MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Need Help!
October 17, 2019, 05:48:43 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 17, 2019, 05:48:43 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Need Help!  (Read 1122 times)
Joanne
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 54



Bookmark and Share

View Profile
« on: December 06, 2004, 09:34:15 PM »

Operating System Version: Windows XP SP2

Alrighty, I'm posting this here because i'm really not sure what would've caused this problem, and from experience, it always seems to be some type of worm, or virus :|
Computer has been working fine for the past few weeks, and then a few days ago I notice that when i click on 'my documents' (in the xp start menu) it opened an almost blank folder.
After thinking about it (knowing i didnt delete anything!) i went in via. my computer and all my documents were there, it's just for some reason the root folder had been changed.
My bookmarks were also gone, which after searching for I found located in C:\Documents and Settings\Jo\Favorites. but it seems the new folder it wishes to retrieve the favorites from is: C:\WINDOWS\Favorites.
This just confuses me because I do not know how to fix the bookmark 'target location' and i just have no idea what would have done this.
After this happened, I tried to do system restore (which has NEVER worked on my machine) which of course, didn't work. I looked up a few things on it, and some info sites said to try doing it in safe mode. Tried and it still failed. While I can deal with this, I would like to get my system restore working, Does anyone have any idea why this wouldn't work at all?

Also, another dumb question. I wouldn't ask if I really didnt know but, logging into xp in safe mode, it asked me if i wanted to log in as 'Jo' (me) or Admin, i logged in as Admin after guessing the passwords, and I dont know if this is a default account which just doesnt show up in the 'user accounts', but now I have Admin in 'Documents and settings'. Is that normal? Because i've never noticed it before.
One more thing before I go, incase it has something to do with the rest. My computer WAS registered to "Jo" but seems to have changed to my mother's name, now seems quite funny to me, but how the hell would that happen!!

I've ran Spybot, Ad-aware and Norton without finding any problem :x
Help is appeciated! Smiley
Logged
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: December 07, 2004, 12:09:45 AM »

Download hijack this
www.tomcoyote.org/hjt
post your log here
Logged

John Vickers
Joanne
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 54



Bookmark and Share

View Profile
« Reply #2 on: December 07, 2004, 12:43:57 AM »

Here's the log. thanks for the help!

Logfile of HijackThis v1.98.2
Scan saved at 11:43:48 AM, on 12/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\StardockWindowBlinds\wbload.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus\MsgPlus.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=KarmaDivision
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PC Booster] \\Lizzard\PC BOOSTER\PCBoost.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: LimeWire 4.0.8 Pro.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097458858747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab

« Last Edit: December 07, 2004, 06:37:56 AM by Joanne » Logged
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: December 07, 2004, 07:07:20 AM »

Here's something for you too try for System Restore...

In Windows XP, System Restore will sometimes not restore the system back to an earlier date. The reason for this might be that the System Restore Service is not enabled. Before running the System Restore program - this service should be enabled.
To enable this service perform the following steps -

1. Click on Start and then Control Panel
2. Click Performance and Maintenance, and then click on Administrative Tools.
3. Double Click on Services. A window listing all the services opens.
4. Double click the service System Restore Service.
5. In the Start Type drop down menu, choose Automatic.
6. Click OK, and then close all windows and restart the system.

Additionally, one may refer to the following link to troubleshoot System Restore:

http://support.microsoft.com/default.aspx?scid=kb;en-us;302796

The above link explains
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Joanne
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 54



Bookmark and Share

View Profile
« Reply #4 on: December 07, 2004, 07:21:19 AM »

Thanks for the reply Cactus Smiley
It is on, i've checked it many times, just doesnt seem to work Sad the microsoft site doesn't really help either Sad Im not sure if this will help, but it wont do any harm to post:

"A restoration to "System Checkpoint" restore point failed.  No changes have been made to the system.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."

Thats the message I get when i try, always the same.
My brother has a similar computer, and has never had any trouble.
I bought my computer off the internet, and when I got it, it had a few problems. The video card was stuffed, and the motherboard apparently faulty. These were eventually fixed but I think the guy I bought it off wasn't such an honest person, and only fixed what I had noticed (EVEN tried to send it back with a radeon 9200 videocard when I sent it in with a 9800!!). Im not sure, but could that be in any way causing it? I have reformatted once, and it never worked pre that either.
I'd appeciate any info, but understand if you dont know Tongue

EDIT: Does my hjt log look alright? just to rule out any spyware.
« Last Edit: December 07, 2004, 03:35:18 PM by Joanne » Logged
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: December 07, 2004, 07:21:40 PM »

Your logfile looks ok as far as Trojan's but Limewire is Bundled with ADWARE.
There are better P2P file sharing Apps such as Kaaza Lite.
Follow these removal steps to remove this adware from your computer:

Open the LimeWire folder.
Then open the folder UninstallerData.
Double click the incon named Uninstall LimeWire or something alike.
Follow the on screen prompt to uninstall the program.

If you only want to remove the ad banner from LimeWire, try the following steps:

Close running LimeWire application. To do this, open Task Manager ( press CTRL+ALT+DEL ), from the processes list, select and terminate the process limeshop.exe .
Open the folder C:\Program Files\LimeWire.
Delete the file 'Cbanner2.dll' and 'ads.war'.
Restart LimeWire.


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 31, 2018, 03:58:49 PM