24 replies to this topic

[UDP]

Well, this is by far the worst problem I've ever had. Like 30 minutes ago I got a fake virus scan pop-up from AV Care, I quickly tried to end process but everything froze, so I restarted. Everything seemed fine, I googled AV Care and there were some solutions for it. So I deleted all the stuff related to it, did msconfig and regedit. Then, I was finally going to do a spyware scan with superantisypware, but every time I tried to open it it would just say it encountered an error and had to close. So I went and clicked on this thing for superantispyware called alternate startup, and then my computer froze again. Then I restarted again, got to the login screen, clicked on my name, and it fucking froze. So I restart, login works this time, but when I get in I can't click on anything or select anything (I can move the mouse around), and the bar at the bottom is mostly blank (not sure what it's called, where all the window tabs and start button are). Now every single time I restart it does this, so basically I can't do anything. What the heck? Any ideas?

EDIT: This is probably my 6th attempt trying to restart, this time it seems to be working properly, it hasn't not locked up or anything. As a side note, when my computer starts it says press F2 for BIOS options, I push F2 and nothing happens. I pushed it like 20 times. I'm now running the superantispyware scan. Even though it seems to be working ok, it shouldn't lock up so much like that, there has to be something wrong here.

[DHC]

startup in safe mode, and do a system restore to yesterday?

[UDP]

startup in safe mode, and do a system restore to yesterday?

I can't startup in safemode I can't get to the BIOS. The only thing I can do is get to the login screen, and login. It says F2 for BIOS, but hitting F2 does nothing, holding it does nothing, I dunno what to do.

[DHC]

have you tried resetting cmos?

[UDP]

have you tried resetting cmos?

Don't know what that is or how to reset it.
EDIT: I'm attempting to start in safemode now (I hit F8 repeatedly). Where's the system restore?

[shunted]

check your motherboard book, but normally its a switch/2 connecters on your mother that you press/short onto each other to reset it

[UDP]

check your motherboard book, but normally its a switch/2 connecters on your mother that you press/short onto each other to reset it

I presume that involves getting my case open, something I could never manage to do. I tried a while ago, I took out every screw and it still wouldn't open.

I got into the BIOS, but there wasn't much to do there. I got into safemode, tried to restore to yesterday, but obviously I can't because I have no restore points, probably because I never made any.

Logfile of HijackThis v1.99.1
Scan saved at 1:02:14 AM, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\PierceZ\Desktop\Pierce's Folder\Xfire\xfire.exe
C:\DOCUME~1\PierceZ\LOCALS~1\Temp\a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PierceZ\Desktop\Testfolder\HJTInstall.exe
C:\Documents and Settings\PierceZ\Desktop\Testfolder\HJTInstall.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\PierceZ\LOCALS~1\Temp\a.exe
O4 - Startup: Xfire.lnk = C:\Documents and Settings\PierceZ\Desktop\Pierce's Folder\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.superiorcomputers.ca
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[raw_genesis]

You computer should have restore on by defult which means you (or someone else that uses that PC?) turned it off... which is not a good thing
also you can reset the BIOS by pulling out you system battery and leaving it out for a while and then putting it back in.

Anyway you should probly try a re-install of your OS... if that does not fix the problem then format and install tbh.

[Weiman]

Yup, looks infected.

C:\DOCUME~1\PierceZ\LOCALS~1\Temp\a.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O20 - AppInit_DLLs: ,

Give malwarebytes antimalware in safe mode a whirl.

[UDP]

Yup, looks infected.

C:\DOCUME~1\PierceZ\LOCALS~1\Temp\a.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O20 - AppInit_DLLs: ,

Give malwarebytes antimalware in safe mode a whirl.

I'm running avast at boot, I started last night, it asks me what to do for everything though so it stopped scanning last night sometime. I had to tell it to delete, it's only at 50% now, I'll try malware bytes after.

EDIT: Avast finished, it seems to be working so far, gonna try malwarebytes again.

[UDP]

I think it's ok now, I scanned with malware bytes and avast, it hasn't locked up yet. Shunted said I should get comodo, so I was going to get it, but they have multiple programs, not sure which one I should get. I also just made a restore point.

[Weiman]

Just so that you never come crying back.. technically your system HAS been compromised. And the only way to be 100% sure you're safe while logging on somewhere is by formatting and reinstalling. It's your choice though.

[UDP]

Just so that you never come crying back.. technically your system HAS been compromised. And the only way to be 100% sure you're safe while logging on somewhere is by formatting and reinstalling. It's your choice though.

Just so I never come crying back? No need to be mean. I don't have any discs to re-format with. I assume I could go buy some blank ones and put Windows 7 on it, but as you may have already guessed, I don't know anything about reformatting. I don't even know the first thing about reformatting, so someone would have to walk me through it step by step, including making a disc to install Windows 7, or whatever OS.

[Weiman]

Sorry, I wasn't trying to be mean. Forgot my smilies

[UDP]

Sorry, I wasn't trying to be mean. Forgot my smilies

I backed up the stuff I wanted on one DVD-R, and I've got another DVD-R (or like 30 more if I need I guess) to use for the reformat. I had some problems though, I figured I could just open the CD drive and drag and drop stuff into the CD, but it wouldn't let me. I had to use the program on my computer called Roxio Media Manager to do it. Using Roxio I tried to backup a folder on one disc, and after I did that it wouldn't let me modify anything on the disc, or add any more files/folders. So I took another disc, and did something else, called Data Disc (which I think basically allows you to put anything on the disc) and that seemed to work. Not sure where to go from here.

[Plasmic Fury]

formatting is the easiest thing in the world. As long as you know your computer hardware is.

just put the disc in and then restart your computer, follow the steps in the Windows setup to format drive and install windows on it, then it installs. Once installed find and install all the drivers and your good to go.

[UDP]

formatting is the easiest thing in the world. As long as you know your computer hardware is.

just put the disc in and then restart your computer, follow the steps in the Windows setup to format drive and install windows on it, then it installs. Once installed find and install all the drivers and your good to go.

Not exactly sure what you said there. I assume you meant as long as I know what my computer hardware is - which I don't really. Also, like I said already, I don't have a windows install disc, I just have blank discs.

[Plasmic Fury]

Not exactly sure what you said there. I assume you meant as long as I know what my computer hardware is - which I don't really. Also, like I said already, I don't have a windows install disc, I just have blank discs.

Step 1.
Burn Windows onto a DVD

Step 2.
Put DVD in computer then restart computer

Step 3.
Computer will boot from disc into windows setup, once in the setup it will ask you which hard drive you want to install windows on. Make sure to first format the hard drive (with the options provided in the setup), and then choose to install on that Hard drive

Step 4.
Wait for windows to complete installing while following some of the things it will tell you to enter (such as date/time)

Step 5.
Once windows is installed you find the drivers for your computer download them and install them

Step 6.
Your computer is fully formatted and ready for whatever you want to put on it next

[UDP]

I also don't have a license key.

EDIT: Wow, I think I'm blind. I just found it, it was right on the side of my computer, I even looked there already, somehow I missed it.
One other thing, what drivers would I need? (video, sound... other drivers?) I figured I should just burn the drivers onto a disc and just put them on after I reformat. Speaking of which, I'm not very good at burning discs, how do I burn windows onto a disc? I assume I'd burn it either as Data or a Backup, and as long as it's the only thing on the disc it'll be good?

EDIT2: So ya I just need to know how to make a disc to install windows xp with and I'll be good to go.

[Plasmic Fury]

I also don't have a license key.

EDIT: Wow, I think I'm blind. I just found it, it was right on the side of my computer, I even looked there already, somehow I missed it.
One other thing, what drivers would I need? (video, sound... other drivers?) I figured I should just burn the drivers onto a disc and just put them on after I reformat. Speaking of which, I'm not very good at burning discs, how do I burn windows onto a disc? I assume I'd burn it either as Data or a Backup, and as long as it's the only thing on the disc it'll be good?

EDIT2: So ya I just need to know how to make a disc to install windows xp with and I'll be good to go.

Your going to have to burn it as an .iso file. Windows 7 has the function built in, or you could download a free ISO burning software.

As for drivers, the most important one will be your motherboards network card drivers. As long as you have them you can connect to the internet and download the other drivers.

Ideally you'll want drivers for your network card, video card, sound card, and chipset. The rest of them (if applicable) aren't as important and may not even be needed.

Edited by Plasmic Fury, 13 August 2009 - 03:56 PM.