|
|
| |||||||
| Security and Privacy Spyware , Proxies , all security and privacy issues and software. |
 |
| | LinkBack (2) | Thread Tools | Search this Thread | Display Modes |
01-09-08, 04:17 PM
|
 #1 (permalink)
|
| Premium Member  iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
 |  computer problem reemoving a trojan or virus hi everyone, i need some help removing a trojan or some virus ,i downloaded a file and now im locked out of my control panel ,im also unable to access my c and d drives as well my networks connections etc .also the computer is failing to validate xp pro now which is a genuine lic and key. im running xp pro sp 3 ,my pc is a duo core which i only got built in may .my antivirus at the moment is avg 8 which woirks fine for me ,at the botton where the clock is its saying virus alert .i can still use this computer on the net but with limited access such as no add remove programs ,where control panel supposed to be it shows me the taskbar and menu section, i was wondering besides re format is there anyway of restoring this ,system restore is turned off .thanks hamguy2 nsw |
|  |
|
01-09-08, 04:23 PM
| #2 (permalink) |
| Super Moderator  |  First step would be starting in safe mode (tap F8 on boot) and see if you can get your add/remove back and uninstall what you installed. Also check out this thread Malware Removal and Prevention for step by step removal instructions. |
|
| |
|
01-09-08, 04:24 PM
| #3 (permalink) | ||
| Super Moderator  iTrader: (30) Join Date: Jan 2008 Location: Newcastle
Posts: 874
Spent time on board: 1 Month, 2 Weeks, 5 Days and 5:12:17
| Quote:
If it's "working fine" for you, then why are you in the predicament that you find yourself in at the moment  Quote:
__________________ FS:- DM7020 - $525 DM500S $170 , DM500 2A PSU, $25ea... DM500 mobo - $130 - Free domestic express post PM for details   | ||
| |
| Sponsored Links | |
| | |
|
01-09-08, 04:32 PM
| #4 (permalink) |
| Premium Member iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
|  no go still hi i have no access to add and remove programs, no access to network connection or control panel ,i tried runmning in safemode with networking which im still in ,all thse programs they want you to pay for except avg 75% dont work ive tried them all over many years ,thanks hamguy2 nsw |
|
| |
|
01-09-08, 04:41 PM
| #5 (permalink) |
| Super Moderator | Moved your post here... what are "all thse programs they want you to pay for except avg 75% dont work ive tried them all over many years" if you are referring to the site I referred you to Malware Removal and Prevention: Overview - CastleCopsWiki there is nothing to pay, all are free or trial. The first step is to run Hijackthis and if you post the log here or analyse it yourself we can start working out what has stuffed up your computer. Malware Removal: Reference HijackThis Log - CastleCopsWiki |
|
| |
|
01-09-08, 04:43 PM
| #6 (permalink) | |
| Premium Member  | Quote:
1: if you can start the machine in safe mode just do a system restore 2: the reason most programs that are free is because they are CRAP could explain the position you are in 3: pay for a premium membership and you will find a few programs in there with the help needed to make them work properly that could get you out of trouble you are in now | |
|
| |
| Sponsored Links | |
| | |
|
01-09-08, 04:47 PM
| #8 (permalink) | |
| Member  iTrader: (0) Join Date: Feb 2008 Location: Where I live
Posts: 73
Spent time on board: 1 Day and 16:14:57
| Quote:
 | |
|
| |
|
01-09-08, 04:49 PM
| #9 (permalink) |
| Premium Member iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
|  im not a com expert hi im not a computer expert likes yous are on here. so i dont know what to trick or not tick i think reformat maybe the easiest i dont fix comps i just use them ,i dont have a degree in computers ,thx hamguy2 |
|
| |
| Sponsored Links | |
| | |
|
01-09-08, 05:18 PM
| #16 (permalink) |
| Premium Member iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
| Please help us improve HijackThis by reporting this error Click 'Yes' to submit Error Details: An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load) Error #5 - Invalid procedure call or argument Windows version: Windows NT 5.01.2600 MSIE version: 7.0.5730.11 HijackThis version: 2.0.2 |
|
| |
|
01-09-08, 05:26 PM
| #17 (permalink) |
| Premium Member iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
| Please help us improve HijackThis by reporting this error Click 'Yes' to submit Error Details: Please help us improve HijackThis by reporting this error Click 'Yes' to submit Error Details: An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load) Error #5 - Invalid procedure call or argument Windows version: Windows NT 5.01.2600 MSIE version: 7.0.5730.11 HijackThis version: 2.0.2 An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load) Error #5 - Invalid procedure call or argument Windows version: Windows NT 5.01.2600 MSIE version: 7.0.5730.11 HijackThis version: 2.0.2Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18: VIRUS ALERT!, on 1/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = LyngSat - Lyngemark Satellite R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {74858025-3783-4B16-AF40-9FCB7DDEF7C7} - C:\WINDOWS\system32\khfcApPj.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: (no name) - {5371FF76-9602-4029-9626-BE8CD757EB36} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CP.EXE /F "C:\WINDOWS\TEMP\E_S7F.tmp" /EF "HKLM" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "d:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [E06AXLRD_1159484] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212384378187 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213159615640 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0024538.dat,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - d:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe O23 - Service: afisicx Corporation inc. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: macidwe - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: noxtcyr Manages messages (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: roxtctm Portable Media Serial Service (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: sotpeca Co. Ltd. (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe O23 - Service: tdxdowkc - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe -- End of file - 10862 bytes |
|
| |
|
01-09-08, 05:31 PM
| #18 (permalink) |
| Premium Member iTrader: (-1) Join Date: Jan 2008 Location: newcastle nsw
Posts: 369
Spent time on board: 1 Week, 2 Days and 6:28:43
| im not very tech minded hi im not very technically minded when it comes to computers ,i just learnt how to copy and paste 2 years ago ,thanks hamguy2 nsw |
|
| |
| Sponsored Links | |
| | |
|
LinkBacks (?)
LinkBack to this Thread: http://www.austech.info/security-privacy/10574-computer-problem-reemoving-trojan-virus.html | ||||
| Posted By | For | Type | Date | |
| Security and Privacy [Archive] - Austech | This thread | Refback | 05-09-08 09:22 PM | |
| Austech - Powered by vBulletin | This thread | Refback | 01-09-08 04:56 PM | |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
