There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post lost internet connection on one computer ...
Go to first new post Hijack log could someone please take a l ...
Go to first new post possible virus (numerous symerr.exe runn ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Here is my High jack log
Go to first new post Network, good; Internet, bad
Go to first new post Windows unexpected shutdown problems
Go to first new post Annoying error of some sort
Go to first new post Few Extra Processes running
Go to first new post Webpage Redirect Rootkit infection?
Go to first new post hijack this log...can someone take a loo ...
Go to first new post Cannot access any google sites - youtube ...
Tag Cloud
acer asus bios blue screen boot bsod computer crash drive driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard mouse network networking printer problem ram registry router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
SLOOW computer, Spyware possibility (New)

Page 1 of 2 1 2
Reply  
Thread Tools
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
23-Sep-2004, 06:15 PM #1
Unhappy SLOOW computer, Spyware possibility
Hi all,

I desperately need your help.
Had to re-install Windows XP two days ago after a nasty nasty virus.
Could not even start in Safe Mode, just darkness...

Anyway, now my computer is running slow and seems to have caught a bug as soon as I went back on the internet. Have tried to update Norton AV but obviously not fast enough.

Please could someone look at my HJ Log and please helppppp...

Many thanks

Logfile of HijackThis v1.97.7
Scan saved at 22:00:59, on 23/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\WINDOWS\System32\msupdate.exe
F:\WINDOWS\System32\winupdate1.exe
F:\WINDOWS\System32\wupdt32x.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\MOZILL~1\firefox.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Steve Newman\Local Settings\Temp\Temporary Directory 2 for Hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btopenworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msupdate] msupdate.exe
O4 - HKLM\..\Run: [USB 2.1 DRIVER] winupdate1.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wupdt32x.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKLM\..\RunServices: [USB 2.1 DRIVER] winupdate1.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wupdt32x.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] wupdt32x.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095803261734
Register for free to hide this ad!
MFDnNC's Avatar
Distinguished Member with 49,021 posts.
  
Join Date: Sep 2004
23-Sep-2004, 06:19 PM #2
Get the current HJT

HijackThis 1.98.2 http://www.majorgeeks.com/download3155.html
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
24-Sep-2004, 03:38 AM #3
Ok will try that tonight.
Will post log then. Thanks for your reply.
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
24-Sep-2004, 12:07 PM #4
Alright, here my log.
Looks like a lot of Msupdate.exe going on....doesn't look right...?!

Scan saved at 16:05:39, on 24/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\WINDOWS\System32\msupdate.exe
F:\WINDOWS\System32\winupdate1.exe
F:\WINDOWS\System32\wupdt32x.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Steve Newman\Desktop\HijackThis.exe
F:\WINDOWS\system32\winupdate1.exe
F:\WINDOWS\system32\winupdate1.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msupdate] msupdate.exe
O4 - HKLM\..\Run: [USB 2.1 DRIVER] winupdate1.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wupdt32x.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKLM\..\RunServices: [USB 2.1 DRIVER] winupdate1.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wupdt32x.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] wupdt32x.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095803261734
O17 - HKLM\System\CCS\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
Flrman1's Avatar
Distinguished Member with 46,425 posts.
  
Join Date: Jul 2002
Location: Thomasville NC
Experience: 100% Geek
24-Sep-2004, 02:16 PM #5
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [msupdate] msupdate.exe

O4 - HKLM\..\Run: [USB 2.1 DRIVER] winupdate1.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] wupdt32x.exe

O4 - HKLM\..\RunServices: [msupdate] msupdate.exe

O4 - HKLM\..\RunServices: [USB 2.1 DRIVER] winupdate1.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] wupdt32x.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] wupdt32x.exe

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete these files:

F:\WINDOWS\System32\msupdate.exe
F:\WINDOWS\System32\winupdate1.exe
F:\WINDOWS\System32\wupdt32x.exe

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.


Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
25-Sep-2004, 08:09 AM #6
Some of the files seems to have gone, but the computer is still very slow and when I went back on the net, Generic Host Process Error message appeared and then that's the end of the surfing, no websites work after that and the computer goes super slow.

New Hijack after last clean
Logfile of HijackThis v1.98.2
Scan saved at 12:09:10, on 25/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\WINDOWS\System32\WinDat.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\system32\cmd.exe
F:\WINDOWS\system32\spoolsvc.exe
F:\WINDOWS\System32\dwwin.exe
F:\Documents and Settings\Steve Newman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Database] WinDat.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095803261734
O17 - HKLM\System\CCS\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
25-Sep-2004, 08:13 AM #7
and now this time, I've got a scvhost error message coming up as well...
Oh dear oh dear...what have I caught...?!
Flrman1's Avatar
Distinguished Member with 46,425 posts.
  
Join Date: Jul 2002
Location: Thomasville NC
Experience: 100% Geek
25-Sep-2004, 12:17 PM #8
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [Windows Database] WinDat.exe

O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe

O4 - HKCU\..\Run: [Windows Database] WinDat.exe

Restart to safe mode and delete the F:\WINDOWS\System32\WinDat.exe file


Update your virus definitions and do a full system scan in safe mode.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
27-Sep-2004, 01:20 PM #9
I have run Hijack this a few times and it seems this msupdate.exe plus sres32.exe and similar things, keeps popping up in the log.
My internet is running ok now, but the scrolling is still slow and I get messages popping up saying "My computer might have spyware" and to go to a certain website to clear it out etc. Plus internet explorer has encountered a problem and needs to close.

Plus the start up procedure seems to take forever. It sticks on the first screen for about 1 minute, before Windows even starts to load.
I always have to choose Start Windows Professional or Windows Prof. Setup.
Why on earth is that? Can't I just go straight in as normal anymore?
Flrman1's Avatar
Distinguished Member with 46,425 posts.
  
Join Date: Jul 2002
Location: Thomasville NC
Experience: 100% Geek
27-Sep-2004, 06:49 PM #10
Quote:
Originally Posted by vikinggirl76
I always have to choose Start Windows Professional or Windows Prof. Setup.
Why on earth is that? Can't I just go straight in as normal anymore?
I have no idea what you did to change that. Nothing I asked you to do would have done that. Are you talking about the boot menu where you can choose safe mode etc....?

I need to see another HJT log.
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
28-Sep-2004, 03:45 AM #11
This was happening before as well, nothing that you told me to do.
No, not the Safe Mode menu. This one just has Windows Professional XP or Windows Professional XP Setup (and the default seems to sit on the Setup, as I have to change to XP to boot, otherwise it tries to Install Windows...?!)
No installation disc in the drive, so god knows why its doing it...

I will post a log tonight. Really appreciate all your help.
Flrman1's Avatar
Distinguished Member with 46,425 posts.
  
Join Date: Jul 2002
Location: Thomasville NC
Experience: 100% Geek
28-Sep-2004, 12:50 PM #12
It sounds like that at some point you have installed the Recovery Console. Does this screen say Recovery Console any where? Is it a black screen with white lettering?
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
29-Sep-2004, 03:52 AM #13
Yes, that's it.
I was trying last week to use the Recovery Console, as I could not even log in to my computer. Could not get in to Safe Mode or anything. It was just dead.
All I got was a message saying "Insert Bootable Disc" etc etc.
Tried all sorts of things, but in the end I re-istalled Windows. Which got me back in and everything, but the computer is still not quite right...

How can I get rid of the Recovery Console when starting up?

Or is there a way that I can re-install the whole thing again, seeing as I've got nothing on there now anyway. Totally re-format the whole thing and install Windows again?
And this time, I will not install SP2...that caused problems I think.

What are your thoughts on this?
And how would I go about doing a clean install. Maybe I did something wrong last time...

Very grateful you are helping me
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
29-Sep-2004, 08:42 AM #14
Having Loooads of Norton Anti Virus pop-up "Virus Detected" come up, about 4 a minute...on and off. Some viruses deleted, some not...Very worried about this. Here's my latest Log...

Logfile of HijackThis v1.98.2
Scan saved at 12:35:53, on 29/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\sys32snd.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\WINDOWS\System32\msn64.exe
F:\WINDOWS\System32\vpc32.exe
F:\WINDOWS\System32\host32.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\WinDat.exe
F:\WINDOWS\system32\cmd.exe
F:\Documents and Settings\Steve Newman\Local Settings\Temp\Temporary Directory 1 for hijackthis-3.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Media service] msn64.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Windows Update] host32.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Media service] msn64.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{157BC96E-92CC-47B1-8FA4-C7651D19DE2F}: NameServer = 194.72.9.55 194.74.65.86
vikinggirl76's Avatar
Junior Member with 20 posts.
  
Join Date: May 2004
29-Sep-2004, 09:26 AM #15
Just did a clean, in safe mode, got rid of all bad files that Norton Antivirus had spotted.
Did the usual stuff, empy recycle bin afterwards etc etc.

Well, when I re-booted and went to log in I got a message saying: Could not find sys32snd.exe and looking at the HJlog I just did all the bad files are STILL there.

There must be something I am missing here, as they just seem to re-create themselves. I have never seen anything like it...
Last log, after the other mess I just did below:

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\WINDOWS\System32\msn64.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\vpc32.exe
F:\WINDOWS\System32\host32.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Messenger\msmsgs.exe
F:\Documents and Settings\Steve Newman\Local Settings\Temp\Temporary Directory 2 for hijackthis-3.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Media service] msn64.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [Windows Update] host32.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Media service] msn64.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:32 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.