# Possible virus, maybe related to safe mode; computer dying

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

#### bobotheking

The other day, I restarted my computer in safe mode to see if it would get a program to work. Not only did it not work, it seems to have severely crippled my system.

The first thing I noticed (after restoring to normal boot mode) was that my GUI was very simplified-- not what it usually is for Windows XP. A simple example is that the minimize/maximize/close buttons look like the Windows 98 version rather than Windows XP. Also, more advertisements were popping up than I was used to which quickly led me to discover that my Norton Personal Firewall and SystemWorks were disabled. When I tried to open them manually, I was greeted instead with an error message which instructed me to reinstall Norton. Though I knew it wouldn't help, I tried to uninstall Norton SystemWorks but the uninstall program didn't execute properly. I then used Symantec's website instructions for uninstalling Norton manually. When I tried to reinstall it, another error message popped up and I have since been unable to install it.

Various system utilites are disabled. Device manager displays no devices. None. I attempted to use system restore to restore it to an earlier date. It instructed me to click on a date in bold but the only date in bold was from two minutes after I had destroyed my computer. I restored to that point just for the heck of it with predictable (no) results. Also, my computer doesn't detect a sound card so I can't even listen to music while I fix my computer. I'm still not sure of the full extent of the problem.

The internet is working decently (how else would I be posting this?) but certain sites aren't working. The obvious notable one is the Windows Update site. Also, when I tried to update HijackThis to post my log (I'll post it on request) I got the now familiar, "Cannot connect to server," error. Even programs like AIM don't connect properly and I'm currently using an old version-- not even the newest one-- of AIM Express to chat.

I tried to get help at CastleCops but they seem too swamped with requests to address mine quickly. I've run the following programs at their instruction with the results listed:
sfc /scannow-- nothing detected
Spybot S&D-- minor spyware found, problem not fixed
A-Squared-- did not install correctly
Trojan Hunter-- one minor problem found
HouseCall-- one malware program found

I'm at my wit's end and I'm not in the mood to reformat my hard drive. Please help! Thanks in advance!

#### dr20

Hi can you get the latest version 1.99 from another computer then transfer it to yours? It's only about 193kbs and will fit on a floppy disk. You'll need to post a log in order to see if there's anything on your system that needs fixing.

Hijack This:

#### bobotheking

Thanks. Here's my log:

Logfile of HijackThis v1.99.0
Scan saved at 6:01:01 AM, on 2/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - Default URLSearchHook is missing
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("aim.session.screenname", "bobotheking256");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.startup.homepage", "www.yahoo.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("prefs.converted-to-utf8", true);
user_pref("privacy.popups.first_popup", false);
user_pref("signon.SignonFileName", "2014572.s");
use
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\Program Files\GoZilla\Go.exe" /FIXRAS
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD80C568-F521-477B-BD2D-6E3D3890DEC3}: NameServer = 134.173.53.8,134.173.254.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)

#### dr20

You can open up Hijack This and remove the following entries:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)

O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)

Rather than do a complete reformat have you thought about a repair install of XP? You can do that without losing any data or installed programs and is a lot quicker. Here's more information in case you decide to give it a try:

http://www.michaelstevenstech.com/XPrepairinstall.htm

#### bobotheking

Okay, I'm backing up my files and I'm going to try to repair Windows XP. Hey, gives me an excuse to use my DVD burner and the 50 DVDs (250 GB of information? What was I thinking?) I bought. If the repair fails, I think I'll just reformat.

The latest thing I've noticed isn't working: the recycle bin. I have to right-click and select "Open" to open it-- double-clicking just prompts me for what program I want to use to open it. Whatever screwed up my computer, it made sure getting around would be as hard as possible short of sending me back to DOS prompt. That's what I hate about this: my computer's still quite functional, just diluted or something. I'll report back this evening.

Oh yeah, and I fixed the HijackThis problems you pointed out and (as you might expect) the problem persists.

#### dr20

You can take these entries out as well, they're non-essential:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\Program Files\GoZilla\Go.exe" /FIXRAS

Your log isn't that bad so it appears you have something else going on. Hopefully the repair will fix it for you.

#### bobotheking

Yeah, it's so weird. I would be sure it's a virus if rebooting in safe mode hadn't caused it. I mean, my symptoms seem to be that the computer still thinks it's in safe mode.

I'm about halfway through backing up my files. I'll post again (unless it's a reply to something) in about two or three hours.

#### bobotheking

Sometimes you take your pet to the vet and there's simply nothing they can do. I'm writing this because my computer has passed on.

But it will live on in the five DVDs (ignoring the six "miscarriages") it left me. I can only hope that the information I copied will bring it close to the glorious state it once was at.

I tried the system repair and it executed properly but I now get a blue screen of death as it's booting. My computer is essentially in a terminal coma. I'll try a repair restore one last time before reformating.

If my computer is dead, I want you to know that I am holding you, dr20, entirely responsible...

jk

Thank you so much just for replying. I had messages posted on several tech support forums but you were the only person to respond and, though it didn't work out, it's good to have it behind me and know what I need to do now. Thanks again.

In memory of my compy.

RIP.

#### dr20

Well I was hoping it would fix up for you, get back and let me know if the reformat works or not. By the sound of things it might be a hardware problem but not necessarily, we're talking about Windows so anything is possible.

#### bobotheking

Yup, reformat worked. Uhhh... is reformat the right word? See, all my files are still here (minus My Documents and the registry-- you know, the unimportant stuff ). I think it just reinstalled Windows. I'm sure you're more familiar with the process than I am.

I've been spending this past day reinstalling stuff. Norton is back up and running and I finally finished downloading all the necessary updates about 30 minutes ago. Since most of my files are still on the computer, I think I'm done. My desktop looks disturbingly bare. It's as if you moved all of the stuff from your house into the garage or something. I still have to reload my games, but I think I'll just do that when I want to play them.

Speaking of games, I might know what caused this mess. Two days before my computer died, I bought a gamepad. When I installed it (after reinstalling Windows), I noticed something I hadn't before-- a warning that it can cause a hardware conflict. As you pointed out, it seemed like it might have been a hardware conflict and the blue screen I was seeing was apparently related to hardware that's not native to the computer. Now, whether a device using a USB port can cause a device conflict to bring my computer to the state it was in is beyond my knowledge. But it's a theory.

I've still got a long way to go before my computer is even 75% back to the way I like it, but I'm at least glad nothing's missing.

#### dr20

Obviously something got corrupted there so a reformat is often the easiest way to fix it. Thanks for getting back and glad to see it's working again.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

As Seen On

### Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

over 807,865 other people just like you!