• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
bobhope

XP Restore etc not working. Spyware?

12 posts in this topic

Hi there,

 

Wondering if anyone could shed some light on the problem I have been experiencing recently. I am not sure if its a spyware/malware problem, but it might be.

 

I have read the FAQ, and followed all the advice before posting this.

 

Symptoms:

 

1. The Help and support function is inaccessible. When clicked on in the start menu, nothing happens.

 

2. System Restore does not open either, even tried opening it through msconfig. no luck. But whats strange is that when i open Task manager, rstrui.exe is there.

 

3. Internet Explorer will not open to my default home page, or any other page for that matter. Or rather IE opens, but the page is just white. Mozilla firefox works perfectly though. This is what I am currently using to post this. I've tried to type in several URL's, but the progress bar at the bottom just moves slowly and nothing ever happens. The IE Plugin for firefox also does not work.

 

What I've done to try and fix these problems, so far without any luck:

 

- I tried to change all the internet explorer settings to default in Internet options.

- I tried to see if I had perhaps disabled any needed services by mistake, but hadn't.

- Ran Lavasoft Ad-aware 6 (Fully updated)

- Ran Spybot search and destroy (Fully updated)

- Ran Combifix (Log included)

- Ran Ewido Anti Spyware (Found some things, Log included)

- Ran Hijackthis (log included)

- Could not run any of the online scans suggested because they seem to require Internet Explorer.

 

Like i said, i don't know for sure that this is spyware related, but these symptoms seemed to come out of nowhere, and i don't remember doing anything specific that could have caused them. Any help or advice would be greatly appreciated, whenever you lot have a spare moment!

 

Logs:

 

Combifix :

 

"Noe-Noe" - 2007-05-27 20:27:19 Service Pack 2 [sAFE MODE]

ComboFix 07-05.27.V - Running from: "D:\OrangeMedia\downloads\Applications\Combofix\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))

 

 

2007-05-27 19:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-27 18:47 <DIR> d-------- C:\bintheredunthat

2007-05-26 23:07 14 --a------ C:\WINDOWS\system32\SR2.dat

2007-05-26 23:05 <DIR> d-------- C:\WINDOWS\58DD514344174F43A7DD5B8B29CEDBEA.TMP

2007-05-26 19:59 <DIR> d-------- C:\Program Files\Ahead

2007-05-26 19:22 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-05-25 17:31 2,705,112 --a------ C:\WebfettiSetup2.2.60.11.exe

2007-05-25 13:51 <DIR> d-------- C:\Program Files\Tor

2007-05-25 13:35 <DIR> d-------- C:\Program Files\Privoxy

2007-05-25 12:10 <DIR> d-------- C:\Program Files\CCleaner

2007-05-22 20:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-05-22 20:27 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-05-22 19:38 1,572,864 --ah----- C:\Documents and Settings\Noe-Noe\NTUSER.DAT

2007-05-19 12:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Tor

2007-05-05 22:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.netbeans

2007-05-03 20:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

2007-05-03 20:55 <DIR> d-------- C:\Program Files\QuickTime

2007-05-02 18:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete

2007-05-02 18:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire

2007-05-02 18:35 <DIR> d-------- C:\Program Files\netbeans-4.0

2007-05-02 18:33 <DIR> d-------- C:\Program Files\JCreatorV3LE

2007-05-02 17:45 <DIR> d-------- C:\Program Files\LimeWire

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-05-27 16:17:04 -------- d-----w C:\Program Files\Ad-aware 6

2007-05-27 13:47:31 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Help

2007-05-26 21:08:29 -------- d-----w C:\Program Files\Norton SystemWorks

2007-05-26 21:08:28 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-26 21:07:02 -------- d-----w C:\Program Files\Symantec

2007-05-26 20:46:00 -------- d-----w C:\Program Files\AVG Antivirus

2007-05-26 17:35:07 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Real

2007-05-25 12:13:50 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Tor

2007-05-23 10:15:14 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\vlc

2007-05-23 09:05:13 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\TrueCrypt

2007-05-22 19:51:27 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Symantec

2007-05-22 19:38:14 -------- d-----w C:\Program Files\Copernic Desktop Search

2007-05-22 18:05:44 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\ACD Systems

2007-05-19 09:37:49 -------- d-----w C:\Program Files\Network Associates

2007-05-19 09:36:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-01 21:21:09 3,850 ----a-w C:\WINDOWS\mozver.dat

2007-04-23 17:20:21 -------- d-----w C:\Program Files\ScannerU

2007-04-23 17:16:14 -------- d-----w C:\Program Files\NewSoft

2007-04-16 15:40:10 70,129 ----a-w C:\AVG7QT.DAT

2007-04-16 15:17:26 23,424 ----a-w C:\WINDOWS\system32\drivers\avgmfrs.sys

2007-04-10 18:55:18 -------- d-----w C:\Program Files\Xilisoft

2007-03-30 10:58:13 -------- d-----w C:\Program Files\ApexDC++

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\AVG Antivirus\avgcc.exe" [2007-04-16 17:42]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"=C:\PROGRA~1\AVG Antivirus\avgw.exe /RUNONCE

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWindowsUpdate"=1 (0x1)

"NoRecentDocsMenu"=0 (0x0)

"NoFavoritesMenu"=0 (0x0)

"NoSMMyDocs"=0 (0x0)

"NoSMMyPictures"=0 (0x0)

"NoStartMenuMyMusic"=0 (0x0)

"NoRecentDocsHistory"=0 (0x0)

"NoRecentDocsNetHood"=0 (0x0)

"NoFind"=0 (0x0)

"NoRun"=0 (0x0)

"NoInstrumentation"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]

"C:\Program Files\BCWipe\BCWipeTM.exe" startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

*Newly Created Service* -AVGASCLN

 

********************************************************************

 

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-27 20:29:44

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]

"ImagePath"="\"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe\" \"--defaults-file=C:\Program Files\wamp\mysql\my.ini\" wampmysqld"

 

Completion time: 2007-05-27 20:31:18

 

--- E O F ---

 

Ewido :

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 16:32:46 28/May/07

 

+ Scan result:

 

 

 

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.

D:\System Volume Information\_restore{0B35E552-D9FA-4529-831C-8CBD5D6CD941}\RP327\A0048276.exe -> Hijacker.Befins.b : No action taken.

C:\RECYCLER\NPROTECT\00000016.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000017.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000018.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000019.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000020.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000021.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000022.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000023.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000024.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000025.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000026.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000027.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000028.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000029.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000030.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000031.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000032.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000033.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000034.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000035.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000036.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000037.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000038.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000039.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000040.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000041.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000042.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000056.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000057.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000058.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000059.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000063.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000064.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000065.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000066.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000070.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000071.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000072.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000073.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000074.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000075.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000076.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000077.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000078.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000079.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000080.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000081.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000082.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000083.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000084.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000085.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000086.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000087.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000088.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000089.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000090.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000091.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000095.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000096.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000097.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000098.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000099.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000100.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000101.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000102.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000103.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000104.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000105.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000106.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000107.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000108.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000109.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000110.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000111.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000112.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000113.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000114.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000115.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000116.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000117.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000118.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000119.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000120.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000121.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000122.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000123.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000124.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000125.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000126.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000127.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000128.y -> TrackingCookie.Yieldmanager : No action taken.

C:\RECYCLER\NPROTECT\00000129.y -> TrackingCookie.Yieldmanager : No action taken.

 

 

::Report end

 

And finally, Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:35:17, on 28/May/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: - {4f3b4aae-a050-4afd-8b56-5852fbcafe33} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: - {58ec85b7-0be0-4ce0-ba89-f4ecf8b0c4ab} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)

O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)

 

 

 

Thanks in advance.

bobhope.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

1. The Help and support function is inaccessible. When clicked on in the start menu, nothing happens.

 

Go to this link

http://windowsxp.mvps.org/startmenuhelp.htm

 

Download and run the startmenuhelp.reg file.

Just double click the .reg file and accept the change.

 

2. System Restore does not open either, even tried opening it through msconfig. no luck. But whats strange is that when i open Task manager, rstrui.exe is there.

 

Try this fix.

http://www.annoyances.org/exec/forum/winxp/t1043249447

If not sure what to do just let me know.

