Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter #1
Hi I am using Windows 2000, I have resently been infected by a virus spread through msn. I used spybot adaware sophos Ccleaner and have removed all traces of the virus, but from the cleaning my windows is defective. After booting windows runs but everything takes an extremly long time to do anything like 5 minutes to open the start menu, so I have been using safe mode for the last couple days trying to find a solution. I can't find my win 2000 cds, I know the only thing I can do is a windows reinstall to fix the defective DLLs well is their a way to reinstall without the original cd, or to be able to creat a cd. If anyone has suggestions on how to fix it without a reinstal I definetly would like to hear that as well, Thank you.

James Bradbury
 

·
Registered
Joined
·
1,097 Posts
You can't reinstall without the CD. Where would you get the system files from?

I would try and run HijackThis in normal mode (not Safe Mode) and post your log to the HijackThis forum. You should be able to download it from Safe Mode and unzip it, but make sure you run it from normal mode. You may be able to correct the problem from Safe Mode.
 

·
Registered
Joined
·
10 Posts
Discussion Starter #3
Heres the Hijack findings

Logfile of HijackThis v1.99.1
Scan saved at 6:25:54 PM, on 10/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\My Documents\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\system32\udfuocxo\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\udfuocxo\csrss.exe
O2 - BHO: (no name) - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
 

·
Registered
Joined
·
10 Posts
Discussion Starter #5
I have found the cd and reinstalled it seemed to have run fine but after updating the reinstall and restarting it came back. I believe something has infected msn because it automatically starts which I had disabled, and the most obvious is I cant completly close it, it says I cant close it unless I close the program accesing it but I have no programs running. So a background process must be manipulating it. I am getting very tired of Safe Mode
 

·
Registered
Joined
·
255 Posts
Lets see, whenever i have a problem, i would run striaght away

Cleanup!
Ad-AwareSE Personal
Ewido Security Suite

i ran Ad-aware and ewido using full deep scans... i always do tat, trust me, if ad-aware dont find it, ewido will, and vice versa

these got rid of alot of my problems... dunno if it'll help
 

·
Registered
Joined
·
10 Posts
Discussion Starter #7
Well they did find things, but programs will now open and work but it takes 5-10 minutes for a program to open then it runs almost at a regular rate. I open task manager and it resricts me from closing anything. Im getting pretty tired of not being able to do anything so any suggestions?
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top