Got a virus, fixed it, now my windows is stuck in the classic skin and won't connect to the internet

C

CaptainDizzy

So I got the AntiSpyware Soft virus/spam/whatever it's considered

recently because I was an idiot and left my computer on for a week while

I was out of town with out my firewall on. I wrestled with it for a

while, but I finally got rid of it. Last night my computer was working

just fine, internet and all, in the XP Silver skin. This morning

however, my computer is taking for ever to load up, and when it finally

does it's stuck in the windows classic scheme and my computer is stuck

in acquiring the address when trying to connect to my internet through

my router. Every other computer in my house can get on the net but my

desktop. I've ran Malwarebytes several times and it's not finding

anything, and from what I can tell my HiJackThis log seems alright. I'm

a little worried that removing the bug corrupted my windows some how.



I'm running Windows XP Pro SP3 with the AntiWPA activation crack,

(Please spare me the 'you should buy the actual windows' BS please.)

with an Intel Core2 Duo 3Ghz processor, and 3.25Gigs of RAM on an MSI

motherboard (can't remember the actual model atm.)



My current HiJackThis log is as follows:

> Logfile of Trend Micro HijackThis v2.0.3 (BETA)

> Scan saved at 1:45:24 PM, on 5/25/2010

> Platform: Windows XP SP3 (WinNT 5.01.2600)

> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

> Boot mode: Normal

>

> Running processes:

> C:\WINDOWS\System32\smss.exe

> C:\WINDOWS\system32\winlogon.exe

> C:\WINDOWS\system32\services.exe

> C:\WINDOWS\system32\lsass.exe

> C:\WINDOWS\system32\Ati2evxx.exe

> C:\WINDOWS\system32\svchost.exe

> C:\WINDOWS\system32\spoolsv.exe

> C:\WINDOWS\System32\svchost.exe

> C:\WINDOWS\system32\Ati2evxx.exe

> C:\WINDOWS\Explorer.EXE

> C:\Program Files\Bonjour\mDNSResponder.exe

> C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

> C:\Program Files\Google\Update\GoogleUpdate.exe

> C:\Program Files\Java\jre6\bin\jqs.exe

> C:\WINDOWS\system32\PnkBstrA.exe

> C:\WINDOWS\system32\PnkBstrB.exe

> C:\WINDOWS\system32\svchost.exe

> C:\WINDOWS\system32\Tablet.exe

> C:\WINDOWS\system32\Wacom_Tablet.exe

> C:\WINDOWS\system32\wscntfy.exe

> C:\Program Files\Analog Devices\Core\smax4pnp.exe

> C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

> C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

> C:\Program Files\Nero\Nero 7\InCD\InCD.exe

> C:\WINDOWS\system32\M-AudioTaskBarIcon.exe

> C:\Program Files\Winamp\winampa.exe

> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

> C:\Program Files\Common Files\Java\Java Update\jusched.exe

> C:\Program Files\Common Files\Research In Motion\Auto

> Update\RIMAutoUpdate.exe

> C:\Program Files\DivX\DivX Update\DivXUpdate.exe

> C:\WINDOWS\system32\WTablet\TabUserW.exe

> C:\Program Files\OpenOffice.org 3\program\soffice.exe

> C:\Program Files\OpenOffice.org 3\program\soffice.bin

> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

> Foundation\infocard.exe

> C:\WINDOWS\system32\rundll32.exe

> C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

>

> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

> Settings,ProxyServer = http=127.0.0.1:5555

> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

> C:\Program Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

> O2 - BHO: Adobe PDF Conversion Toolbar Helper -

> {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

> Files\Java\jre6\bin\jp2ssv.dll

> O2 - BHO: JQSIEStartDetectorImpl -

> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

> O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -

> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

> O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

> Devices\Core\smax4pnp.exe

> O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

> Devices\SoundMAX\Smax4.exe" /tray

> O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

> Files\Ahead\Lib\NeroCheck.exe

> O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero

> 7\InCD\NBHGui.exe

> O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

> O4 - HKLM\..\Run: [M-Audio Taskbar Icon]

> C:\WINDOWS\system32\M-AudioTaskBarIcon.exe

> O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

> O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI

> Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

> O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common

> Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

> O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

> Files\Adobe\ARM\1.0\AdobeARM.exe"

> O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program

> Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

> O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program

> Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

> O4 - HKLM\..\Run: [Adobe_ID0ENQBO]

> C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

> Files\QuickTime\QTTask.exe" -atboottime

> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common

> Files\Java\Java Update\jusched.exe"

> O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common

> Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

> O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio

> Shared\9.0\SharedCOM\RoxWatchTray9.exe"

> O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX

> Update\DivXUpdate.exe" /CHECKNOW

> O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

> O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org

> 3\program\quickstart.exe

> O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

> O4 - Global Startup: TabUserW.exe.lnk =

> C:\WINDOWS\system32\WTablet\TabUserW.exe

> O8 - Extra context menu item: Append Link Target to Existing PDF -

> res://C:\Program Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

> O8 - Extra context menu item: Append to Existing PDF - res://C:\Program

> Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

> O8 - Extra context menu item: Convert Link Target to Adobe PDF -

> res://C:\Program Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

> O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

> Files\Common

> Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

> Diagnostic\xpnetdiag.exe

> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> C:\Program Files\Messenger\msmsgs.exe

> O9 - Extra 'Tools' menuitem: Windows Messenger -

> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

> Files\Messenger\msmsgs.exe

> O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

> O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated -

> C:\Program Files\Common Files\Adobe\Adobe Version Cue

> CS4\Server\bin\VersionCueCS4.exe

> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

> C:\WINDOWS\system32\Ati2evxx.exe

> O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##

> (Bonjour Service) - Apple Computer, Inc. - C:\Program

> Files\Bonjour\mDNSResponder.exe

> O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -

> C:\Program Files\Common Files\Macrovision Shared\FLEXnet

> Publisher\FNPLicensingService.exe

> O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

> C:\Program Files\Google\Update\GoogleUpdate.exe

> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> Corporation - C:\Program Files\Common

> Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

> O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

> Files\Nero\Nero 7\InCD\InCDsrv.exe

> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

> O23 - Service: McAfee Security Scan Component Host Service

> (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee

> Security Scan\2.0.181\McCHSvc.exe

> O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

> BackItUp\NBService.exe

> O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

> Files\Ahead\Lib\NMIndexingService.exe

> O23 - Service: PnkBstrA - Unknown owner -

> C:\WINDOWS\system32\PnkBstrA.exe

> O23 - Service: PnkBstrB - Unknown owner -

> C:\WINDOWS\system32\PnkBstrB.exe

> O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program

> Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

> O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program

> Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

> O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions

> - C:\Program Files\Common Files\Roxio

> Shared\9.0\SharedCOM\RoxLiveShare9.exe

> O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common

> Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

> O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions

> - C:\Program Files\Common Files\Roxio

> Shared\9.0\SharedCOM\RoxWatch9.exe

> O23 - Service: TabletService - Wacom Technology, Corp. -

> C:\WINDOWS\system32\Tablet.exe

> O23 - Service: TabletServiceWacom - Wacom Technology, Corp. -

> C:\WINDOWS\system32\Wacom_Tablet.exe

>

> --

> End of file - 8607 bytes




I really don't know what else to do, so any help at all is very much

appreciated. I don't want to reinstall windows, but if nothing better

turns up looks like I'm going to. Thank you all for your help.





--

CaptainDizzy

------------------------------------------------------------------------

CaptainDizzy's Profile: http://forums.techarena.in/members/224567.htm

View this thread: http://forums.techarena.in/windows-xp-support/1340578.htm



http://forums.techarena.in
 
T

Tom Willett

ROFLMAO! You got what you deserved, you Hooplehead pirate.



: I'm running Windows XP Pro SP3 with the AntiWPA activation crack,

: (Please spare me the 'you should buy the actual windows' BS please.)

: with an Intel Core2 Duo 3Ghz processor, and 3.25Gigs of RAM on an MSI

: motherboard (can't remember the actual model atm.)

:
 
D

David H. Lipman

From: "CaptainDizzy"



| So I got the AntiSpyware Soft virus/spam/whatever it's considered recently because I

| was an idiot and left my computer on for a week while I was out of town with out my

| firewall on. I wrestled with it for a while, but I finally got rid of it. Last night my

| computer was working just fine, internet and all, in the XP Silver skin. This morning

| however, my computer is taking for ever to load up, and when it finally does it's stuck

| in the windows classic scheme and my computer is stuck in acquiring the address when

| trying to connect to my internet through my router. Every other computer in my house

| can get on the net but my desktop. I've ran Malwarebytes several times and it's not

| finding anything, and from what I can tell my HiJackThis log seems alright. I'm a

| little worried that removing the bug corrupted my windows some how.



| I'm running Windows XP Pro SP3 with the AntiWPA activation crack, (Please spare me the

| 'you should buy the actual windows' BS please.) with an Intel Core2 Duo 3Ghz processor,

| and 3.25Gigs of RAM on an MSI motherboard (can't remember the actual model atm.)



You are using the leech of Microsoft News Groups called techarena.in and it is leeching

off of the news group named

microsoft.public.windowsxp.help_and_support which does NOT allow posting HJT logs nor

will anyone, who knows better, interpret them.



You are directed to go to a forum where you can get expert advice for HiJack This! (HJT)

Logs.



Please post the contents of the HJT log in your post with a full explanation of your

problem and what you have done to date in one of the below expert forums...



NOTE: Registration is REQUIRED in any of the below before posting a log



Suggested primary:

http://www.thespykiller.co.uk/index.php?board=3.0



Suggested secondary:

http://www.bleepingcomputer.com/forums/forum22.html

http://www.malwarebytes.org/forums/index.php?showforum=7



Suggested tertiary:

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.atribune.org/forums/index.php?showforum=9

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://forum.networktechs.com/forumdisplay.php?f=130

http://forums.maddoktor2.com/index.php?showforum=17

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.spywareinfo.com/index.php?showforum=18

http://forums.techguy.org/f54-s.html

http://forums.tomcoyote.org/index.php?showforum=27

http://forums.subratam.org/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://aumha.net/viewforum.php?f=30

http://makephpbb.com/phpbb/viewforum.php?f=2

http://forums.techguy.org/54-security/

http://forums.security-central.us/forumdisplay.php?f=13









--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Back
Top Bottom