0

Okay. I've been regularly running two different virus programs, Panda Titanium 2007 and Trend Micro Housecall. I've also been regularly scanning with Ad-Aware.

Something got through. The problem doesn't happen all the time but it's consistent enough that I finally realized it wasn't just a random computer hiccup.

Sometimes when I try to open My Computer, My Documents or any related action or try to run a search, the computer pauses. Then everything -- all the icons on my desktop and the entire Windows Start Bar -- vanishes. It lasts a couple of seconds then everything comes back, no problems. Any other programs I was running are still there and working fine. But my folder hasn't come up or my search is gone. This has even affected CTRL+ALT+DEL.

I've d/led and scanned with SpyBot. I'm not sure how much it fixed. The problem seemed to have gone away but now it's definitely back.

It seems to have come down a couple of months ago when I d/led an updated to Trillian.

Here's my Hijack This log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:35:17 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:3 /flg:2 /ver:6.1.0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Word\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127433792562
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

I'm seriously thinking of just backing up and reformatting. We've tried to apply some of the solutions I've seen elsewhere on this forum but, among other things, we can't seem to get the computer to boot in Safe Mode.
I would greatly appreciate any help.

2
Contributors
8
Replies
9
Views
9 Years
Discussion Span
Last Post by gerbil
0

For a one-off restart into Safe Mode go Start, run, enter msconfig; under Boot.ini tab check /Safeboot, Apply, Close, select Restart.
You could run this to give us a look at recent files and a few other settings..
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Other than that it appears that some registrations have been corrupted; I would try a Repair of Windows via the Setup on your installation CD.

0

((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-24 14:31 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe
2007-11-07 19:56 532,480 --a------ C:\Program Files\cwshredder.exe
2007-11-07 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 19:00 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2007-11-07 18:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-07 18:49 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-07 18:48 2,566,736 --a------ C:\Program Files\spywareblastersetup351.exe
2007-11-07 18:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 18:32 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-11-07 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-07 18:25 <DIR> d-------- C:\WINDOWS\LastGood(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:34 295,096 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-11-25 19:34 295,096 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-11-25 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-11-25 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-11-25 19:34 --------- d-----w C:\Documents and Settings\Heather\Application Data\OpenOffice.org2
2007-11-24 19:35 10,479 ----a-w C:\Program Files\hijackthis.log
2007-11-21 17:28 --------- d-----w C:\Program Files\Juno
2007-11-18 21:00 --------- d-----w C:\Program Files\Trillian
2007-11-07 23:37 --------- d-----w C:\Program Files\Ad-Aware 2007
2007-11-07 23:35 --------- d-----w C:\Program Files\Games
2007-11-07 23:35 --------- d-----w C:\Program Files\Forgotten Riddles - The Mayan Princess
2007-11-07 23:35 --------- d-----w C:\Program Files\Dream Day Honeymoon
2007-11-07 23:35 --------- d-----w C:\Program Files\bfgclient
2007-11-07 23:35 --------- d-----w C:\Documents and Settings\Heather\Application Data\HouseCall 6.6
2007-11-07 23:34 --------- d-----w C:\Program Files\FastStone Image Viewer
2007-11-07 23:34 --------- d-----w C:\Program Files\Common Files\Panda Software
2007-11-07 23:33 --------- d-----w C:\Program Files\QuickTime
2007-11-07 23:33 --------- d-----w C:\Program Files\iTunes
2007-11-07 23:33 --------- d-----w C:\Program Files\iPod
2007-11-07 23:27 --------- d-----w C:\Program Files\LexmarkX84-X85
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 14:44 --------- d-----w C:\Program Files\Java
2007-10-10 02:55 --------- d-----w C:\Documents and Settings\Heather\Application Data\ForgottenRiddles
2007-10-03 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-09-19 02:49 3,605,992 ----a-w C:\Program Files\FSViewerSetup32.exe
2007-09-07 12:11 63,024 ----a-w C:\WINDOWS\system32\pavipc.dll
2007-09-07 12:11 292,400 ----a-w C:\WINDOWS\system32\PavSHook.dll
2007-09-07 12:11 161,328 ----a-w C:\WINDOWS\system32\TpUtil.dll
2007-07-25 02:27 9,679,815 ----a-w C:\Program Files\vlc-0.8.6c-win32.exe
2007-07-18 01:44 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-06-30 23:11 17,896,352 ----a-w C:\Program Files\aaw2007.exe
2007-03-10 01:51 24,187,080 ----a-w C:\Program Files\T07nt.exe
2007-03-06 17:30 37,844,544 ----a-w C:\Program Files\iTunesSetup.exe
2007-02-25 15:35 98,554,909 ----a-w C:\Program Files\OOo_2.1.0_Win32Intel_install_en-US.exe
2007-02-24 22:46 6,006,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.2.exe
2006-12-07 03:04 2,599,088 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-11-30 15:14 56,558,505 ----a-w C:\Program Files\openofficeorg3.cab
2006-11-30 15:14 3,293,185 ----a-w C:\Program Files\openofficeorg4.cab
2006-11-30 15:08 15,519,065 ----a-w C:\Program Files\openofficeorg2.cab
2006-11-30 15:07 18,169,081 ----a-w C:\Program Files\openofficeorg1.cab
2006-11-30 15:05 5,294,592 ----a-w C:\Program Files\openofficeorg21.msi
2006-11-30 15:05 217 ----a-w C:\Program Files\setup.ini
2006-11-13 16:31 315,392 ----a-w C:\Program Files\setup.exe
2006-01-18 18:00 6,974,864 ----a-w C:\Program Files\serif_ph55preloader.exe
2006-01-05 21:18 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-17 20:10 36,081,152 ----a-w C:\Program Files\titan6shuk.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 12:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-01 14:20]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:36]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 22:52]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 06:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-09 13:03]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.exe" [2007-03-30 14:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"PPFW"="c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.exe" [2007-04-02 17:52]

C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Word\Office\OSA9.EXE [1999-02-17 15:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 18:02 50736 C:\WINDOWS\system32\avldr.dll

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;\??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-11 12:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-19 21:15:10 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 15:17:43
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 15:19:30
.
--- E O F ---

0

Thank you for helping me. ^_^
I tried the repair option from my Windows Installation CD but I think it requires more computer knowledge than I have. I got as far as the command prompt but I had no idea where to go from there.

0

Ah, a common misinterpretation of Microsoft's options, Heather - you entered Recovery Console, and you don't want that.
At that point in the process instead of typing R press Enter to start Windows Setup [Repair is a mini version of installation]
=> To setup Windows XP now, press Enter.
Next comes the license agreement, you will then be presented with a list of installations to choose from to repair [usually just the one installation...]. Select your installation and type R. If Repair is not shown as an option then exit Setup, DO NOT "continue to install a fresh copy without repairing" or you will lose data and applications.
Setup will copy files etc and then reboot your computer. Don't boot again from the CD by pressing any key when the message appears, just wait a moment and your machine will restart.
Enable your firewall [ or windows firewall is sufficient at this time] and validate your XP.
Say how you get on.

0

I ran the Windows Repair thing like you said (thank you for clearing that up for me) but the problem's still there. I clicked on "Control Panel" so I could remove my husband's account from the computer (since he doesn't use mine anymore) and again everything but the background vanished and came back and Control Panel never opened.

0

Heather, a windows Repair replaces windows files and restores its registry settings, third party software files and reg entries are not affected so I think the problem may lie in that direction....
Because you mention Trillian it may be worth searching for and deleting these two WildTangent files which may have been installed along with Trilllian [bundled "spyware"]:
wtcpl.dll and wtcpl.cpl
May work, may not. The Repair was worth a try, at least it pointed the search in another direction.
Does going Start, run, typing control and pressing Enter work?

0

I just tried "Start, run, control" and it didn't work. The Start bar flashed again, which also means I can't run search and delete anything. If this happened every time I'd've figured out that something was wrong months ago but sometimes it does and sometimes it doesn't. Rebooting doesn't necessarily give me a boot where it works.

Yes Repair was worth a try. It's good to know where the problem isn't; especially when you can't find where it is. Thank you. :)

0

I know that you have Panda AV, but it may pay to try one of these. Theory is that it is possible that your resident AV could be affected by any malware, whereas an online scan will not be. First clean:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Just in case:
==AVG AntiRootkit from http://free.grisoft.com/doc/5390/lng/us/tpl/v5
One of these two:
==Pandasoftware ActiveScan using IE only from http://www.pandasoftware.com/products/activescan? - just follow through the pages, supply a "valid" email address... To reduce the number of detections run either CCleaner or ATF cleaner first [to remove cookies].
==Kaspersky Online Scan, from http://www.kaspersky.com/virusscanner -press the Kaspersky Online Scanner button, follow through....
Sorry I cannot help further.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.