Jump to content

teddy

Member
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    United States

About teddy

teddy's Achievements

0

Reputation

  1. teddy
    I don't think what I'm experiencing is "by design". I can do nothing except "dir" inside C. If that's a natural limitation of the Recovery Console, then it would be pretty worthless. It would also make all instruction pages I'm trying to follow totally useless. In any case, we think that the drive is hosed.
  2. teddy
    I have a computer with a corrupt/missing system32/config/system. I know how to fix that with recovery console. My problem is that when I go into the recovery console, it never asks for an administrator password, and everything (that i've tried) other than the C:\ tells me "Access Denied". Can't go look at any folders, copy things, etc. Any thoughts? Thanks for any help.
  3. teddy
    So here's the stuff. Already had a pop-up come while I was getting to msfn.org. I've run AdAware, SpyBot, SpyBlaster (although it seemed to be a protective thing? did i miss a scan part of it?), CWShredder, CCleanup, NAV 2004 with updates (before, and I'll let it run again when I leave the office), and Hijack This (obviously). This computer is a mess. In other news, I deleted all forms of the C:\windows\XXX.exe and System32\XXX.exe twice already today (in the registry, and in Hijack This both). Some recent activity has put "Danger: Spyware!" on the background (and not letting me change it, at least not in the normal fashion. an ad for "Smart Security") and even removed most of the icons. The icons still appear in c:\..Doc&Set\...\Desktop though. Craziness. I'll be crawling back here to work on it more in the morning. Yuck! Logfile of HijackThis v1.99.1 Scan saved at 5:23:31 PM, on 4/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\Lfo.exe c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\tmp9.tmp C:\WINDOWS\System32\open32.exe C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\temp25.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Documents and Settings\Christopher\Application Data\eetu.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Christopher\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B73F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\pifn.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E437B5F3-5F14-56CC-49FE-05E2EA5376B2} - C:\WINDOWS\System32\xfr.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [systemos Restart] Rundll32.exe pifn.dll, DllRegisterServer O4 - HKLM\..\Run: [Rra] C:\WINDOWS\Lfo.exe O4 - HKLM\..\Run: [iqd] C:\WINDOWS\Erd.exe O4 - HKLM\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exe O4 - HKLM\..\Run: [Noe] C:\WINDOWS\System32\Cha.exe O4 - HKLM\..\Run: [shell] open32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Rra] C:\WINDOWS\Lfo.exe O4 - HKCU\..\Run: [iqd] C:\WINDOWS\Erd.exe O4 - HKCU\..\Run: [Mcg] C:\WINDOWS\System32\Ikj.exe O4 - HKCU\..\Run: [Noe] C:\WINDOWS\System32\Cha.exe O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Christopher\Application Data\eetu.exe O4 - HKCU\..\Run: [xservice] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\temp25.exe O4 - Startup: winupdate00479110[1].exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9BC603C0-C00A-4910-9E57-65DBE757B270} - (no file) (HKCU) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 64.62.171.156 O15 - Trusted IP range: 64.62.171.156 (HKLM) O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=4604 O20 - Winlogon Notify: drct16 - drct16.dll (file missing) O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
  4. teddy
    I'm working on a laptop with some serious spyware/virus issues. One of the real bad ones involves "horse-active.net" or something like that, and another apparently escapes removal and keeps installing tons of files with three random letters in C:\Windows\System32 (I think). Things like hod.exe or ptt.exe or any other combination. Any thoughts?
  5. teddy
    At first it wouldn't show any possibly restore points. I think the Recovery COnsole stuff I did had hidden that. So I manually copied the Restore Data (system, security, default, sam, software) into the Windows Temp file, went into Recovery Console and copied them into the system32/config folder and things picked up great from there. Started up great and then ran a system. It's a thing of beauty when it all works right! THanks folks.
  6. teddy
    I did some Recovery Console action on a comp that had a c0000218 Registry File Failure problem and it worked out well. At least, it got it to start up. Now, the screen is stuck at 640x480 pixels and 4-bit when I start normally. And it won't let me change from that. When I start in Safe Mode, it's stuck at 640-480, and is stuck in 16-bit mode. Thoughts? Neither one lets me chagne to any other setting... Also, the Add/Remove Programs thing is totally empty! Won't load up anything at all. Madness I tell you. Thanks for any help!
  7. teddy
    Alright- sorta long situation. I'm trying to recover data off of an old Windows 3.1 Hard Drive. I stupidly connect it to another XP computer's IDE and pretty much break everything. Looks like the registry and boot sequence to the XP are fried. So now I'm just trying ot save my own hide and get the XP back to working. I think it may have been an ME to XP upgrade also. So I try XP repair things and it says the drive is corrupted. I try chkdsk and it says "looks fine", chkdsk /p says "unrecoverable errors", chkdsk /r takes an hour or so to run and completes saying "fixed one or more places". Now the XP repair is visible again. Goes through copying the files and then "setup will resume after restart". But then it does nothign but go right back to the beginning. IF I choose repair, it says "Setup has already attempted to upgrade" and asks if I want to try again. Now I'm stuck, and facing the horrible option of copying salvaged data (which is visible on a working comp), totally reinstalling XP, and telling the people that they have to reinstall everything. Not good. Thoughts? Advice? Any help would be awesome. ANOTHER SITUATION: "paging file is too small" business. I go into the virtual memory setting and change the customized settings, but the computer never seems to care. It always sets 256M as the paging file amount. I put the minimum at 573 (the recommended) and it doesn't care, right back to 256 next startup. I tell it to set it automatically (which apparently should set it to 1.5 times the RAM amount, so 1.5 times the 384 in there = 573). No dice. It seems to have its mind set on 256Mb. Thanks to anyone who can help me out or suggest someone/where to ask.
×
×
  • Create New...