1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Reformat?

Discussion in 'Windows XP' started by rez410, Jan 27, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok I have a bunch of crap (virus') on my computer and i am in the process of tryin to fix it. i.e. spybot, ad-aware, spyblaster, and HJT. One problem im havinf is that i cant go to any web pages. so i have to do all this then bring the results to work so neeedless to say its taking some time. well anyway i was wondering since my computer is pretty new would it be ok to save the few things i wanna keep on a flash disk and reformat and reinstall windows media center edition? Or would last known good configuration do the trick (get all the crap off)?
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Reinstall Windows. Last good configuration will not fix viruses.
     
  3. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok i got my computer refurbed and it didnt come with them cd's. can i do this in windows or any other way?

    I have xp media center edition ...incase that matters
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Didn't come with what cds? :confused:

    I'm not familiar with XP Media center, but I would imagine the cd is bootable no?
     
  5. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    i thought when you buy a computer it came with a cd to reinstall windows or whatever??
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Yes, and even a refurbished system, you should have received something. Where did you buy it?
     
  7. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    i bought it from J&R

    www.jr.com


    and there is a chance that i have misplaced it in my two moves
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Ok, they seem to be a reputable firm. You seem to have yourself between a rock and a hard spot. Without an install cd, you don't want to reformat, so you're going to have to work at getting rid of the viruses.

    You might start with posting a Hijack This log for review.
     
  9. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok well i will DL HJT tomorrow and bring my log to work with me and post it. I have to bring it to work b/c i cant get to any web pages.

    I got all the viruses b/c i have a $4/month isp i dont have ANY ant-virus and i am using IE. :eek:

    After i fix the problems i plan to use
    avast anti-virus
    firefox
    google tool bar

    Do think this will keep me in the clear or should i change/add some things?
     
  10. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    WINSOCK2 FIX
    =============
    If you can't access the Internet with programs like IE, Outlook Express, or other web browsers, you may have corrupted Winsock entries.

    To Remove the existing winsock2 registry entries (regardless of the OS) run:
    http://www.onecomputerguy.com/reg/xp_del_winsock.reg


    To add WindowsXP clean entries back in again, run:
    http://www.onecomputerguy.com/reg/xp_winsock.reg

    WINDOWSXP with SP2

    There is a new command you can run with SP2 which will reset the Winsock2 registry entries back to their default setting:
    netsh winsock reset catalog

    TCP/IP RESET
    =============
    If you need to reset the TCP/IP protocol stack with XP you need to run a small script:

    netsh int ip reset [ log_file_name ]

    the log_file_name needs to be specified.
    e.g. - netsh int ip reset ip_reset.txt
     
  11. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    well what i mean by cant go to any pages is...

    whenever i type ion the web address like ww.yahoo.com the "cannot be displayed" window comes up. and where i typed the address it is changed to http:///020%yahoo.com or something very close to that. and of course that isnt a real page but thats what its tryin to go to. once in a blue moon it will go through but that would be one page and then tryin to get to the next page is the same thing. Is that a symptom of the winsock thing?
     
  12. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    rez410,

    Since it's so easy to do, as a test, have you tried either either the Winsock or TCP/IP fix previously posted?
     
  13. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    bob,

    no i have not done this yet. I am at work at the moment. how should i do this on my pc given the situatuation of not being able to go to any websites?
     
  14. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    Since they are so small, just copy the Reg files to a floppy
     
  15. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok heres my log

    Logfile of HijackThis v1.99.0
    Scan saved at 2:28:48 PM, on 1/28/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wupdmngr32.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\System32\navprotect.exe
    C:\WINDOWS\System32\winusb.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\ijttfl.exe
    C:\WINDOWS\System32\spoolvse.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\mcafeshield.exe
    C:\WINDOWS\System32\navupdaters.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtisp.com/start
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.197.153.197 idenupdate.motorola.com
    O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\Run: [msproject] C:\WINDOWS\System32\winusb.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DfcICqGx] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [0H0TbZRF] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [start extracting] spoolvse.exe
    O4 - HKLM\..\Run: [¢‰¸u0–4C
    }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [start extracting] spoolvse.exe
    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008ABUS_ZSzeb00847US
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O23 - Service: ivr - Unknown - C:\WINDOWS\System32\wupdmngr32.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: CTI Central Management - Unknown - C:\WINDOWS\cti.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: regdll - Unknown - C:\WINDOWS\System32\regdll.exe
    O23 - Service: zzzxDeMe - Unknown - C:\WINDOWS\System32\zzzx3mwp.exe
    O23 - Service: zzzxIPSPEC - Unknown - C:\WINDOWS\System32\zzzxeitn.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324158

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice