System.exe is in Trash Bin

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
Some of you are going to think I'm an idiot. I've had a computer absolutely thrashed by a download happy niece. It's had such a high level of spyware and junk programs that it was left nearly useless.

After consistently using a "Process killer" program to kill processes and delete their ".exe" files, I was making much of headway, then came the vicious and last big hurdle. There was an .exe file that would run about 5 at once, and I don't recall the name. If I would kill it, it would then start another one. I couldn't delete it's .exe in the Windows\System32 folder because it was "in use." It's parent however was "SYSTEM.EXE" and so I did a search for it, killed it's process and then got it to the trash bin, all the while I had a 60 second countdown imposed upon my when the computer would reboot.

Upon reboot, everything looks normal until I should see a login screen, but all visible is the cursor and nothing else. If I start up in safe mode, I essentially get the same thing, and If I attempt to boot from a CD, same thing, same screen.

Do I have any recourse to get that System.exe out of the recycle bin? Is it possible with DOS command prompt perhaps?

Thanks a ton for any help from you guys here. I've had excellent help here over the years, beginning 4 or more years back when I got a vicous virus on my computer, perhaps thanks to the Department of Homeland security who now admittedly can "inject" our computers with "key logging" software. Crazy insanity.
 

jrbuergel

Jim
Joined
Jan 17, 2004
Messages
804
Hit your control/ alt/ delete keys to bring up the task manager, then click file, new task, and then type in this; explorer.exe which should bring up your desktop. Then I suggest to run the system file checker tool, click the start, run, then type; sfc /scannow , and include that space, and have your XP CD ready to put in so it can copy any needed files.
 

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
In booting over and over again, I did do a "Cntl-Alt-Delete" a few times, but only maintained the same dark screen with nothing but the cursor, even if I boot up in "safe mode." In Safe mode, once it's stopped booting, I still have a blank screen with "safe mode" written at the top of the screen.

Any chance of saving this through command or dos prompt, of which I know relatively nothing?
 

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
Click Restore? My problem is I can't get to a screen where I can see anything to "click" In the bootup, if I hit "Delete" and go into "Boot" I can click to "previous working version" but it still doesn't solve things.
 
Joined
Jul 14, 2006
Messages
3,775
If you can boot to a command prompt, you can run sfc /scannow from there.

If you can't boot to a command prompt, you can do a repair/reinstall (see the sticky first thread in this forum). That will get your system booting again, but it won't clean up your infestations--you'll have to continue that battle.
 

bearone2

Banned
Joined
Jun 4, 2004
Messages
5,809
Edmond4 said:
Click Restore? My problem is I can't get to a screen where I can see anything to "click" In the bootup, if I hit "Delete" and go into "Boot" I can click to "previous working version" but it still doesn't solve things.
i missed that part, sorry
 

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
I now have rebooted as normal, and when I get the processes open, I see that I have about 6 instances of svchost.exe running. As soon as I "Kill process" I am given 60 seconds before the computer automaticall shuts down. It shuts down before I can attempt to kill all of the instances and then actually delete svchost.exe which I think is giving me most of the problems. Any suggestions on what I might do at this point to get rid of this abominable program and what would be having it start up again as soon as it's killed, prohibiting therefore my ability to delete it?

Thanks
 

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
Here is the Log pasted in the body of this message:

Logfile of HijackThis v1.99.1
Scan saved at 4:47:56 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2hhdW4gS25hcHA\command.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\lnwin.exe
C:\Documents and Settings\Shaun Knapp\My Documents\CriticalBackupPC2005\ToolsForVirus Scanning and destroy\procexp.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe
C:\Documents and Settings\Shaun Knapp\My Documents\CriticalBackupPC2005\ToolsForVirus Scanning and destroy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\kneemgru.dll",setvm
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\testtestt.exe
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
O20 - AppInit_DLLs: gbaclgal.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\bmas.dll
O21 - SSODL: HVUWFFaeOszu - {077E0FF6-ADD4-A55C-A1AD-03CC4D550ACD} - C:\WINDOWS\system32\ftrl.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hhdW4gS25hcHA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
 

Edmond4

Thread Starter
Joined
Jun 13, 2003
Messages
170
Any thoughts on what needs to go on the Hijack this file?

I have noticed that I cannot delete Internet Explorer, to delete it's entire Folder in Program Files, I'm told that it is "running" or something is using it, even though it is not pictured running in the process pane as the screenshot indicates. Internet Explorer does not show up in the "Programs" lineup, nor does it show up in the "Add/Remove Programs" list, therefore I can't get rid of it through an "uninstall." Yet, if I use Firefox, IE pops up some crap.

Any thoughts on how to kill it and delete it and anything else here needing to go?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top