Nibble Guru - Computing queries demystified Monday, December 01, 2008
Home
My Account / Register
Login / Logout
Post your Problem!
Search
About Us
Contact Us
List Home > Computer Viruses >   [ Post New Problem ]

Welcome back !
TrackingID : 6323
Posted : Wednesday, November 23rd, 2005 11:39:48 AM
By : cowboyjohn994
start up programsConfiguration:
in the start up menu PROGRAM files are gone...all the start up programs are in a read only format in another file...is there a way to run windows98 start up without buying the disk

Additional Comments:
i think it was caused buy a virus...i have norton anti virus 		Operating System : microsoft windows 98
CPU/Processor : intel pentium lll

Related Problems :
Comments :
start up programs my shortcuts don't work by walton on December 27th, 2005 02:43:01 PM
I was consulting with another forum, but it seems as if they have stopped responding to my posts, so I decided to try this one. My Desktop shortcuts and programs are .lnk files and they don't work anymore. I can't reinstall my Windows Xp cd, I can't access any system restore options, my computer scan programs can't help. Somebody please help me.

I couldn't complete the system config because I kept getting a funny message so here are my computer configurations:

Computer Brand: Dell XPS 400
Processor: Inter(R) Pentium(R) D CPU 2.80GHz
Processor speed: 2.73 GHz
Memory (RAM): 1024 MB
Operating System: Microsoft Windows XP Professional version 5.1.2600

The other forum that I spoke to (daniweb) stopped responding to my posts, but they helped me get this far (see below). I used HijackThis to scan my computer and Ewido. Can anyone help me in this continual process?

1. HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 5:51:30 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///??
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...rch/search.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1130266793890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1132318523125
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.c...ex/HMAtchmt.ocx
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

2. EWIDO

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:16:00 PM, 12/26/2005
+ Report-Checksum: C431A8BD

+ Scan result:

C:\Documents and Settings\Gordon\Cookies\gordon@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Gordon\Cookies\gordon@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup


::Report End

3. C:\WINDOWS\system32\dllcache\sys32

Here are the Additional Files that were found in C:\WINDOWS\system32\dllcache\sys32:

upload (a folder with nothing in it)
hide.EXE
libeay32.dll
psshutdown.exe
ServUStartUpLog.txt
sys.dll
winmgtr.dll
cygcrypt-0.dll
hide.RBO
nfo.nfo (MSInfo document)
run.bat
spooldc.log
TzoLibr.dll
cygwin1.dll
hydrant.bat
pshut.bat
ServUDaemon.ini (Configuration Settings)
ssleay32.dll
welcome.txt
Re: start up programs by Anonymous Ghost on December 28th, 2005 04:16:43 AM
You still have bunch of spywares... First clean them up using Spybot Search & Destroy.
Re: start up programs by Anonymous Ghost on December 28th, 2005 04:21:15 AM
make sure you scan using the latest definitions. First search for updates and download them and then only scan.
Re: start up programs by Anonymous Ghost on December 28th, 2005 04:27:40 AM
The easiest way out is to borrow a Windows XP cd from a friend or buy a new one and reinstall :)
Re: start up programs by walton on December 28th, 2005 02:25:36 PM
I ran all my scan programs which include Ewido Anti-Malware, HijackThis, Lavasoft Ad-Aware, Spybot Search and Destroy, and Mcafee Virus Scan, but my computer is still acting a fool. I can't get my Windows XP cd to install. When I click "install", nothing happens. All of my exe files, programs and shortcuts are showing up as .lnk files and I can't open up anything. I can't even open up my registry editer by using Start/run/regedit. Does anybody know any solution.
Problem solved by walton on January 01st, 2006 09:51:07 PM
PROBLEM SOLVED! Here's how.

I used these steps from another forum:

The specific locations for the files:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip

For the benefit of others:
When double clicking the xp_exe_fix.reg file, windows asks what to use to open it. Go to select from list, then browse and find C:\Windows\regedit.exe, select it and click ok, then double click xp_exe_fix.reg again and it'll ask you if you want to add the info to the registry. Click yes and reboot your computer. You should notice that by going Start->my computer->C:\ and opening any one of the folders, all of the programs appear normal again and will function correctly.

If your desktop icons still have the *.lnk extension, run the linkfile_fix.reg by double clicking it, then reboot again. make sure everything seems back to normal and your all done!

Note: if winzip/winrar or whatever isn't working on your machine, either extract the files on another computer or associate the zip files with the appropriate program exe (winzip/winrar) as done for the xp_exe_fix.reg file.

As you see, these files will restore icons back to .exe and programs should work again. I also rebooted my computer afterward and pressed F2. This took me to the screen where I could do a lot of configurations and I just selected the option of "restore my computer to defaults". I also used my Registry Mechanic Version 5.1 to clean my registry, which really helped.

Thanks for your help.

Related Problems :
Post a Note :
UserName (not required in anonymous posts)
Password (not required in anonymous posts)
Post Anonymous (check this only if you wish to post anonymously.)
Subject
Comment (limited HTML allowed)
List Home > Computer Viruses >   [ Post New Problem ]
Copyright © 2001-2008, Nibble Guru