 

3. Internet Explorer will not open to my default home page, or any other page for that matter.

 

Start, Run, type in cmd, press enter

 

At the DOS prompt execute the following commands, one by one.

Press the enter key after each entry

 

regsvr32 urlmon.dll

regsvr32 Shdocvw.dll

regsvr32 Msjava.dll

regsvr32 Actxprxy.dll

regsvr32 Oleaut32.dll

regsvr32 Mshtml.dll

regsvr32 Browseui.dll

regsvr32 Shell32.dll

 

Type Exit press enter to return the operating mode.

 

Reboot normally.

 

Is Internet Explorer available now?

 

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: - {4f3b4aae-a050-4afd-8b56-5852fbcafe33} - (no file)

O2 - BHO: - {58ec85b7-0be0-4ce0-ba89-f4ecf8b0c4ab} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally to reset the registry.

 

Submit a fresh HijackThis log and let me know what problem remains.

Share this post


Link to post
Share on other sites

Hi there,

 

Well, thanks so much for taking the time to help me out! I really do appreciate it. Internet is amazing. Who would have thought I'd be getting direct PC troubleshooting advice from someone in Canada! Other side of the world. hehe

 

Anyway, back to business...

 

I'm did all the things you said I should do in your post, but I'm afraid, so far there has been no change.

 

- Help and support still doesn't respond.

 

- System restore is unavailable, even through msconfig, while I still see that rstrui.exe is running when I look in task manager.

 

- and internet explorer has only minimal functionality. This is where i believe there is an improvement, but I'm not sure. This computer is part of my university network, and then connects to the internet via a proxy server.

Some of the university sites on the intranet work fine, but not all of them. My homepage is one of the ones that doesn't. Also, no sites on the internet work(ie. those that i need the proxy for...tried google, facebook etc. to no avail)

 

- Another symptom that has changed or become a bit worse is the system speed. It really does seem to be slower than it was even 3 days ago when I first decided to post here. And windows seems to be using more ram than it used to. (I frequently check the task manager while doing things, mainly out of interest/curiosity, thats how I noticed. Its using about 210 mb of ram where I only remember it using 180mb or less before.)

 

 

Anyway, here is the latest HijackThis log, done after having performed all the things in your post and rebooting as you suggested :

 

Logfile of HijackThis v1.99.1

Scan saved at 20:53:42, on 31/May/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\AVG Antivirus\avgamsvr.exe

C:\PROGRA~1\AVG Antivirus\avgupsvc.exe

C:\PROGRA~1\AVG Antivirus\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG Antivirus\avgcc.exe

C:\WINDOWS\system32\Restore\rstrui.exe

D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)

O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)

 

 

Thanks again for all our efforts! Much appreciated.

bobhope

Share this post


Link to post
Share on other sites

Lets take it one step at a time.

 

1st System Restore.

 

Open HijackThis

Click: None of the above, just start the program.

Click: Config

Click: Misc Tools

Click: Open Process Manager. Look for both this process and click on Kill Process.

 

C:\WINDOWS\system32\Restore\rstrui.exe

 

Restart the computer normally.

 

Go to this site.

http://windowsxp.mvps.org/repairsr.htm

 

Execute the instructions.

 

Let me know if you can execute the instructions without any error message.

 

Submit a fresh HijackThis log for my review.

 

Let me know of the pending problems.

 

p.s. confirm to me that you are running HijackThis in Normal Mode and NOT Safe Mode.

Share this post


Link to post
Share on other sites

Hi there,

 

Well, I followed the instructions on the site, and the reinstall of System Restore was successful. I restarted the computer and then tested to see if restore was working, but it isn't...

 

I am running HijackThis in normal mode, not Safe mode. Should I be in safe mode?

 

 

Thanks for your persistence, I really do appreciate all your efforts!

 

HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:13:41, on 01/Jun/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\AVG Antivirus\avgamsvr.exe

C:\PROGRA~1\AVG Antivirus\avgupsvc.exe

C:\PROGRA~1\AVG Antivirus\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG Antivirus\avgcc.exe

D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)

O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)

Share this post


Link to post
Share on other sites

HijackThis log must be submitted in normal mode. Thats good.

 

The log is clean.

 

Your Java is outdated. Please update.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions. <- important.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Restart the computer after the installation.

 

When completed.

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

 

From the Start menu, select Run.

In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)

Select the OK button.

Follow the prompts throughout the System File Checker process.

Reboot the computer when System File Checker completes.

 

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

 

From the Start menu, select Search, select All Files and Folders.

Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.

Ensure that Search System Folders and Search Subfolders are also checked.

In the All or Part of the File Name box, type ie.inf

In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.

Click the Search button.

In the search results pane, find the ie.inf file located in Windows\Inf folder.

Right click the ie.inf file and click Install on the context menu.

Reboot the computer when the file copy process is complete.

Share this post


Link to post
Share on other sites

Hi nasdaq,

 

Well. This is a frustrating business, isn't it?! You must have alot of patience... :-) I know I've said it before, but I do appreciate all your help very much. I hope we can find a solution to this damn thing. Having said that though, from reading some of the other posts, the problems I'm having are fairly mild!

 

Anyway,

 

I uninstalled all the previous versions of Java runtime, and installed the newest one. Then I ran the other thing you had me do. I must say, I would have thought that that would have done it, but I'm afraid nothing has changed so far. Another symptom which has been there from the beginning that I think I neglected to mention is that I also cannot get into the windows user accounts through control panel. I wanted to change my passwords because one of those spyware scans earlier picked up a keylogger, but now I can't even do THAT...

 

Well, I'm not sure if you wanted another HijackThis log, because you said it seemed to be clean last time? Let me know if you need one.

 

Also, although we obviously haven't figured out the problem yet, have you got any idea what could have caused this? I mean if it wasn't spyware, and I don't remember doing anything to mess up any settings? Do things just stuff up for no reason sometimes or what?

 

*Sigh* Computers are great, but they sure do annoy me sometimes! ha ha.

 

I hope there is still something more you can think of to help. Looking forward to your reply, and thanks again!

 

bobhope

Share this post


Link to post
Share on other sites

Control Panel Does Not Open

http://support.microsoft.com/default.aspx?scid=kb;en-us;221153

Look at the Windows NT solution.

 

Or your control.exe may be damaged.

 

Go to this site.

http://www.richardthelionhearted.com/~merijn/winfiles.html#control

Download the control.exe for your XP.

 

Let me know what problem remains.

 

Share this post


Link to post
Share on other sites

Hello again,

 

I'm not sure if I wasn't clear, but the problem is not control panel itself. That works fine, and I can get into most things inside control panel, except user accounts.

 

In any event, I downloaded the fresh copy of Control.exe and put it in the windows/system32 folder, overwriting the old one, then rebooted, but alas, the problems remains...

 

Thanks for this. I'm sure you're getting a bit sick of this by now!? But I hope you can still hang in there for me. I'm sure we'll hit on a solution soon! Well, hopefully that solution is not to reinstall windows! Hopefully that would only be a last resort though.

 

Having said that, is it possible to reinstall just the windows system files, and leave all the installed programs and stuff on the hard drive intact? If thats all that could fix it, I wouldn't be opposed to it, its just that I don't have complete backups of the stuff on this computer, so formatting would be a real pain in the arse. And the reason I can't back it up now is that my nero express stopped working in the beginning of this problem, so I couldn't write any CD's or DVD's at all.

 

Thats when I tried to do a system restore and discovered all the rest of the problems. I uninstalled NERO and tried to reinstall it again, but it wouldn't install. It came up with some error about a audio olugin. I have no idea what to do about that..

 

I tried to download a newer version of NERO and install that, but it came up with the same error message..

 

Anyway, looking forward to your reply.

 

Bob Hope.

Share this post


Link to post
Share on other sites
I can get into most things inside control panel, except user accounts.

 

I Used google and search for this string "Cannot access User Accounts" no quotes.

 

I got many hits, you can have a look at it and see if you can find a solution.

Let me know if you get any error message so that I can further the search on my end.

 

I tried to download a newer version of NERO and install that, but it came up with the same error message..

Again the exact error message is your friend.

What is it?

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0