Member Avatar for ReadyToTossIt

Even when I boot my computer in safe mode, windows explorer will not stay open for three seconds without restarting itself--making it difficult to run anything that's not on my desktop and making the PC practically un-usable. I can't run windows update because I can't run Internet Explorer, and even programs that should work otherwise (I.E. CCleaner) won't function properly. Looking at the process manager, I see explorer opening and closing as is evident, and dwwin.exe opening and closing along with it (which I haven't seen before) and several instances of drwtsn32.exe (which is apparently supposed to be a harmless windows diagnostic process, but I note it because I've never seen it before).

I suppose the next step I'm to take is post my HijackThis log (damn thing was pretty tough to obtain in the current state of my PC :-| ) so here goes:
____________________


Logfile of HijackThis v1.99.1
Scan saved at 8:05:01 PM, on 9/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\svchost.exe
C:\WIN\system32\svchost.exe
C:\Documents and Settings\Will\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WIN\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WIN\SiSUSBrg.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WIN\system32\msmsgs.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WIN\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126477997015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WIN\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WIN\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
____________________

So if anyone could help, that would be just swell. Thanks in advance.

  • 2 Contributors
  • 6 Replies
  • 178 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by ShaneMcP

Recommended Answers

All 6 Replies

Member Avatar for ShaneMcP

Welcome to the wonderful world of insane amounts of spyware :D. So my advice is start in safe mode like you did, then open up my computer and type www.mozilla.org/firefox. Then download firefox. Or install it via a jumpdrive or something. The reason I would have you do that is so you could get to microsoft's antispyware page. Now if you can get there on another computer and download the program, or someone else has it, get it on your computer! Install it and update it completly. BTW it would also be a good idea to go to run in the start bar and type msconfig > click the startup tab and click disable all. You can go through and check the programs you know arent dangerous after you click disable all.

1)Get Microsoft Antispyware anyway possible
2)Update Microsoft Antispyware(should be automatic)
3)Never try to open Internet Explorer
4)Disable your startup programs
5)Run Microsoft Antispyware.
6)Resart(cuz it will ask you to) and boot into safe mode again. Scan using MS Anti-spyware again. It may pick up some traces.
7)Restart again (if you have to)
8)Use Mozilla Firefox instead of IE6 www.mozilla.org/firefox
9)Get an anti-virus program just to be safe (zone alarm, etc)
10)Run an anti-virus scan (housecall.antivirus.com should work)

Remember, you can always backup your important files and format :D.

Hope this helps,
Shane McP

Member Avatar for ReadyToTossIt

Thanks for the reply. Back to business, I have firefox and have been using it to try to fix these problems all along. I also have ad-aware and use it weekly, but I was infected by PSGuard which I couldn't get rid of until just today (and I'm not even 100% sure it's gone). Ad-aware scans are now freezing at the internet cache scan, which i assume is because of the probem with explorer. I ran housecall (the UK version--US housecall only runs from IExplorer, and the only reason i ever use IE is to update windows) and it didn't detect anything, so I'm not quite sure about that solution. Also, I don't think disabling startup progs will help much in this case because it happens in safe mode as well, but I'll give it a try anyways. Besides all that, I'll take your advice and check out the MS Antispyware majigger and get back to you with my results.

Member Avatar for ReadyToTossIt

Well, no such luck yet. Anyone else able to give any advice?

Member Avatar for ShaneMcP

MS Antispyware didn't help, well that stinks! Well I'm out of ideas :D. You always have the option of reinstalling windows. Have you tried going into add/remove programs and looking for suspicious programs (and removing them)? Thats all I got, its been a long day :P.

Shane McP

Member Avatar for ReadyToTossIt

Well, I managed to get it fixed after a bit of work, but thanks a great deal for your suggestions. I appreciate your help. Not wanting to lose anything, I wanted to do a repair install, but I remembered what happened the otehr two times I tried to repair SP2 with an my SP1 CD--total windows brickage. I tracked down an SP2 install disc and ran the repair on that, and it got rid of my main problem. I just had to manually remove specific rogue processes with instructions from the symnatec security site and reinstall a couple bits of hardware and I'm all good to go again. Glad to have my PC back :)

Member Avatar for ShaneMcP

Awesome, congrats, and good luck


Shane McP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.