on a floppy....run it from a floppy and save a log.

Then post a log in the malware forum in my signature and explain that you cannot follow the instructions in the READ THIS FIRST thread because your machine cannot get online. They will do some triage fixes to get you up and running to the point where they can get you functional, then take it to the next level.

Then, if any problems remain after you get a clean bill of health, return to this thread.

#9
L0$t

Posted 16 June 2005 - 09:27 AM

Member

Topic Starter
Member
15 posts

lost, get a copy of hijackthis and put it on a floppy....run it from a floppy and save a log.

Then post a log in the malware forum in my signature and explain that you cannot follow the instructions in the READ THIS FIRST thread because your machine cannot get online. They will do some triage fixes to get you up and running to the point where they can get you functional, then take it to the next level.

Then, if any problems remain after you get a clean bill of health, return to this thread.

i'll try it......thanks much :tazz:

#10
L0$t

Posted 16 June 2005 - 01:11 PM

Member

Topic Starter
Member
15 posts

ok, got a copy of hijackthis but can't access my cd-rom drive....so i can't get to it...
finished a norton virus scan, found multiple trojan droppers and download.trojan but couldn't delete, not even manually cause i can't access many thigs suck as My Computer....

also when i tried to get on line it gave me this address "http://securityrespo...jan_horse.html"

what now?

#11
gerryf

Posted 16 June 2005 - 01:20 PM

Retired Staff

Retired Staff
11,365 posts

no floppy?

#12
L0$t

Posted 16 June 2005 - 01:23 PM

Member

Topic Starter
Member
15 posts

no, i only have a cd/dvd-rom.....but i can't even get to my drives.....also can't turn the pc off unless i use task manager and log off and then after i log off i can restart of turn off....

Edited by L0$t, 16 June 2005 - 01:24 PM.

#13
gerryf

Posted 16 June 2005 - 01:28 PM

Retired Staff

Retired Staff
11,365 posts

Step 1

Start > Run, type
msconfig
<enter>

On the general tab, select SELECTIVE START UP then uncheck
load system.ini
load win.ini
load startup services
load startup items
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.

If not, Start > Run, type
msconfig
<enter>

check load startup items
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.

If not, Start > Run, type
msconfig
<enter>

check load startup services
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.

If not, Start > Run, type
msconfig
<enter>

check load win.ini
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.

If not, Start > Run, type
msconfig
<enter>

check load system.ini
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.

Report back

-------------------------------------

STEP 2

When you find the error, repeating, you have arrived at the group that is causing the problem.

Leave everything as is and go to the tab with the same name as the one you just re-enabled and uncheck everything you find within the tab....reboot.

Does the probelm recur? If not, check one item and reboot, continuing until you discover the offending application/service

Then report back

#14
L0$t

Posted 16 June 2005 - 01:50 PM

Member

Topic Starter
Member
15 posts

ok, i got into task manager and ended the "explorer.exe" process, since it was the error i kept getting....but my toolbar at the bottom of the screen dissappeared....so i used the "new task" button to open everything i needed and got Hijackthis to run.....
here is the log....

#15
L0$t

Posted 16 June 2005 - 01:52 PM

Member

Topic Starter
Member
15 posts

Logfile of HijackThis v1.99.1
Scan saved at 2:33:55 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Sebastian\My Documents\HijackThis1991.exe

R3 - URLSearchHook: (no name) - {5857ADAC-BDD8-C990-D4B5-F024204BBF0F} - (no file)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\fixos.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\fixos.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82...hm::/update.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118500768382
O17 - HKLM\System\CCS\Services\Tcpip\..\{996E5203-07DF-4B04-8B9D-D5830113ECF2}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B86B46F6-0654-4568-9627-3BBD0AA885B7}: NameServer = 69.50.184.84,195.225.176.37
O20 - Winlogon Notify: style2 - C:\WINDOWS\q375663968_disk.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe