Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi
Downloaded most recent Windows updates. Since then, system is usable but not operating the same as before. I tried to use System Restore and it would sometimes bring up a blank window and sometimes do nothing. Any ideas how to fix?
thanks
Tom C.
Get rid of the Windows Updates and see what happens.
Proud member of Alliance of Security Analysis Professionals since 2005. ASAP
0 
Ok then, now we look at a virus issue. Download Hijack This 1.99.1 here
,install it and "Do A System Scan Only". Click on "SCAN" at the bottom. Once it's finished click on "Save Log" and save it as a .txt file. DO NOT fix anything! This is a pretty powerful tool. Be sure that the program is in its own folder on the root drive. If it's saved in a temp folder it won't be able to make back-ups if needed. Also be sure that while it's running that no other windows are open. Then copy and paste the log back here and I'll take a look at it for you.
Proud member of Alliance of Security Analysis Professionals since 2005. ASAP
0
Logfile of HijackThis v1.99.1
Scan saved at 7:22:28 PM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~2\FILEBA~1\FILEBACK.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~2\WINZIP\winzip32.exe
C:\HiJack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plymouth.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\msconfig.exe /auto
O4 - HKCU\..\Run: [FileBack PC] C:\PROGRA~2\FILEBA~1\FILEBACK.exe
O4 - Global Startup: MBProbe.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097332790233
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
0
My system is borked too with the last update. Seems MS still hasn't offered a way to correct except me doing a restore from a backup set.
Thanks MS.
0
Well, I have good news and bad news. The good news is that the log come up clean. The bad news is that something should've came up. I've done some more reasearch on this and it's definitely something you don't want (eg. spyware, trojan).
I like you to try doing a scan here:
and see what it brings up.Click on scan your PC, then next, then enter the info (is safe)
When it's done, save the log as a text file and post it back here once again for me.Proud member of Alliance of Security Analysis Professionals since 2005. ASAP
0
Hi Bloodhound
Thanks for your help. Pandasoft won't scan. I click on scan and it comes back to the same page.
Tom C.
0
Try this older version
of Panda scan.Proud member of Alliance of Security Analysis Professionals since 2005. ASAP
0
No luck. Bloodhound thanks again. I have to sign off for a few days as I will be working out of state. I will be back in touch Friday night of Saturday.
thanks
Tom C.
0
To Jefro: Since he's away, I think it'll be ok to use this thread. Post a Hijack Log.
Proud member of Alliance of Security Analysis Professionals since 2005. ASAP
0
Hi Bloodhound
I decided to just restore from a backup. Actually went quickly and smoothly. I also saved any files that I needed.
I don't think it was a virus or trojan horse as it happened immediatley after I installed some windows updates. Learned my lesson.
thanks for your time and effort.
Tom C.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
