• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
MicroB

Programs aren't working or starting up

6 posts in this topic

Hi,

 

Yesterday, my father's computer got hijacked somehow.

I think it's a malware. I'm not 100% sure though.

 

He's running Windows XP PRO with SP3.

 

Basically, Windows boots up properly (except for the usual startup progs), but after that I can't seem to get any programs running.

Clicking on any shortcuts does nothing. Seems most .exe files are dead.

 

I can't run any anti-virus programs or even hijackthis.

 

I do have access to Windows Explorer, but I can't do much from there.

 

I've tried going into safe mode, but it still doesn't work. The programs just won't start up.

I also tried using a system restore, but without success.

 

I'm not sure where to start.

I haven't tried a Windows Repair Install yet.

 

Any suggestions ?

Thank you.

Share this post


Link to post
Share on other sites

Alright, I was finally able to make them work by downloading the .EXE registry file from http://www.dougknox.com/xp/file_assoc.htm.

I went into safemode and ran every single anti-virus I got.

 

Here's a cleam HJT log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:16:02, on 2009-07-01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\PC Probe II\Probe2.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\ASUS\AASP\1.00.64\aaCenter.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\DU Meter\DUMeterSvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\wuauclt.exe

D:\cc\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://cf.rd.yahoo.com/customize/ycomp/def...://cf.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237849691843

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6080 bytes

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

The log is clean.

 

Just to check further.

 

Let's use this online scanner (don't worry, it doesn't delete anything, it only detects).

 

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

 

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended

      [*]Scan Options:

      • Scan Archives

      • Scan Mail Bases

    [*] Click OK and, under select a target to scan, select My Computer

When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Kas-SaveReport-1.gif

Kas-Savetxt.gif

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

 

Please let me know what problems remains.

Share this post


Link to post
Share on other sites

Thank you for replying.

 

Here's the report:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Thursday, July 2, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Thursday, July 02, 2009 18:08:15

Records in database: 2415233

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

L:\

M:\

N:\

 

Scan statistics:

Files scanned: 193266

Threat name: 3

Infected objects: 4

Suspicious objects: 0

Duration of the scan: 01:54:51

 

 

File name / Threat name / Threats count

C:\Program Files\Foxmail\mail\Ben\trash.BOX Infected: Trojan.Win32.Agent.cjhd 1

F:\Ben\Downloads\Total Commander Ultima Prime 3.0.exe Infected: not-a-virus:PSWTool.Win32.Delf.f 1

F:\Ben\Downloads\Total Commander Ultima Prime 3.0.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2

 

The selected area was scanned.

Share this post


Link to post
Share on other sites
C:\Program Files\Foxmail\mail\Ben\trash.BOX Infected: Trojan.Win32.Agent.cjhd 1

F:\Ben\Downloads\Total Commander Ultima Prime 3.0.exe Infected: not-a-virus:PSWTool.Win32.Delf.f 1

F:\Ben\Downloads\Total Commander Ultima Prime 3.0.exe Infected: not-a-virus:C:\Program Files\Foxmail\mail\Ben\trash.BOX Infected

 

I suggest your empty your trash.box which contains some infected items.

C:\Program Files\Foxmail\mail\Ben\trash.BOX Infected

 

The Total Commander I would not run the program.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0