Malware

Question

Gravatar
Locked

My Computer has so many problems

By substitute_santa ·
My computer has so many problems and ive looked around on the internet and ive managed to fix some of them.
I know that i have a few viruses on my computer, but i cant get rid of them, in one case i think i have one on my ipod "boot.exe" and i cant get rid of it. All of the antivirus programs ive tried either dont pick it up or cant scan my ipod.
Den i have "copy.exe" which i dont know how to fix either.
Task manager and regedit were disabled, but i fixed that, but i still dont have the start>run option and my windows xp skin has disappeared and has opted for the outdated 95/98 skin.
My folder options is also disbled, and i tried a reg fix which i found on the internet but it doesnt work!

My other computer had the same symptoms, except i also had a problem with the process "lsass.exe" and i nothing was fixed. I tried a few antiviruses here too, but they would get rid of the virus, but it would immediately come back.
Den after a while, my computer would boot up and would get to the "logon on screen", but it was all black and all i could see was my mouse and my keyboard didnt do anything. This was the case in safe mode too.

So i managed to reinstall windows XP pro by hooking my hard drive up to another computer, since my disc drives had a problem reading the boot CS, and it started working...
So i shut down, put the hard drive back on the other computer and now when it gets to the boot screen, it jus restarts. I tried to hook it up to the other computer i used to install windows XP and the same thing happens. I also tried to install XP again, but the when i use the boot CD it wont read my hard drive. And i have a lot of valuable information on that hard drive so formatting is not an option.
I think i might have a problem with the booting sequence, cause i had a program called Boot Skin which changes the picture on the boot screen, but i dont know how to get rid of it.
I also suspect i got the virus from my friend when i gave him my ipod, cause i dont have internet on either of these computers.

PLEASE HELP ME! I havent used my computer for almost a month and i need it for school and what not. Thanks in advance.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

HijackThis Log

by substitute_santa In reply to My Computer has so many p ...

This is the hijackthis log from the computer which does actually load should it help...
By the way this computer, is only used for music production and theres a folder on my ipod call ".spotlight-v100" ]. I dont know what it is and i cant get rid of it.

Logfile of HijackThis v1.99.1
Scan saved at 02:16:45 PM, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\JP\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

gravatar
Collapse -

I have the same problem.

by carolinevlaeminck In reply to My Computer has so many p ...

Did you solve your problem? I think it is a worm because everytime i attach an external drive it copies the instal.exe and boot.exe in het map "message" to this new drive. This drive is eather an sd-card or an i-pod. it is difficult to get rid of it i think. I am still trying with anti-spyware etc. But if you would have a solution... tell me!

gravatar
Collapse -

Run your anti-virus / spyware in Safe Mode...

by OldER Mycroft In reply to I have the same problem.

That is the only sure way to attack a trojan / worm.

gravatar
Collapse -

I have similar problem check this plz

by bashirhamidi In reply to Run your anti-virus / spy ...

Dear all:

here is my story: I'm trying to boot up from a different desktop (let's call it dt2)with similar configurations as my current desktop (we'll call it dt1) using the hdd from dt1. So when I put the dt1 hdd in place, the computer starts up as usual, displaying the system page with press F2 for this and F10 for that and then, you know when your computer gets shutdown in an unexpected manner and you try to boot up and receive this boot up page where it says boot normally or boot on safe mode or on last good settings, well that's what I get next. Then I try to boot up normally and it just reboots the computer, so I'm in the same screen. I have tried all the options: in safe mode (with internet, without internet, with cmd, etc) and the option to go and boot with last good settings but none do the trick. I'm stuck in the same page. Can someone please help me.


Thanks in advance.

bashirhamidi@hotmail.com

gravatar
Collapse -

OK..please fess up...have you been using P2P or torrent clients?

by ManiacMan In reply to My Computer has so many p ...

If so, then you've invited more viruses, worms, and malware onto your PC than one can shake a stick at. You can download AVG Free Edition from www.grisoft.com and it will do a great job of catching and killing whatever malicious code is on your PC, and did I mention it was free?

Back to Malware Forum
5 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums