| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69228 | 2006-05-26 05:39:00 | WHATS GOING ON??????? | av4tarnz (5829) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 457868 | 2006-05-26 05:39:00 | When I first turned on my computer today an unfamiliar system restore program started up instead of XP, and I was unable to esacpe it . On completion of the restore and restart, the same program appeared again!!!! OK now XP is running, however for some reason my computer is starting up with a display of 800 x 600 resolution and 4bit colour scheme . Windows detects that a low screen setting has been selected and asks if I want it fixed, but nothing happens . Going into the display properties I am unable to change the settings myself . I am unable to reach the Control Panel from the Start Menu to run the default System Restore program, if it can help at all . My computer is also running unreasonalbly slow, taking eternity to start up or do anything . I suspect a virus has found it's way onto my computer however nothing is detected when a scan is done . Does anyone recognise any of these symptoms and give any solutions? :badpc: Thanks Av4tarnz |
av4tarnz (5829) | ||
| 457869 | 2006-05-26 05:42:00 | Get the file in my sig below. We'll see what comes up in the log. | Speedy Gonzales (78) | ||
| 457870 | 2006-05-26 05:45:00 | deatils of pc please. more precisely is it a brand name pc eg dell, hp etc ? | tweak'e (69) | ||
| 457871 | 2006-05-26 06:02:00 | I expect that my computer is riddled with nasties, as anti spyware software isn't regularly run I'm running Ad Aware at the moment, but I have run the Hijack program. This was the result: Logfile of HijackThis v1.99.1 Scan saved at 4:52:24 p.m., on 26/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\program files\valve\steam\steam.exe C:\Program Files\TBONBin\tbon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\..............\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/ N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\..............\Application Data\Mozilla\Profiles\default\bc5akuhw.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [Microsoft Update] rnurbvi.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - kl.bar.need2find.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - advnt01.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - locator1.cdn.imagesrvr.com O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - download.energy-factor.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F27D134F-87EF-4F90-B583-A3DC4DD58743}: NameServer = 192.168.0.1,0.168.0.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
av4tarnz (5829) | ||
| 457872 | 2006-05-26 06:04:00 | I bought my computer from the now defunct PC Company. It was a PC Co system restore that was appearing on start-up. | av4tarnz (5829) | ||
| 457873 | 2006-05-26 06:08:00 | speedy proberly going through the log as i write this ;) bt i suspect something has triggered it to restore back to factory settings. possibly due to crashing beacuse of infections. i see a few suspect ones straight off. give the system a good clean out and see if you can recoveryour old data. i suspect you will have to reload some of your drivers eg video card etc. |
tweak'e (69) | ||
| 457874 | 2006-05-26 06:15:00 | Hmm boot into safe mode, run hijackthis again tick these entries and tick fix checked. C:\Program Files\TBONBin\tbon.exe This maybe this (www.symantec.com) Adware O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing) O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe - this is a hijacker. See if there's an entry in add/remove programs for Searchupgrader. If there is, uninstall it. Nasty O4 - HKLM\..\RunServices: [Microsoft Update] rnurbvi.exe This entry below, isnt nasty but not needed in startup. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background This is adware O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r Not nasty but not needed in startup. O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Nasty O8 - Extra context menu item: &Search - kl.bar.need2find.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - advnt01.com - this maybe a dialler. O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - download.energy-factor.com O18 - Filter: text/html - (no CLSID) - (no file) 5 entries below, aren't nasty but not need in startup. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime |
Speedy Gonzales (78) | ||
| 457875 | 2006-05-26 06:17:00 | Start over huh? Bugger, I'm the computer novice in our household. Backing up files isn't a problem, but I'll need some directions for total reseting of the computer. | av4tarnz (5829) | ||
| 457876 | 2006-05-26 06:21:00 | You dont have to reinstall, just boot into safe mode, run hijackthis again, tick on the entries I posted previously and tick fix checked. Then reboot. | Speedy Gonzales (78) | ||
| 457877 | 2006-05-26 06:27:00 | Sorry Speedy, when I say I'm a computer novice, I really mean TOTAL NOVICE. How do I start-up in sfae mode? | av4tarnz (5829) | ||
| 1 2 3 4 | |||||