nycste Posted September 5, 2007 Share Posted September 5, 2007 (edited) hi all. last night i got hit with some kinda virus worn spyware thing and my AV picked it up right away so i went into safemode and cleaned everything up ran all my cleaning programs and believe the issue to be gone.the issue was called. sysmngt.exeremacc radmin r_server.exe c:/windows/system32trojan horse instsvc.exe c/windows/sysmngtedit. just noticed the **** thing also shared the folder that the original problem file was found in a key g e n. i think. so the program made that folder shared on my network and full access to those files i just noticed that deleted it all.i rebooted into xp like normal and for some reason 3 things ive noticed so far have changed or stopped working.start menu doesnt do anything now. whether it be clicking it or hitting key on keyboard. it just blinks when clicked.i use quicklaunch and for some reason the extra programs that dont fit on the line that little >> thingy doesnt work. it doesnt show me my extra programs to use.and lastly humm think i forgot lastly. maybe only 2 issues. looking for any help. Edited September 5, 2007 by nycste Link to comment Share on other sites More sharing options...
nycste Posted September 5, 2007 Author Share Posted September 5, 2007 anyone got any ideas lots of peeps reading or at least point me in some direction to read more about Link to comment Share on other sites More sharing options...
thebigbluecan Posted September 6, 2007 Share Posted September 6, 2007 Mabie if you unlock the taskbar and move it to the side or top then try it. if it works put it back where you want it and lock it again. My idea probably wont work but its worth a try. Link to comment Share on other sites More sharing options...
nycste Posted September 6, 2007 Author Share Posted September 6, 2007 Mabie if you unlock the taskbar and move it to the side or top then try it. if it works put it back where you want it and lock it again. My idea probably wont work but its worth a try.yea tried this for the heck of it. didnt work. Link to comment Share on other sites More sharing options...
thebigbluecan Posted September 6, 2007 Share Posted September 6, 2007 Sorry i have no idea Link to comment Share on other sites More sharing options...
nycste Posted September 6, 2007 Author Share Posted September 6, 2007 Sorry i have no idea atleast your from NY and NY is kewl. from nyc here. 50views and only you respoonding bAH Link to comment Share on other sites More sharing options...
cluberti Posted September 6, 2007 Share Posted September 6, 2007 Try following Taurarian's post from 13-2-2005, 12:31AM from this post:http://www.pcreview.co.uk/forums/thread-522214.php\Running the iereg.bat will re-register pretty much all shell components, and may fix your issue. Link to comment Share on other sites More sharing options...
nycste Posted September 6, 2007 Author Share Posted September 6, 2007 (edited) Try following Taurarian's post from 13-2-2005, 12:31AM from this post:http://www.pcreview.co.uk/forums/thread-522214.php\Running the iereg.bat will re-register pretty much all shell components, and may fix your issue.thanks a ton gonna check this out now.humm that link isnt good. seems that thread is deleted or moved somewhere gonna see if i can find it Edited September 6, 2007 by nycste Link to comment Share on other sites More sharing options...
nycste Posted September 6, 2007 Author Share Posted September 6, 2007 (edited) But i did find this. on lockergnomeCopy the lines below into a file named 'IEReg.bat' and double click it torun it. This will reregister some DLLs for IE and the operating system.Restart for effect.--------------------------------regsvr32 comcat.dll /sregsvr32 shdoc401.dll /sregsvr32 shdoc401.dll /i /sregsvr32 asctrls.ocx /sregsvr32 oleaut32.dll /sregsvr32 shdocvw.dll /I /sregsvr32 shdocvw.dll /sregsvr32 browseui.dll /sregsvr32 browseui.dll /I /sregsvr32 msrating.dll /sregsvr32 mlang.dll /sregsvr32 hlink.dll /sregsvr32 mshtmled.dll /sregsvr32 urlmon.dll /sregsvr32 plugin.ocx /sregsvr32 sendmail.dll /sregsvr32 scrobj.dll /sregsvr32 mmefxe.ocx /sregsvr32 corpol.dll /sregsvr32 jscript.dll /sregsvr32 msxml.dll /sregsvr32 imgutil.dll /sregsvr32 thumbvw.dll /sregsvr32 cryptext.dll /sregsvr32 rsabase.dll /sregsvr32 inseng.dll /sregsvr32 iesetup.dll /i /sregsvr32 cryptdlg.dll /sregsvr32 actxprxy.dll /sregsvr32 dispex.dll /sregsvr32 occache.dll /sregsvr32 occache.dll /i /sregsvr32 iepeers.dll /sregsvr32 urlmon.dll /i /sregsvr32 cdfview.dll /sregsvr32 webcheck.dll /sregsvr32 mobsync.dll /sregsvr32 pngfilt.dll /sregsvr32 licmgr10.dll /sregsvr32 icmfilter.dll /sregsvr32 hhctrl.ocx /sregsvr32 inetcfg.dll /sregsvr32 tdc.ocx /sregsvr32 MSR2C.DLL /sregsvr32 msident.dll /sregsvr32 msieftp.dll /sregsvr32 xmsconf.ocx /sregsvr32 ils.dll /sregsvr32 msoeacct.dll /sregsvr32 inetcomm.dll /sregsvr32 msdxm.ocx /sregsvr32 dxmasf.dll /sregsvr32 l3codecx.ax /sregsvr32 acelpdec.ax /sregsvr32 mpg4ds32.ax /sregsvr32 voxmsdec.ax /sregsvr32 danim.dll /sregsvr32 Daxctle.ocx /sregsvr32 lmrt.dll /sregsvr32 datime.dll /sregsvr32 dxtrans.dll /sregsvr32 dxtmsft.dll /sregsvr32 WEBPOST.DLL /sregsvr32 WPWIZDLL.DLL /sregsvr32 POSTWPP.DLL /sregsvr32 CRSWPP.DLL /sregsvr32 FTPWPP.DLL /sregsvr32 FPWPP.DLL /sregsvr32 wshom.ocx /sregsvr32 wshext.dll /sregsvr32 vbscript.dll /sregsvr32 scrrun.dll mstinit.exe /setup /sregsvr32 msnsspc.dll /SspcCreateSspiReg /sregsvr32 msapsspc.dll /SspcCreateSspiReg /sexit---------------------------------- Regards,Dave Patrick ....Please no email replies - reply in newsgroup.Microsoft Certified ProfessionalMicrosoft MVP [Windows]http://www.microsoft.com/protect Edited September 6, 2007 by nycste Link to comment Share on other sites More sharing options...
nycste Posted September 6, 2007 Author Share Posted September 6, 2007 gahh this didnt work first try. i found another similiar file which i just ran and gonna reboot.so again summary of my issue.i had some bugs affect my system and i cleaned them all out. during this process whether the bugs did it or me cleaning out my system with several programs my start button on computer and keyboard does nothing. also the arrow sign thing on my quicktasks on the bottom taskbar.i click on them they change color thats it. nothing else happens cant seem to find much online either ive been checking Link to comment Share on other sites More sharing options...
nycste Posted September 7, 2007 Author Share Posted September 7, 2007 still no one can offer any help. noticed a third issue.1. title bars on all folders are missing the words the aka abilty to actually change stuff i think called title bar here is a pickthere are 4 things circled in red to show what my known problems ARE.2. start button wont do anything. when clicked it changes color and does nothing. hitting the windows buttomon keyboard does nothing either3. that little >> thing at bottom right of screen on taskbar quciklaunch doesnt work either even though there are programs hidden there.looking for some advice or at least where better to post this question and problem.-again this happened because i was hit wiht 2 diff types of virus/trojan/things which i believe to be fully removed. Link to comment Share on other sites More sharing options...
nycste Posted September 7, 2007 Author Share Posted September 7, 2007 Originally posted by: mechBgon1) Give us the precise names of the viruses/trojans/things. Your antivirus logs should say. Paste it in here. If you can pin down the site that the infection might've come from, send me a PM or paste it here in non-clickable form, for example: hXXp://www.mechbgon(DOT)com2) If you want to go forward with the fight against the malware, follow all the instructions on this page. My advice would also include removing AVG Free Edition and installing a 30-day trial version of Kaspersky AntiVirus 7, then going through all the settings and maxing out everything, including the heuristics, and then updating and doing a full scan, including the rootkit scan.3) If you want to go backward, then use System Restore to "go back in time" to before the attack.4) If you want to do what is absolutely guaranteed to work, back up your data safely, then make a DBAN CD-ROM, unplug all drives except your boot drive, DBAN it, then reinstall Windows while taking security precautions (scroll halfway down that page). After finishing, absolutely do not run any infectable filetypes from your old files. DO scan them with a bunch of online virus scanners to try to reduce the chance there's bad things left in them.just wanted to say thanks for your reply im reading stuff now. i have actually removed the AV program i was using when i got infected.here is a list of all the programs i use whenever i think i have a problem.AntivirAVGClaimwinsymantec corp avadaware se (used to use newest one but annoying processes made me go back)regscrubxprogueremoverspyware terminatorwise disk cleanerwise registry cleanera2 anti dialera2 freea2 hijackfreespybot search and destroyfree window registry repaircrap cleanerok thats my list of programs i run weekly. maybe im a clean freak haha.in response to you.1. ill try and list everything i can find in any log files. some of them i cant read. as posted in beginning of this thread these are the things i know popped up.sysmngt.exeremacc radmin r_server.exe c:/windows/system32trojan horse instsvc.exe c/windows/sysmngtmsn something.exe in system32 folder i think2. intersting advice to remove avg run tiral program and scan everything. ill prob try this maybe not tonight though. great idea.-and reading everything on that site and finding all and more free scanner programs i know there are a few more i ran that i didnt list like cwshredder and avast tool and stuff3. system restore on my computers are always turned off instantly. is this bad i dont know ive never had a problem. i usually reformat if i really run into a problem.4. alittle confused on that dban thing ill reread it. i have my harddrives partitioned and only 2 sections might be at risk if at all anymore.-due to all my cleaning of the computer with all above mentioned programs nothing shows up as infected or issues anymore. but im still left with my 3 broken things.thanks for respodning ill try and track more stuff down. Link to comment Share on other sites More sharing options...
nycste Posted September 7, 2007 Author Share Posted September 7, 2007 finnally found something usefull going through all my log files on entire computer.a-squared Free - Version 3.0Last update: 6/12/2007 7:47:10 PMScan settings:Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program FilesScan archives: OnHeuristics: OnADS Scan: OnScan start: 9/5/2007 4:26:16 AMc:\windows\system32\syscfg32.exe detected: Trace.File.SbotValue: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RadlightValue: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RadlightValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RadlightValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RadlightC:\WINDOWS\sysmngt\admin.exe detected: Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\install.exe detected: Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\nzm.exe detected: Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\preinstall.exe detected: Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\sysmngt.exe detected: Riskware.Server-FTP.Win32.Serv-U.6105C:\WINDOWS\system32\syscfg32.exe detected: Trojan.Win32.Agent.awzC:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.aScannedFiles: 32259Traces: 135708Cookies: 1Processes: 15FoundFiles: 7Traces: 5Cookies: 0Processes: 0Registry keys: 0Scan end: 9/5/2007 5:02:27 AMScan time: 12:36:11 AMC:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Quarantined Riskware.AdTool.Win32.MyWebSearch.aC:\WINDOWS\sysmngt\sysmngt.exe Quarantined Riskware.Server-FTP.Win32.Serv-U.6105C:\WINDOWS\sysmngt\admin.exe Quarantined Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\install.exe Quarantined Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\nzm.exe Quarantined Trojan.Win32.Agent.awzC:\WINDOWS\sysmngt\preinstall.exe Quarantined Trojan.Win32.Agent.awzC:\WINDOWS\system32\syscfg32.exe Quarantined Trojan.Win32.Agent.awzValue: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.RadlightValue: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.RadlightValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.RadlightValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlightc:\windows\system32\syscfg32.exe Quarantined Trace.File.SbotQuarantinedFiles: 7Traces: 5Cookies: 0 Link to comment Share on other sites More sharing options...
thebigbluecan Posted September 7, 2007 Share Posted September 7, 2007 Sorry i have no idea atleast your from NY and NY is kewl. from nyc here. 50views and only you respoonding bAHNew york isnt all its cracked up to be..lol Ive never been to the city though. Link to comment Share on other sites More sharing options...
nycste Posted September 7, 2007 Author Share Posted September 7, 2007 ok out of the listed programs i use regularly can anyone point me to the file or log im trying to find. i just went through everyfolder i could find unless they are system protected i only found that a2 log posted above which actually a2 found most of my issues i was proud of the free program.AntivirAVGClaimwinsymantec corp avadaware se (used to use newest one but annoying processes made me go back)regscrubxprogueremoverspyware terminatorwise disk cleanerwise registry cleanera2 anti dialera2 freea2 hijackfreespybot search and destroyfree window registry repaircrap cleaner where could i find the files i checked everything in windows, program files, all the user files, admin etc. unless they hidden or something lots of them were dat files or something no idea how to read those. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now