Solve : nasty infection, please help? – InterviewSolution

InterviewSolution

1.	Solve : nasty infection, please help?
Answer» OK. My problems first began when a few days ago I booted up my computer for the first time in a while, as I usually hibernate the system at night and dont do a full shut down. I found that windows XP would not boot and I ran Checkdisk using the Windows Recovery Console. The system then booted fine except that I had no taskbar and my icons were locked on the screen (immovable). System Restore says it cannot protect my computer, I cannot load windows Search function, I have very limited copy/paste abilities (only notepad text will function, and I cannot move any files). After some playing with the taskbar properties I was ABLE to show the bar at the bottom; however, minimized windows show above the taskbar and not in it as usual. The system still takes an inordinate amount of time to load windows at startup. I have ran Avast, Grisoft AVG, Ewido, Xoftspy, Registry Mechanic, Registry Fix, Malware Remover, PCBugDoctor Ad-Aware, Spybot, CCleaner, Mcaffee Stinger, Ace Utilities Etc; all failing to fix my problem. I have been searching throughout the internet for days trying to figure out just what has infected my computer. I tried the Smitrem file and that also failed. I looked at my HiJack This log and cannot see anything unusual. Im hoping someone can help me as Im out of ideas. BTW: whatever has infected my system is also preventing me from running online scans such as Panda and Trendmicro. Logfile of HijackThis v1.99.1 Scan saved at 11:26:27 AM, on 7/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Documents and Settings\John Fenski\Desktop\framxpro\FreeRAM XP Pro 1.40.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\John Fenski\Desktop\Desktop Shortcuts\Internet and SECURITY Programs\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %SYSTEMROOT%\system32\dumprep 0 -k O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\John Fenski\Desktop\framxpro\FreeRAM XP Pro 1.40.exe" -win O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido NETWORKS - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Virus scanners AVG Free -- Anti virus scanner Anti spy/malware Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner Adaware SE Personal -- Anti spyware scanner Firewalls Using only one firewall is advised. Dual firewalls may cause problems. Using a hardware firewall and a software firewall is even more adviced. ZoneAlarm Free -- Free firewall - more user friendly Sygate Personal -- Free firewall - more configuration options Removal tools The following files are not substitutes for the ones described above. They are either diagnostic tools or removal tools for malware of a certain kind HijackThis -- Manual malware remover. Post the HijackThis log generated only if requested! McAfee Stinger -- Virus removal tool. No substitute for a fully functional virus scanner! CWshredder -- CoolWebSearch removal tool. Widely known and persistant Hijacker.Missed spysweeper......from webroot......i would boot pc hold down the f8 safe mode and scan from there......and disconnect from the net while running any scans.......most virus/trojans/worm hide in system restore and windows make it worst by backing the files up..... my system restore feautre has never been used.....its disabled...my choice i may add!tried spysweeper with no positive result.jpfenski.....Just read your post...and I would try this ...... reboot into safe mode .......then turn off system restore . then run your scans from there starting with your anti virus .......... BTW ...your hijackthis log file is clean....... let us know dl65 I dont think i can turn off system restore bc when i try to load the program it tells me that "system restore cannot protect your computer. please reboot and try to run system restore again" no matter how many times i reboot, safe-mode or not. i cannot enter system restore to make any changes whatsoever. jpfenski.......Ok .......can you fully boot up in safe mode ? If you can ...have you tried to run your anti virus from safe mode ? Do you know if your system restore is turned on or off? Do you have a floppy drive on your pc ? dl65 I can fully boot up in safe mode. I ran antivirus in safe mode and saw no difference in detection. I have no idea if my windows restore is on or off it simply says that system restore cannot protect my computer and to resatart. I do have a floppy.jpfenski....Ok .....Click ......START/ALL PROGRAMS/ACCESSORIES/SYSTEM TOOLS/SYSTEM RESTORE .........when the restore window opens click on " SYSTEM RESTORE SETTINGS" .......System properties will be displayed .......click on the system restore tab............ In the little square box , is there a check mark ? If there isn't one it's turned on and if there is one it's off ........ It should be off the do the scans ........ We will deal with the floppy after you reply to this post . dl65 system restore will not open at all.If you need to disable system restore, you can also do it by taking these steps: 1. Start 2. Run 3. Type services.msc 4. Right click on system restore-service 5. properties 6. Startup type: disabeled System restore will now be disabeled.John you could also do this >...http://www.michaelstevenstech.com/XPrepairinstall.htm Unplug the pc from the net if you are going to do the above.......Is this desktop/laptop?when i right click and select properties nothing happens. i cannot change anything in the services. same goes for local security as i tried to disable the "ctrl-alt-del" at startup procedure. whatever has infected my desktop is probably blocking my ability to change anything in here.Something else to do in the cmd prompt:SFC - System File Checker - (SFC /Scannow) /SCANNOW Scans all protected system files immediately. /SCANONCE Scans all protected system files at the next boot. /SCANBOOT Scans all protected system files at every boot. /REVERT Windows XP: Return to default settings. Chdsk /r <did you try it?ran chkdsk and scannow. no change in my problem. i think the infection is blocking scripts bc neither trendmicro housecall nor panda activescan will work from the web.

Discussion

No Comment Found

Related InterviewSolutions