0

I have just been handed a sick laptop by my sister - nothing appears to work - I think perhaps a little over use of spyware removers without realising the implications.

Cut, paste, copy and moves in explorer don't work. CD doesnt write, can't enable file sharing on the network, weird behaviour (Blank screens) when i open windows utilities. System restore refuses to startup. I really would appreciate any help, otherwise its a total re-install!!!

Here is a log:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:55, on 25/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/cd_redirects/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/cd_redirects/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB298E5C-B6A5-4E4E-8F8D-379C634940B3}: NameServer = 212.159.11.50,194.72.9.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

WOW - the copy and paste worked this time - quite glad it did.

Thanks in advance for any help

3
Contributors
6
Replies
7
Views
12 Years
Discussion Span
Last Post by DMR
0

Hi leventib,

First of all- welcome to our site :)

In terms of the HijackThis log you posted- it shows no signs of infection as far as I see; it's actually a very clean log. Given that, and the other problems you described, it sounds like the problems you're experiencing are of a more general nature.

Can you give us anything more specific to go on concerning when the problems started to occur, what you might have done already to try to fix them, etc.?

0

Thanks DMR,

My post was essentially to firstly make sure there wasn't a suspect service running on the machine - thanks for confirming this.

Random things kept happening, none of which made any sense - yesterday I gave up on trying to fix it - quickest option was to backup over the network (only think that worked) and rebuild the system. Works fine now.

Thanks for your help.

0

You're welcome. :)

Sometimes a reinstall is the fastest solution to elusive/random problems, especially if you have the option of being able to back up your crtical data first. Glad you got it sorted.

0

Hi Blumps,

You have not told me what you have tried. Can you link this with an installation of any software, or changes you may have made?

If you have the same problem as i did, then my solution at the time was to reinstall xp, after backing up my data over a network. If you have run virus checks and are sure it is nothing to do with any trojans/viruses then there is not much that can be done.

Have you tried to recover your system to a previous know date when everything was ok? - (use System Restore - goto start bar / all programs/ accessories/system tools)

I have since discovered a way of just over installing Internet Explorer, which may be a good place to start - I have cut and pasted it below:

If you suspect a corrupted system file, you can use the System File Checker to scan for and repair all such
files. The System File Checker will require that you have your original Windows XP CD handy. See the
Troubleshooting section for details on how to use the System File Checker.
Alternatively, you can trick Windows into thinking Internet Explorer 6 isnʹt installed, and this will allow you
to reinstall Internet Explorer 6 over the top of your existing installation (which isnʹt normally possible). To
do this, open the Registry Editor and go to the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{89820200-ECBD-11cf-8B85-00AA005B4383}]
IsInstalled=1
Change this setting to =0 and click OK. If it doesnʹt exist, create it as a new DWORD value and set it to 0.
Now go to the Microsoft Internet Explorer Homepage, download the latest full version of Internet Explorer
and install it. Once completed, go to Windows Update and install all the available patches and updates for
Internet Explorer once again. These steps should resolve any issues you are having with Internet Explorer if
the cause was a corrupted file or registry entry.


All the above is based on my system XP sp2 !

Hope this helps, let me know.

0

I am having the same problem any ideas or suggestions

Hi blumps,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.