1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Nothing showing up on desktop!

Discussion in 'Malware and Virus Removal Archive' started by astroman, 2008/07/28.

  1. 2008/07/28
    astroman

    astroman Inactive Thread Starter

    Joined:
    2008/07/28
    Messages:
    4
    Likes Received:
    0
    My computer was working fine this morning before I left for work. I shut it down, and when I came into work and rebooted, nothing appears on my desktop! I tried running task manager via Ctrl+Shift+Esc and entered "explorer.exe" (without quotes) and it appeared to try to load but nothing happened. It isn't showing up in my processes list. Furthermore, I tried to open files and programs via New Task>Browse> then the file or program. Either the program fails to load, or when it does and I try to open any files the program crashes. I can't even navigate to My Computer, because when I try to the task manager just closes. So, basically I can't open any programs, load any files, or browse to My Computer. I tried running system restore in Safe Mode but again nothing seemed to load on my desktop. I don't know what is wrong. I am starting to think it is a virus, which would ****. I don't have any antivirus software installed on my computer so I can't run a scan. I really don't want to have to reinstall windows because I can't even access my thumb drive to copy critical files and folders onto it (all my previous class notes, my current work files (although they are on the thumb drive too). Please help!
     
  2. 2008/07/28
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Hi,

    Read this post, then post the requested log(s).
     
    Arie,
    #2

  3. to hide this advert.

  4. 2008/07/28
    astroman

    astroman Inactive Thread Starter

    Joined:
    2008/07/28
    Messages:
    4
    Likes Received:
    0
    Well, I tried running system restore through safe mode and it kept on giving me a message saying it couldn't safely restore my settings, and to restart windows and try the restore again. I did this and got the same message. So, I decided to do a Windows XP repair installation. During the process it said it couldn't find some .dll files on the installation disk, so I clicked cancel, then it asked if I wanted to continue the installation and I said no, but it continued anyway. So after that was completed, windows rebooted and my desktop was back to normal. It all seems very strange, so I decided to follow your requests anyway to see if you guys can catch anything. Below are the reports

    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:22:55 PM, on 7/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [gStart] C:\Garmin\gStart.exe (User '?')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 6709 bytes



    Deckard's Log


    Deckard's System Scanner v20071014.68
    Run by Chris on 2008-07-28 20:12:23
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Unable to create WMI object; The operation completed successfully.


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Chris.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:17:02 PM, on 7/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Chris\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-73586283-1417001333-725345543-1003\..\Run: [gStart] C:\Garmin\gStart.exe (User '?')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 6697 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    3 EverestDriver (Lavalys EVEREST Kernel Driver) - c:\documents and settings\chris\my documents\downloads\everest ultimate edition 4.20 build 1180 + key [app][www.zonatorrent.com]\everest ultimate edition 4.20 build 1180 + key [app][www.zonatorrent.com]\kerneld.wnt (file missing)
    3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
    1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
    3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    3 sbusb (Sound Blaster USB Audio Driver) - system32\drivers\sbusb.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
    2 Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
    3 hpqcxs08 - c:\windows\system32\svchost.exe
    2 hpqddsvc (HP CUE DeviceDiscovery Service) - c:\windows\system32\svchost.exe
    2 matlabserver (MATLAB Server) - c:\matlab6p5\webserver\bin\win32\matlabserver.exe
    3 Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
    2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe
    2 Net Driver HPZ12 - c:\windows\system32\svchost.exe
    3 SolidWorks Licensing Service - c:\program files\common files\solidworks shared\service\solidworkslicensing.exe
    4 SQLBrowser (SQL Server Browser) - c:\program files\microsoft sql server\90\shared\sqlbrowser.exe
    2 SQLWriter (SQL Server VSS Writer) - c:\program files\microsoft sql server\90\shared\sqlwriter.exe
    2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe


    -- Device Manager: Disabled ----------------------------------------------------

    Unable to create WMI object.

    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-25 22:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-06-28 and 2008-07-28 -----------------------------

    2008-07-28 20:10:36 0 d-------- C:\Program Files\Trend Micro
    2008-07-28 20:06:24 0 d-------- C:\WINDOWS\Prefetch
    2008-07-28 18:02:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-07-28 18:02:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
    2008-07-28 18:02:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-07-28 18:02:02 0 d-------- C:\Documents and Settings\Administrator\Favorites
    2008-07-28 18:02:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-07-28 18:02:02 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-07-28 18:02:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-07-28 18:02:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-07-28 18:02:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-07-28 18:02:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-07-28 18:02:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-07-28 18:02:01 0 d--h----- C:\Documents and Settings\Administrator\Recent
    2008-07-28 18:02:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-07-28 18:02:01 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-07-28 09:04:15 0 d--hs---- C:\found.000
    2008-07-28 08:51:44 0 d-------- C:\spoolerlogs
    2008-07-26 03:08:26 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-07-26 03:06:20 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
    2008-07-26 03:03:09 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
    2008-07-25 16:32:24 0 d-------- C:\Program Files\NVESD
    2008-07-24 20:50:39 0 d-------- C:\Program Files\Microsoft Works
    2008-07-24 20:42:25 0 dr-h----- C:\MSOCache
    2008-07-23 19:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2008-07-23 18:12:57 0 d-------- C:\Temp
    2008-07-20 18:34:00 0 d-------- C:\Program Files\GrabJPG
    2008-07-20 18:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\GrabJPG
    2008-07-16 21:16:57 0 d-------- C:\Documents and Settings\Chris\Application Data\Google
    2008-07-16 21:15:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-07-16 21:15:29 0 d-------- C:\Program Files\Google
    2008-07-15 22:39:28 0 d-------- C:\Program Files\Audacity
    2008-07-14 20:54:07 0 d-------- C:\Program Files\iPod
    2008-07-14 20:42:33 0 d-------- C:\Program Files\Safari
    2008-07-08 14:26:46 0 d-------- C:\Program Files\VLC
    2008-07-08 14:26:23 0 d-------- C:\Program Files\Common Files\VLC
    2008-07-02 21:55:54 0 d-------- C:\Program Files\Microsoft SQL Server
    2008-07-02 21:42:59 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-07-02 21:42:59 0 d-------- C:\Program Files\Common Files\Merge Modules
    2008-07-02 21:41:18 0 d-------- C:\Program Files\Microsoft SDKs
    2008-07-02 19:18:59 0 d--h----- C:\Documents and Settings\All Users\Application Data\{B59CE2E6-B15A-4F23-BD0E-72BF2ADDC3C7}
    2008-07-02 14:30:47 0 d-------- C:\Documents and Settings\Chris\Application Data\Borland
    2008-07-02 10:41:49 0 d--h----- C:\Program Files\Zero G Registry
    2008-07-02 10:41:49 0 d-------- C:\Program Files\thg
    2008-07-02 10:41:00 0 d--h----- C:\Documents and Settings\Chris\InstallAnywhere
    2008-07-01 19:38:40 0 d-------- C:\Documents and Settings\Chris\Application Data\FileZilla
    2008-07-01 09:51:54 0 d-------- C:\Documents and Settings\Chris\.idl
    2008-07-01 09:50:47 0 d-------- C:\Program Files\Solar Irradiance Platform
    2008-07-01 09:46:35 0 d-------- C:\Program Files\ITT
    2008-06-29 23:47:41 0 d-------- C:\Program Files\CodeGear
    2008-06-29 22:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\CodeGear
    2008-06-29 22:46:23 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-06-29 22:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-29 17:27:29 0 d--h----- C:\Documents and Settings\All Users\Application Data\~0
    2008-06-28 18:28:31 0 d-------- C:\Program Files\Microsoft Silverlight


    -- Find3M Report ---------------------------------------------------------------

    2008-07-25 11:28:44 0 d-------- C:\Documents and Settings\Chris\Application Data\U3
    2008-07-24 20:50:21 0 d-------- C:\Program Files\MSBuild
    2008-07-24 20:17:02 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
    2008-07-23 19:23:10 139586 --a------ C:\WINDOWS\hpoins15.dat
    2008-07-23 19:22:49 0 d-------- C:\Program Files\HP
    2008-07-23 18:34:22 68270 --a------ C:\WINDOWS\hpoins05.dat
    2008-07-17 21:38:34 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire
    2008-07-15 11:45:56 0 d-------- C:\Documents and Settings\Chris\Application Data\Apple Computer
    2008-07-14 20:54:27 0 d-------- C:\Program Files\iTunes
    2008-07-14 20:52:46 0 d-------- C:\Program Files\QuickTime
    2008-07-14 20:12:16 0 d-------- C:\Program Files\Apple Software Update
    2008-07-08 14:26:27 0 d-------- C:\Program Files\Common Files
    2008-07-06 18:21:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Move Networks
    2008-07-02 22:00:16 0 d-------- C:\Program Files\Microsoft.NET
    2008-07-01 09:49:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-21 21:43:37 35160 --a------ C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-19 21:37:50 0 d-------- C:\Documents and Settings\Chris\Application Data\Mathsoft
    2008-06-19 21:37:34 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-06-19 21:35:31 0 d-------- C:\Program Files\Mathcad
    2008-06-17 09:25:32 0 d-------- C:\Documents and Settings\Chris\Application Data\Mathematica
    2008-06-17 09:20:52 0 d-------- C:\Program Files\Wolfram Research
    2008-06-15 17:40:51 0 d-------- C:\Program Files\LimeWire
    2008-06-13 18:45:46 0 d-------- C:\Program Files\Common Files\SWF Studio


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    03/02/2007 05:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator "= "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" []
    "AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "RTHDCPL "= "RTHDCPL.EXE" [09/22/2005 03:36 PM C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 08:43 PM C:\WINDOWS\ALCMTR.EXE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6 "= "C:\Program Files\AIM6\aim6.exe" [03/06/2008 02:50 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "gStart "= "C:\Garmin\gStart.exe" [09/06/2006 10:05 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk]
    path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk
    backup=C:\WINDOWS\pss\SolidWorks Task Scheduler Engine.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\INPROCOMMWireless]
    C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt hpqcxs08 hpqddsvc




    -- End of Deckard's System Scanner: finished at 2008-07-28 20:17:29 ------------
     
  5. 2008/07/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi astroman,

    Looks as though there is a problem with WMI, which would conribute to the problem with system restore. First, lets get an online scan to see if there are any infections present, then go from there.

    Please scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log here.
     
  6. 2008/08/01
    astroman

    astroman Inactive Thread Starter

    Joined:
    2008/07/28
    Messages:
    4
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, August 01, 2008 7:04:14 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 1/08/2008
    Kaspersky Anti-Virus database records: 1037634
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 145359
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 02:18:03

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Chris\Application Data\acccore\nss\cert8.db Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\acccore\nss\key3.db Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\history.dat Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\key3.db Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\AOL\AOLDiag\AOL\IMAppServiceUSGM\Win32\6.5.11.1\00673fa4.pak Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\AOL OCP\AIM\Storage\data\getupkid185\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu5ixv4w.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Temp\hsperfdata_Chris\2552 Object is locked skipped
    C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Chris\My Documents\LimeWire\Saved\colbys song joshua james.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
    C:\Documents and Settings\Chris\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Chris\NTUSER.DAT.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_710.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_68.trc Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{B8986256-6F7F-4F3F-9637-FD4C32204E48}\RP204\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\sam Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\security Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{B8986256-6F7F-4F3F-9637-FD4C32204E48}\RP204\change.log Object is locked skipped

    Scan process completed.
     
  7. 2008/08/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    As you see, only 1 infected file .. a song downloaded with Limewire.

    C:\Documents and Settings\Chris\My Documents\LimeWire\Saved\colbys song joshua james.mp3

    Delete it, then empty the recycle bin.

    I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    References for the risk of these programs are here,
    here and here.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


    Additionally, these apps often run in the background when you start your computer, consuming cpu cycles and bandwidth. This could be a major contributor to your slowdown.


    Now, lets check out WMI. Download the WMI Diagnosis Utility from Microsoft. It is a self-extracting exe. Run it then open the folder it creates and double click the WMIDiag.vbs file to start the tool. You may be prompted that wscript is your default scripting engine and WMIDiag will not produce any echo, which is fine, just means you won't see a graphical interface when it runs. Task Manager will show wscript.exe running on the processes tab until it completes. It should also display a message when it completes.

    When done, click Start>Run and type %temp% then hit Enter. You will see 3 logs named WMIDIAG-V2.0_XP******
    There will be a .log, a .txt and a .csv
    Please post the contents of the txt file. It may be large and require splitting into 2 or more posts.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.