1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System.exe is in Trash Bin

Discussion in 'Windows XP' started by Edmond4, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    Some of you are going to think I'm an idiot. I've had a computer absolutely thrashed by a download happy niece. It's had such a high level of spyware and junk programs that it was left nearly useless.

    After consistently using a "Process killer" program to kill processes and delete their ".exe" files, I was making much of headway, then came the vicious and last big hurdle. There was an .exe file that would run about 5 at once, and I don't recall the name. If I would kill it, it would then start another one. I couldn't delete it's .exe in the Windows\System32 folder because it was "in use." It's parent however was "SYSTEM.EXE" and so I did a search for it, killed it's process and then got it to the trash bin, all the while I had a 60 second countdown imposed upon my when the computer would reboot.

    Upon reboot, everything looks normal until I should see a login screen, but all visible is the cursor and nothing else. If I start up in safe mode, I essentially get the same thing, and If I attempt to boot from a CD, same thing, same screen.

    Do I have any recourse to get that System.exe out of the recycle bin? Is it possible with DOS command prompt perhaps?

    Thanks a ton for any help from you guys here. I've had excellent help here over the years, beginning 4 or more years back when I got a vicous virus on my computer, perhaps thanks to the Department of Homeland security who now admittedly can "inject" our computers with "key logging" software. Crazy insanity.
     
  2. jrbuergel

    jrbuergel

    Joined:
    Jan 17, 2004
    Messages:
    800
    First Name:
    Jim
    Hit your control/ alt/ delete keys to bring up the task manager, then click file, new task, and then type in this; explorer.exe which should bring up your desktop. Then I suggest to run the system file checker tool, click the start, run, then type; sfc /scannow , and include that space, and have your XP CD ready to put in so it can copy any needed files.
     
  3. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    In booting over and over again, I did do a "Cntl-Alt-Delete" a few times, but only maintained the same dark screen with nothing but the cursor, even if I boot up in "safe mode." In Safe mode, once it's stopped booting, I still have a blank screen with "safe mode" written at the top of the screen.

    Any chance of saving this through command or dos prompt, of which I know relatively nothing?
     
  4. bearone2

    bearone2 Banned

    Joined:
    Jun 4, 2004
    Messages:
    5,809
    rt click/restore
     
  5. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    Click Restore? My problem is I can't get to a screen where I can see anything to "click" In the bootup, if I hit "Delete" and go into "Boot" I can click to "previous working version" but it still doesn't solve things.
     
  6. bbearren

    bbearren

    Joined:
    Jul 14, 2006
    Messages:
    3,775
    If you can boot to a command prompt, you can run sfc /scannow from there.

    If you can't boot to a command prompt, you can do a repair/reinstall (see the sticky first thread in this forum). That will get your system booting again, but it won't clean up your infestations--you'll have to continue that battle.
     
  7. bearone2

    bearone2 Banned

    Joined:
    Jun 4, 2004
    Messages:
    5,809
    i missed that part, sorry
     
  8. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    I now have rebooted as normal, and when I get the processes open, I see that I have about 6 instances of svchost.exe running. As soon as I "Kill process" I am given 60 seconds before the computer automaticall shuts down. It shuts down before I can attempt to kill all of the instances and then actually delete svchost.exe which I think is giving me most of the problems. Any suggestions on what I might do at this point to get rid of this abominable program and what would be having it start up again as soon as it's killed, prohibiting therefore my ability to delete it?

    Thanks
     
  9. bbearren

    bbearren

    Joined:
    Jul 14, 2006
    Messages:
    3,775
    svchost.exe is a Windows process, not a virus. There may be multiple instances of svchost running at any given time. Check this page:

    http://support.microsoft.com/kb/314056

    You need to run HijackThis and post a log file for the experts.
     
  10. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    I've attached a Hijack This log, and also a screen shot of the other program showing the processes running
     

    Attached Files:

  11. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    Here is the Log pasted in the body of this message:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:47:56 PM, on 1/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\U2hhdW4gS25hcHA\command.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\WINDOWS\system32\lnwin.exe
    C:\Documents and Settings\Shaun Knapp\My Documents\CriticalBackupPC2005\ToolsForVirus Scanning and destroy\procexp.exe
    C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe
    C:\Documents and Settings\Shaun Knapp\My Documents\CriticalBackupPC2005\ToolsForVirus Scanning and destroy\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
    O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
    O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\kneemgru.dll",setvm
    O4 - HKLM\..\RunServices: [winsock32] winsock32
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\testtestt.exe
    O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
    O20 - AppInit_DLLs: gbaclgal.dll
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\bmas.dll
    O21 - SSODL: HVUWFFaeOszu - {077E0FF6-ADD4-A55C-A1AD-03CC4D550ACD} - C:\WINDOWS\system32\ftrl.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hhdW4gS25hcHA\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
     
  12. Edmond4

    Edmond4 Thread Starter

    Joined:
    Jun 13, 2003
    Messages:
    170
    Any thoughts on what needs to go on the Hijack this file?

    I have noticed that I cannot delete Internet Explorer, to delete it's entire Folder in Program Files, I'm told that it is "running" or something is using it, even though it is not pictured running in the process pane as the screenshot indicates. Internet Explorer does not show up in the "Programs" lineup, nor does it show up in the "Add/Remove Programs" list, therefore I can't get rid of it through an "uninstall." Yet, if I use Firefox, IE pops up some crap.

    Any thoughts on how to kill it and delete it and anything else here needing to go?
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537042

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice