Really jacked up computer

View previous topic View next topic Go down

Really jacked up computer

Post by stickman78 on 2nd March 2009, 4:38 pm

Hello, i have a laptop which is running WP Pro which was hit by several viruses and trojans. It started about a month ago when my antivirus stopped getting updates. the internet started getting redirected and now the internet shuts off when i go to antivirus sites and run certain antivirus programs. A friend tried to help and got a few of the registries keys removed and some of the infected files deleted. I tried to reinstall messed up parts of windows and now my print spooler and its subsystems are jacked up. PLEASE HELP.

Here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:23 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Toby Faul\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080715
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080715
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080715
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspmra.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspgnl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10286 bytes

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 5:46 pm

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see AVG8 and Trend Micro.
I would recommend that you remove AVG8 to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • AVG8

Lets see if we can find any malware.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 6:07 pm

Itried to remove avg but it was not listed. i used the uninstall tool and got this message
Local machine: prepared for the installation
Installation:
Error: Uninstallation is not possible. Product not installed.

Here is the dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by Toby Faul at 22:33:03.65 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1413 [GMT 4.5:30]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\Toby Faul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080715
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080715
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMON.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tobyfa~2\applic~1\mozilla\firefox\profiles\gqkcf6tj.default\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-16 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-16 55024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-18 298264]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-12 30312]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-2-20 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-20 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-20 677128]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-14 5120]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-2-20 334352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-20 49680]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-12-18 29181272]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-16 7408]

=============== Created Last 30 ================

2009-02-26 05:47 --d----- c:\docume~1\tobyfa~2\applic~1\Uniblue
2009-02-25 11:20 172,032 a------- c:\windows\system32\igfxres.dll
2009-02-25 11:13 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-02-25 11:13 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-02-25 11:13 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-02-25 11:13 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-02-25 11:11 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-02-25 11:10 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-02-25 11:09 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-25 11:09 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-25 11:09 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-25 11:09 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-25 11:09 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-25 11:09 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-25 11:09 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-25 11:09 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-25 11:09 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-25 11:07 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-25 11:07 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-25 11:07 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-25 11:07 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-25 11:07 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-25 11:07 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-25 11:05 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-02-25 11:05 7,168 ac------ c:\windows\system32\dllcache\bitsprx4.dll
2009-02-25 11:05 7,168 a------- c:\windows\system32\bitsprx4.dll
2009-02-25 11:04 32,768 ac------ c:\windows\system32\dllcache\icwdl.dll
2009-02-25 11:02 --d----- c:\program files\Windows Media Connect 2
2009-02-25 11:01 290,304 ac------ c:\windows\system32\dllcache\rhttpaa.dll
2009-02-25 11:01 136,192 ac------ c:\windows\system32\dllcache\aaclient.dll
2009-02-25 11:01 53,248 ac------ c:\windows\system32\dllcache\tsgqec.dll
2009-02-25 11:01 290,304 a------- c:\windows\system32\rhttpaa.dll
2009-02-25 11:01 136,192 a------- c:\windows\system32\aaclient.dll
2009-02-25 11:01 53,248 a------- c:\windows\system32\tsgqec.dll
2009-02-25 11:00 --d----- C:\spoolerlogs
2009-02-25 10:45 4,444 a------- c:\windows\system32\pid.PNF
2009-02-25 10:45 34 a------- c:\windows\system\oeminfo.ini
2009-02-25 10:31 --d----- c:\windows\setup.pss
2009-02-24 11:17 --d----- c:\docume~1\tobyfa~2\applic~1\Windows Search
2009-02-24 11:08 --d----- c:\docume~1\tobyfa~2\applic~1\SUPERAntiSpyware.com
2009-02-24 11:08 --d----- c:\windows\system32\Service
2009-02-24 09:53 --d----- c:\program files\EsetOnlineScanner
2009-02-24 08:59 --d----- c:\docume~1\tobyfa~2\applic~1\Dell
2009-02-24 08:57 --d----- c:\docume~1\tobyfa~2\applic~1\Wave Systems Corp
2009-02-24 08:57 --d----- c:\documents and settings\Toby Faul
2009-02-24 05:33 86,016 a----r-- c:\windows\system32\cnm50.tmp
2009-02-22 22:58 a-dshr-- C:\cmdcons
2009-02-22 20:47 --d----- c:\windows\ServicePackFiles
2009-02-22 20:43 33,656 a------- c:\windows\system32\sprecovr.exe
2009-02-22 20:42 19,569 a------- c:\windows\002809_.tmp
2009-02-22 20:39 141,312 ac------ c:\windows\system32\dllcache\sessmgr.exe
2009-02-22 20:36 60,937 a------- c:\windows\setupapi.old
2009-02-22 20:35 --d----- c:\windows\system32\CatRoot_bak
2009-02-22 11:54 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-22 08:54 86,016 a----r-- c:\windows\system32\cnmC8.tmp
2009-02-21 22:58 86,016 a----r-- c:\windows\system32\cnm51.tmp
2009-02-20 07:24 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-20 07:24 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-02-20 07:23 --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-02-20 07:16 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-02-20 07:16 1,195,448 a------- c:\windows\system32\drivers\vsapint.sys
2009-02-20 07:16 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-02-20 07:16 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-02-20 07:16 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-02-20 07:16 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-02-20 06:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-20 05:26 --d----- c:\program files\SUPERAntiSpyware
2009-02-20 05:11 161,792 a------- c:\windows\SWREG.exe
2009-02-20 05:11 98,816 a------- c:\windows\sed.exe
2009-02-19 10:29 --d----- c:\windows\pss
2009-02-19 10:09 --d----- c:\windows\ERUNT
2009-02-19 06:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-19 03:43 118 a------- c:\windows\system32\MRT.INI
2009-02-19 03:40 --d----- c:\windows\SQL9_KB960089_ENU
2009-02-19 02:28 1,024,186 a------- c:\windows\system32\commonpriv.log.1
2009-02-19 02:28 1,024,174 a------- c:\windows\system32\commonpriv.log.3
2009-02-19 02:28 1,024,102 a------- c:\windows\system32\commonpriv.log.2
2009-02-19 02:28 0 a------- c:\windows\system32\commonpriv.log.lock
2009-02-18 10:34 --d-h--- C:\$AVG8.VAULT$
2009-02-18 10:21 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-18 10:21 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-18 10:21 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-18 10:21 --d----- c:\windows\system32\drivers\Avg
2009-02-18 10:21 --d----- c:\program files\AVG
2009-02-18 10:21 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-18 09:15 12,855 a------- c:\windows\system32\76eff59ebb.ax
2009-02-18 08:48 27,136 a------- c:\windows\system32\lspgnl.dll
2009-02-18 08:48 27,136 a------- c:\windows\system32\lspmra.dll
2009-02-18 08:42 --d----- c:\program files\Uniblue
2009-02-18 08:42 -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}

==================== Find3M ====================

2009-02-25 11:03 24,956 a------- c:\windows\system32\emptyregdb.dat
2009-02-22 09:37 87,643 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 22:33:25.45 ===============

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 6:16 pm

Hello.
The DDS log looks okay, but I think I know the reason that your AV isn't getting updates. Before we go down that road, AVG IS present on the machine, so lets get an installed items list.

  • Open HijackThis
  • Click "Open the Misc Tools section"
  • Click "Open Uninstall Manager"
  • Click "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 9:26 pm

AVG is not the anti-virus that is trying to update. Trend Micro is. it won't update and now my FireFox won't connect to internet. but here is the log you requested

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 Plugin
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
biolsp patch
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Canon iP90
Conexant HDA D330 MDC V.92 Modem
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ESET Online Scanner
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
Gemalto
GemSafe Standard Edition 5.1
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows XP (KB915800-v4)
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU TCG Software Stack
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Security Wizards
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware Free Edition
Trend Micro Internet Security
Trend Micro Internet Security
Trusted Drive Manager
tsp patch
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB955839)
upekmsi
Wave Infrastructure Installer
Wave Support Software
Windows Essentials Media Codec Pack 1.0
Windows Media Format Runtime
Windows Search 4.0

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 9:36 pm

Hello.
Lets do a rootkit search.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 10:05 pm

here is the Avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 10:14 pm

Okay, no rootkits.
Try uninstalling Trend Micro, and install it again.
Or switch to another AV, see what difference it makes.

Let me know which option you want to go for.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 11:12 pm

The computer had to reboot during the uninstall and when it started i got a message that the spooler sub system had to shut down. i closed the box and tried to open trend micro and It shuts down as soon as i try to get it started. The internet is shutting down every time i try to get online. had to switch to the home computer.

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 11:17 pm

I see you are running Uniblue Registry Booster.
Running programs that alter/clean the registry can do serious damage should they pick out a needed registry key as un-needed.

I don't see any malware here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 11:38 pm

My neighbor ran some programs to get rid of Vondu. and tdss. Thats what started the mess. I'm not exactly sure but i think he said something about go.google. He is out of town and my computer is still jacked.

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 11:47 pm

That could be the problem.
Whoever cleaned of tdss might have done this.

The TDSS rootkit doesn't like to go down without a fight, I see the recovery console is installed here, meaning Combofix was run. There was probably some serious damage done in doing so.

What printer do you use? updating the drivers may fix it if the drivers are corrupt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 2nd March 2009, 11:51 pm

The printer ia a cannon IP90. I unistalled and re-installed it> during the install process, it would shut down. Now i get Print spooler and Spooler Sus_system errors. Internet is back up after a reboot but still won't let me access certain websites. What is the bottom line for repair, or better yet is there hope for repair without ref-ormat?

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 2nd March 2009, 11:55 pm

Hello.
Not allowing access to certain websites, are you trying to access them via Google search or typing the URL in directly?

I can see Firefox is installed, there are two common hijackers targeting Firefox only.

Repair mode needs an XP disc to access the repair install part.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 3rd March 2009, 12:12 am

What is my best option at this point? oh.. internet explorer doesn't even come up when i try t open it. Firefox is the only one i can get to work. By the way, I REALLY appreciate your help and patience.

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Really jacked up computer

Post by Belahzur on 3rd March 2009, 12:14 am

Well if you have your XP disc, there is two options.

Repair install - This will replace all needed files of Windows, but won't touch your stuff so nothing will go missing.
Reformat - You will have to backup any of your stuff you want to keep, because formatting will wipe everything. (including any malware hiding)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Really jacked up computer

Post by stickman78 on 3rd March 2009, 12:19 am

I'll try the reinstall and see what happens. if it doesn't then i guess reformat is only option?

stickman78
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-03-02
OS OS : windows wp pro
Points Points : 28380
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum