Options

my annoying issue

Unknown
edited August 2006 in Spyware & Virus Removal
ive been going through the forums trying to find similar issues but nothing is popping out at me.

basically when i boot up all i get is my desktop wallpaper and nothing else, i cant run task manager as it says its been disabled by administrator. i found someone else with that issue but the accompaning fix didnt pertain to me. i can boot into safe mode but cant decipher hijackthis in order to search for anything,

well that said, here is the log file

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.exe
F:\WINDOWS\Fonts\svchost.scr
F:\DOCUME~1\ADMINI~1\Desktop\HIJACK~1.EXE
F:\WINDOWS\services.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\system32\fservice.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - F:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - F:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] F:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [David] F:\WINDOWS\Fonts\svchost.scr
O4 - HKLM\..\Run: [Administrator] F:\WINDOWS\Fonts\svchost.scr
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [David] F:\WINDOWS\Fonts\svchost.scr /RunOnce
O4 - HKLM\..\RunOnce: [Administrator] F:\WINDOWS\Fonts\svchost.scr /RunOnce
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144030071597
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


any help is greatly appreciated!

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited August 2006
    Please visit at least two of the following sites for an online virus scan:

    BitDefender Free Online Virus Scan
    http://www.bitdefender.com/scan/licence.php

    Panda ActiveScan
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Make sure you tick Disinfect automatically under Scan Options.

    Housecall at TrendMicro
    http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
    Make sure you tick Auto Clean.

    eTrust Antivirus Web Scanner
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

    Also run this online trojan scanner

    TrojanScan

    ==

    Please download and install ewido anti-spyware tool
    • Close all other Applications Select language click Ok
    • Click I Agree
    • Click next
    • Click Install
    • Click Finish
    • Wait and Ewido will open to the main screen automatically.
    • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
    • This is very important to get updates
    • When updating has finished. Close Ewido.
    If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
    • Next, please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
    • Select the first option, to run Windows in Safe Mode hit enter.
    • For additional help in booting into Safe Mode, see the following site: HERE

      You MUST manage to get into Safe Mode for the fix to work.
    Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
    • Open Ewido
    • Click on scanner top of Ewido sceen
    • Click on Settings
    • Under How to Act click on Recommended Action choose Quarantine
    • Under How to scan all boxes should be selected
    • Under Possibly unwanted software all boxes should be selected
    • On right side under Reports: click on Automatically generate report after every scan.
    • Under What to scan select scan every file
    • Click On scan Tab
    • Click on Complete system scan
    • Let the program scan the machine It can take awhile give it time.
    • When scan has finished At bottom of screen click Apply all Actions
    • Click Save report
    • Click Save Report as (Save as window's screen should pop up.)
    • Click desktop
    • Click Save
    • Exit ewido
    Reboot back to normal mode

    ==

    Please make sure you post the entire hijackthis log, including the header. It is very important that I can see what version of Windows you are running and what service packs (if any) you have installed, as well as the hijackthis version.
  • DogSoldierDogSoldier The heart of radical Amish country..
    edited August 2006
    Crunchie, did you notice "F:\WINDOWS\services.exe"?
    Services.exe should be running from the System32 folder.
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited August 2006
    Yes I did :). Noticed even more than that. Is the reason I am requesting the AV scans etc.
  • degenradus
    edited August 2006
    wow that was a wealth of info :)

    i had tried the trendmicro scan in safe mode but it kept acting up on me, iexplorer for some reason would not let me enable java and firefox kept freezing up on me. since i couldn't try the scans in regular mode due to the virus not allowing that i just reinstalled windows last night before going to bed.

    i will save this information and make sure to check out some of the applications you listed to help me prevent future issues. i will also read the stickies pertaining to securing and safety.

    its weird, i have never really gotten a virus before, i like to think of myself as a "smart web surfer" my computers have never had any antivirus software installed because up until last night I've never had anything malicious that adaware or trendmicro didn't clean up asap.

    thanks for the information. you guys rock in this forum!
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited August 2006
    Presumably you did a total reformat? If you did just a repair job, the virus' will still be there. There are free AV's and firewalls, so there is really no excuse not to use them :).
  • degenradus
    edited August 2006
    yes, full reformat.

    Thanks!
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited August 2006
    No worries then :). Safe surfing.
Sign In or Register to comment.