1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Shortcuts and Exe's messed up (maybe a virus)

Discussion in 'Windows XP' started by thew00, Aug 6, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    Well, i have a major problem with windows... all the shortcuts dont link to the programs anymore, if i click on them all they show is the list of programs i could use for them. Its on with EVERY shortcut. The Icon only shows a broken Window, which means its a broken file or w/e. Besides that i cant directly start the Exe's. I have to use the console (cmd) to start them. Windows wont let itself reinstall, and i dont want to format, so is there some kind of solution where i can keep all my data? Because it doesnt seem that the Programs are broken, just something in the Windows dir. I dont know what to do anymore, ive tried about anything i could come up with and i didnt find any similar problems in any forums. If you need more infos just ask, i just need some help getting my windows straight.

    And sorry if my english isnt that good, im german. :)

    The most programs seems like they work if they start them with cmd, just some dont work as good, like games.
     
  2. Jakbrud

    Jakbrud

    Joined:
    May 18, 2004
    Messages:
    320
  3. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    no, but an virus scan application on my hdd, it showed only 2 trojans, nothing severe, doing the online check now, gonna report when its done
     
  4. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Filename = 1137518044HJTsetup.exe
    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Open a TechSupportGuy forum Reply window under Internet & Networking in Security for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    At the top of your TSG/browser window, hit Edit then Paste
    You should see your copied Hijackthis log appear in the reply space....then, submit the reply and copy and paste the link in the address bar back to the original thread you were in.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. Jakbrud

    Jakbrud

    Joined:
    May 18, 2004
    Messages:
    320
    Most of the time, i try to avoid hijack this because it is usually overkill and it is very complicated.
     
  6. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    Well, i have a major problem with windows... all the shortcuts dont link to the programs anymore, if i click on them all they show is the list of programs i could use for them. Its on with EVERY shortcut. The Icon only shows a broken Window, which means its a broken file or w/e. Besides that i cant directly start the Exe's. I have to use the console (cmd) to start them. Windows wont let itself reinstall, and i dont want to format, so is there some kind of solution where i can keep all my data? Because it doesnt seem that the Programs are broken, just something in the Windows dir. I dont know what to do anymore, ive tried about anything i could come up with and i didnt find any similar problems in any forums. If you need more infos just ask, i just need some help getting my windows straight.

    And sorry if my english isnt that good, im german.

    The most programs seems like they work if they start them with cmd, just some dont work as good, like games.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:55:46 PM, on 8/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Trillian\trillian.exe
    C:\dIRC\mirc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.173.26.4:3128
    R3 - Default URLSearchHook is missing
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132530398557
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132530384010
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D006D71B-3C15-452D-B965-7FC566A99178}: NameServer = 68.1.18.237,68.1.18.30,68.10.16.30
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CFSService - Protect Folder Plus Team - C:\Program Files\Protect Folder Plus\CFSSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  7. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    I agree but I do not worry about it since we have the best experts on the web residing here at Tech Guys. HijackThis is the best way to find out and get it fixed and you can not beat the price. It is free!
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Hi and welcome to TSG,

    I've merged both of your threads here. Please do not start a new one for the same problem.

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  9. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    i usually cant start exe's directly, i have to open it with the cmd, just to let you know.
    its part of the problem

    installed and rebooting now, will report when scan is complete
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    OK, that's fine. :)
     
  11. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    --------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:06:15 PM 8/7/2006

    + Scan result:



    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00429.XBTB00429Toolbar -> Adware.CramToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FDE0CB5-619F-4227-8961-F2D7ED15B88E} -> Adware.CramToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-73586283-448539723-725345543-1003\Software\XBTB00429\Toolbar -> Adware.CramToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-73586283-448539723-725345543-1003\Software\XBTB00429\Toolbar\Historycombo -> Adware.CramToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-73586283-448539723-725345543-1003\Software\XBTB00429\Toolbar\tb_items -> Adware.CramToolbar : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\thew00\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Program Files\SmartFTP\DrugFXP\progs\s\hvlscan.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Cleaned with backup (quarantined).


    ::Report end
     
  12. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    doing the pandascan now
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
  14. thew00

    thew00 Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    8
    A little more Research helped :)
    Easy Solution, there was a problem in the Registry

    http://www.annoyances.org/exec/show/article07-102

    thanks for the help and i hope i can help out other people in the future with the same problem who find this thread.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    That's good. Something caused the change though, probably malware. As you can see Ewido found some. It would be best to post the Panda ActiveScan log as well.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490034

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice