Solved: Virus Problem - Worst Laptop I Have Ever Seen - Please Help!

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Hi everyone,

(This is a pretty long post so I have listed my main problems below!)

A few days ago a neighbour gave me their laptop to have a look at, they were having problems getting it to work, and it was 'really slow'.

This turned out to be an understatment, it took FOUR MINUTES to load up My Computer!
The laptop was (and still is) very very buggy, won't let me click Programs (from the start menu), and in one of the most vital things I needed, "Add/Remove Programs", the list is simply blank!

After about five hours of trawling through files at 1 mile per hour, I identified the main problem.... Kazaa!

Now from past experience I know Kazaa is a P2P file sharing software, but the gamble most people unknowingly take when they download Kazaa is the viruses that come embedded in the software, and the other ones you get when downloading music or videos.

So I set about installing my strongest and most reliable Anti-Virus software, ZoneAlarm. This was eaiser said than done though, as the laptop was very edgy about me copyng and pasting, and I did not have a wireless connection in the house!
I eventually managed to get my memory stick to show up and loaded the installation file from there.

After 15hours of scanning, ZoneAlarm found and deleted 493 VIRUSES!!

I was pretty chuffed, but after I restarted the laptop it was, although slightly better (only 2 minutes to load My Computer now!), still excruciatingly slow and buggy.

So here is my situation:
- Laptop still slow
- Can't remove programs using "Add/Remove Programs" on control panel
- Can't load up User Accounts on control panel to delete accounts (which I am told should make it faster)
- Can't use "Run"
- Can't uninstall Google Desktop, Bt Internet Help, Google Toolbar, Out of date antivirus software, MyWay search engine and many more applications that weld themselves to the task bar as I log on, and do not close when I right click on them.
- Can't copy or paste any files (larger than about 30kb, I managed to move essay in word) in the system or from memory stick.
- And to top it all off I can't get it to work in Safe Mode

I am seriously considering rebooting this laptop, but I have never rebooted a laptop before.
Also there is the issue of the personal files which will be lost, seeing as I am having difficulty transferring files to/from external drives.
Will I need the XP and Office discs to install the OS after rebooting?

If anyone has ANY hints or suggestions or solutions please post! I really don't want to reboot but if needs be then maybe someone could help me out with that process too!

(You can email me or speak to me on MSN Messenger if you prefer... joe501 at hotmail dot com)

Thanks in advance.... :)

Joe
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,665
Please do this:

· Click here to download HJTsetup.exe
· Save HJTsetup.exe to your desktop.
· Doubleclick on the HJTsetup.exe icon on your desktop.
· By default it will install to C:\Program Files\Hijack This.
· Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
· Put a check by Create a desktop icon then click Next again.
· Continue to follow the rest of the prompts from there.
· At the final dialogue box click Finish and it will launch Hijack This.
· Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
· Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
· Come back here to this thread and Paste the log in your next reply.
· DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Ok I will try what you said but the laptop might not install it right...
Meanwhile if anyone else can help please post!

Also I wont be able to get HijackThis onto memory stick until 7pm GMT sorry!

Thanks
Joe
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,665
need the hjt log to see what viruses you have, and then we can go about getting rid of them. either that, or you can reformat; that will definitely get rid of the viruses, but you will also lose all data.

You can also try to do a repair install, and create a new profile. that is not guaranteed to make the viruses go away, though.
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Is reformat the same as reboot?
And how do I do a repair install?
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,665
no, a reformat starts the hd from scratch; i.e., erases all the data off of it, then you reinstall the operating system and whatever apps you had/want.

here's the repair install.

http://www.michaelstevenstech.com/XPrepairinstall.htm

just out of curiousity, why are you leery about hjt? It's by far and away the easiest solution; you just need to let a pro take a look at it. I can tell you if something is infected, but can't tell you how to get rid of it. A pro can, and you won't have to reinstall anything.

but it's your machine, your call.
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Sorry if I came across badly about the HJT, I will give it a try, but the laptop isnt connected to the internet so I have to wait until 7pm to get my memory stick so I can transfer the file!

Thanks for the repair install link, but I am still confused on one issue.
Could someone please give me a simple man's defenition of "Reboot" and "Repair Install"
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,665
reboot means restart, as triplej stated. Repair install means totally recreating the profile, while HOPEFULLY not losing any data. You will need to reinstall all drivers, though.
 
Joined
Mar 16, 2002
Messages
13,404
first find out if owner has any important data on this pc, because trying to fix it could possibly make it completely inoperatable. IMO judging by the sound of how screwed up this pc is i would vote for a reformat and reinstall option, it will probably take much less time and frustration. the down side is that you have to have a legit copy of windows and all your drivers and programs, in addition to backing up any important data that is on hdd.
the kind folks on this site have been able to get me through a few problems of this type a few times, but they were no where near as extensive as what youre describing, pc was still working pretty well with just a few quirks and i had internet connection to pc.
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Yep I know this laptop is in pretty bad state!

Okay I managed to get HJT working! What happens now?

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 19:23:57, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard\vsserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nordsys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\syspools.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: Barefruit/SmartError - {BA12EFAD-9F3F-11DA-9387-00A0C9DA30E9} - C:\Program Files\SmartError\Plug.dll
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Winhelp] dns32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ycugrntm.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\iogsv.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] C:\Program Files\BullGuard\bgnewsag.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Frwmjc] C:\Program Files\Gyisq\Mwyd.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SmartError_updater] C:\Program Files\SmartError\SmartErrorUpdater.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKLM\..\RunServices: [Winhelp] dns32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininigo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {BA12EFAE-9F3F-11DA-9387-00A0C9DA30E9} - C:\Program Files\SmartError\Plug.dll
O9 - Extra 'Tools' menuitem: SmartError - {BA12EFAE-9F3F-11DA-9387-00A0C9DA30E9} - C:\Program Files\SmartError\Plug.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BullGuard Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BullGuard Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BullGuard\vsserv.exe" /service (file missing)
O23 - Service: BullGuard Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe" /service (file missing)
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
Ooops sorry if I posted in the wrong forum!

Valis said:

Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.

Does this mean they will post in this forum? Will they do so in the next few hours?
 
Joined
Mar 16, 2002
Messages
13,404
joe501 said:
Ooops sorry if I posted in the wrong forum!

Valis said:

Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.

Does this mean they will post in this forum? Will they do so in the next few hours?
typically the mods will switch you, dont know how long it will take, that depends on how busy they are today. It could still be a HW issue but that HJT log has to get cleaned up first
 

joe501

Thread Starter
Joined
Dec 16, 2004
Messages
100
What is the time in the states?
Do you think it is likely they will reply within 24hrs?
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top