1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible virus, maybe related to safe mode; computer dying

Discussion in 'Windows XP' started by bobotheking, Jan 31, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    The other day, I restarted my computer in safe mode to see if it would get a program to work. Not only did it not work, it seems to have severely crippled my system.

    The first thing I noticed (after restoring to normal boot mode) was that my GUI was very simplified-- not what it usually is for Windows XP. A simple example is that the minimize/maximize/close buttons look like the Windows 98 version rather than Windows XP. Also, more advertisements were popping up than I was used to which quickly led me to discover that my Norton Personal Firewall and SystemWorks were disabled. When I tried to open them manually, I was greeted instead with an error message which instructed me to reinstall Norton. Though I knew it wouldn't help, I tried to uninstall Norton SystemWorks but the uninstall program didn't execute properly. I then used Symantec's website instructions for uninstalling Norton manually. When I tried to reinstall it, another error message popped up and I have since been unable to install it.

    Various system utilites are disabled. Device manager displays no devices. None. I attempted to use system restore to restore it to an earlier date. It instructed me to click on a date in bold but the only date in bold was from two minutes after I had destroyed my computer. I restored to that point just for the heck of it with predictable (no) results. Also, my computer doesn't detect a sound card so I can't even listen to music while I fix my computer. I'm still not sure of the full extent of the problem.

    The internet is working decently (how else would I be posting this?) but certain sites aren't working. The obvious notable one is the Windows Update site. Also, when I tried to update HijackThis to post my log (I'll post it on request) I got the now familiar, "Cannot connect to server," error. Even programs like AIM don't connect properly and I'm currently using an old version-- not even the newest one-- of AIM Express to chat.

    I tried to get help at CastleCops but they seem too swamped with requests to address mine quickly. I've run the following programs at their instruction with the results listed:
    sfc /scannow-- nothing detected
    Spybot S&D-- minor spyware found, problem not fixed
    Ad-Aware-- 28 cookies found, no viruses
    A-Squared-- did not install correctly
    Trojan Hunter-- one minor problem found
    HouseCall-- one malware program found

    I'm at my wit's end and I'm not in the mood to reformat my hard drive. Please help! Thanks in advance!
     
  2. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    Hi can you get the latest version 1.99 from another computer then transfer it to yours? It's only about 193kbs and will fit on a floppy disk. You'll need to post a log in order to see if there's anything on your system that needs fixing.

    Hijack This:
    http://www.majorgeeks.com/download.php?det=3155
     
  3. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    Thanks. Here's my log:

    Logfile of HijackThis v1.99.0
    Scan saved at 6:01:01 AM, on 2/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: # Mozilla User Preferences

    /* Do not edit this file.
    *
    * If you make changes to this file while the browser is running,
    * the changes will be overwritten when the browser exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */

    user_pref("aim.session.screenname", "bobotheking256");
    user_pref("browser.activation.checkedNNFlag", true);
    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.startup.homepage", "www.yahoo.com");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
    user_pref("dom.disable_open_during_load", true);
    user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
    user_pref("network.cookie.prefsMigrated", true);
    user_pref("prefs.converted-to-utf8", true);
    user_pref("privacy.popups.first_popup", false);
    user_pref("signon.SignonFileName", "2014572.s");
    user_pref("update_notifications.provider.0.last_checked", 1102955372);
    use
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\Program Files\GoZilla\Go.exe" /FIXRAS
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BD80C568-F521-477B-BD2D-6E3D3890DEC3}: NameServer = 134.173.53.8,134.173.254.23
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0A92E9AD-5712-484B-9A08-A0B231AA3887}: NameServer = 134.173.53.8,134.173.254.23
    O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
    O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
     
  4. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    You can open up Hijack This and remove the following entries:

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

    O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)

    O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)

    Rather than do a complete reformat have you thought about a repair install of XP? You can do that without losing any data or installed programs and is a lot quicker. Here's more information in case you decide to give it a try:

    http://www.michaelstevenstech.com/XPrepairinstall.htm
     
  5. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    Okay, I'm backing up my files and I'm going to try to repair Windows XP. Hey, gives me an excuse to use my DVD burner and the 50 DVDs (250 GB of information? What was I thinking?) I bought. If the repair fails, I think I'll just reformat.

    The latest thing I've noticed isn't working: the recycle bin. I have to right-click and select "Open" to open it-- double-clicking just prompts me for what program I want to use to open it. Whatever screwed up my computer, it made sure getting around would be as hard as possible short of sending me back to DOS prompt. That's what I hate about this: my computer's still quite functional, just diluted or something. I'll report back this evening.

    Oh yeah, and I fixed the HijackThis problems you pointed out and (as you might expect) the problem persists.
     
  6. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    You can take these entries out as well, they're non-essential:

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\Program Files\GoZilla\Go.exe" /FIXRAS

    Your log isn't that bad so it appears you have something else going on. Hopefully the repair will fix it for you.
     
  7. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    Yeah, it's so weird. I would be sure it's a virus if rebooting in safe mode hadn't caused it. I mean, my symptoms seem to be that the computer still thinks it's in safe mode.

    I'm about halfway through backing up my files. I'll post again (unless it's a reply to something) in about two or three hours.
     
  8. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    Sometimes you take your pet to the vet and there's simply nothing they can do. I'm writing this because my computer has passed on.

    But it will live on in the five DVDs (ignoring the six "miscarriages") it left me. I can only hope that the information I copied will bring it close to the glorious state it once was at.

    I tried the system repair and it executed properly but I now get a blue screen of death as it's booting. My computer is essentially in a terminal coma. I'll try a repair restore one last time before reformating.

    If my computer is dead, I want you to know that I am holding you, dr20, entirely responsible...

    jk

    Thank you so much just for replying. I had messages posted on several tech support forums but you were the only person to respond and, though it didn't work out, it's good to have it behind me and know what I need to do now. Thanks again.

    In memory of my compy.

    RIP.
     
  9. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    Well I was hoping it would fix up for you, get back and let me know if the reformat works or not. By the sound of things it might be a hardware problem but not necessarily, we're talking about Windows so anything is possible.
     
  10. bobotheking

    bobotheking Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    6
    Yup, reformat worked. Uhhh... is reformat the right word? See, all my files are still here (minus My Documents and the registry-- you know, the unimportant stuff :D). I think it just reinstalled Windows. I'm sure you're more familiar with the process than I am.

    I've been spending this past day reinstalling stuff. Norton is back up and running and I finally finished downloading all the necessary updates about 30 minutes ago. Since most of my files are still on the computer, I think I'm done. My desktop looks disturbingly bare. It's as if you moved all of the stuff from your house into the garage or something. I still have to reload my games, but I think I'll just do that when I want to play them.

    Speaking of games, I might know what caused this mess. Two days before my computer died, I bought a gamepad. When I installed it (after reinstalling Windows), I noticed something I hadn't before-- a warning that it can cause a hardware conflict. As you pointed out, it seemed like it might have been a hardware conflict and the blue screen I was seeing was apparently related to hardware that's not native to the computer. Now, whether a device using a USB port can cause a device conflict to bring my computer to the state it was in is beyond my knowledge. But it's a theory.

    I've still got a long way to go before my computer is even 75% back to the way I like it, but I'm at least glad nothing's missing.
     
  11. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    Obviously something got corrupted there so a reformat is often the easiest way to fix it. Thanks for getting back and glad to see it's working again.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325460

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice