PDA

View Full Version : Need help removing a downloader trojan...>=(



embryooo
2005-12-05, 07:44
the issue is that i have trouble opening programs like winamp, AIM, IE and others. they are just not responding when i try to open them. also, all the spyware i have (i've tried everything from spybot, spyware doctor, adaware, etc...) usually freezes mid way through the scan. i've also disabled system restore and it's not working. help! i'm guessing i have either one or a combination of really nasty malware. assistance is very much appreciated!

i've done:
symantec virus scan: nothing infected with viruses
all anti-spyware programs freeze or become non-responsive
i can't even open IE to do a trend micro online scan
XP is showing a lot of performance degradation



here's my hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 12:38:21 AM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUMENTS AND SETTINGS\EMBRYOOO\DESKTOP\cwshredder-1.exe
C:\Documents and Settings\Embryooo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seaworld.com/seaworld/ca/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

LonnyRJones
2005-12-08, 07:43
Hi embryooo

Try Rebooting into safe mode and run your antivus and antispy programs there, one at a time of cource.

embryooo
2005-12-10, 00:05
Hi Lonny,

Okay I tried to re-boot into safe mode, but the programs still freeze. Spybot and a few others are either not accessible, or don't respond. Adaware will freeze when it is deep scanning my registry at a file in: software\microsoft\windows\current version\sharedDLLs...not sure which file it is though. i don't even know if that's the source. Anything else I can do?

LonnyRJones
2005-12-11, 15:22
Hi

Have you disabled anything with msconfig since the problem started ? if so what ?

You topic title mentions a trojan, we need more information, the name locations and what detected it

Download/save http://downloads.subratam.org/Openit_Get_extended.zip
to your desktop, extract the file inside, also to the desktop run the vbs file
type in c:\windows\system32
wait untill a report is made, post that then type in
c:\windows\system32\drivers
Post that report also.
Note: if your av detects a malicious script disregard that this is a diagnostic tool


Close any open unessesary programs
Download and run blacklite
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.

embryooo
2005-12-12, 01:43
Hi,

In the beginning I think that I disabled some startup programs (like quicktime, winamp, and yahoo widgets) in msconfig because the computer was lagging so much. I don't think it went into effect since some of the programs are still loading when I restart the computer.

I also downloaded a few other anti-spyware programs that ended up not freezing like spybot and adaware, and some of the scans (Spyware Doctor)had detected a downloader trojan, but when I ran them again, they either froze or other ones didn't detect the same thing. So I gave up on anti-spyware programs, because none were being consistent.

So that is why I thought it might have been a downloader trojan. Now, I really don't know what it is.

Here's some info on the symptoms and what I've tried to access:
Cannot open at all: Winamp, Control Panel, My Computer and most Desktop Icons/Folders
Can open but freezes: iTunes, Quicktime, Adaware, AIM, Spyware Doctor
Can open: Windows Task Manager, Mozilla Firefox, Ewido Security Suite, HijackThis, Symantec Anti-virus, Easy CD-Creator, Winzip, Microsoft Office

I will post the logs in a second reply.

embryooo
2005-12-12, 01:45
Heres the post for c:\windows\system32

12/11/2005 6:23:59 PM
List of files not including Positively Identified MS files in
c:\windows\system32\

Name: $ncsp$.inf
Date created: 8/10/2004 1:36:39 PM
Date last modified: 5/4/2005 10:46:41 AM
Size: 333.00 Bytes
Attributes: A

Type: Setup Information


Name: $winnt$.inf
Date created: 8/10/2004 12:56:42 PM
Date last modified: 5/11/2005 9:46:29 PM
Size: 239.00 Bytes
Attributes: A
Type: Setup Information


Name: 12520437.cpx
Date created: 8/10/2004 12:50:53 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 2,151.00 Bytes
Attributes: A
Type: CPX File


Name: 12520850.cpx
Date created: 8/10/2004 12:50:53 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 2,233.00 Bytes
Attributes: A
Type: CPX File


Name: a15.tbl
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 1,460.00 Bytes
Attributes: A
Type: TBL File


Name: a234.tbl
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 44,370.00 Bytes
Attributes: A
Type: TBL File


Name: acelpdec.ax
Date created: 8/10/2004 12:51:42 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 61,952.00 Bytes
Attributes: A
Type: AX File
Version: 1.40
Manufacturer: Sipro Lab Telecom Inc.


Name: acode.tbl
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 44,370.00 Bytes
Attributes: A
Type: TBL File


Name: amcompat.tlb
Date created: 8/10/2004 1:03:59 PM
Date last modified: 5/4/2005 10:35:35 AM
Size: 16,832.00 Bytes
Attributes: A
Type: TLB File


Name: ansi.sys
Date created: 8/10/2004 12:50:53 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 9,029.00 Bytes
Attributes: A
Type: System file


Name: aolexpat.dll
Date created: 5/2/2005 3:26:22 PM
Date last modified: 5/2/2005 3:26:22 PM
Size: 118,784.00 Bytes
Attributes: A
Type: Application Extension
Version: 1.95.8
Manufacturer: America Online, Inc.


Name: aollaunch.exe
Date created: 5/2/2005 3:26:22 PM
Date last modified: 5/2/2005 3:26:22 PM
Size: 128,088.00 Bytes
Attributes: A
Type: Application
Version: 1.2.2.0
Manufacturer: America Online, Inc.


Name: append.exe
Date created: 8/10/2004 12:50:53 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 12,498.00 Bytes
Attributes: A
Type: Application


Name: arphr.tbl
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 110,566.00 Bytes
Attributes: A
Type: TBL File


Name: arptr.tbl
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 16,312.00 Bytes
Attributes: A
Type: TBL File


Name: array30.tab
Date created: 6/30/2005 9:28:54 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 146,126.00 Bytes
Attributes: A
Type: TAB File


Name: arrayhw.tab
Date created: 6/30/2005 9:28:55 PM
Date last modified: 8/4/2004 5:00:00 AM
Size: 18,600.00 Bytes
Attributes: A
Type: TAB File


Name: ati2cqag.dll
Date created: 5/4/2005 10:05:06 AM
Date last modified: 12/4/2004 3:15:48 AM
Size: 245,760.00 Bytes
Attributes: A
Type: Application Extension
Version: 6.14.10.0257
Manufacturer: ATI Technologies Inc.


Name: ati2dvag.dll
Date created: 5/4/2005 10:05:06 AM
Date last modified: 12/4/2004 3:34:48 AM
Size: 217,088.00 Bytes
Attributes: A
Type: Application Extension
Version: 6.14.10.6483
Manufacturer: ATI Technologies Inc.


Name: ati2edxx.dll
Date created: 5/4/2005 10:05:06 AM
Date last modified: 12/4/2004 3:32:44 AM
Size: 30,720.00 Bytes
Attributes: A
Type: Application Extension
Version: 6, 14, 10, 2495
Manufacturer: ATI Technologies, Inc.


Name: ati2evxx.dll
Date created: 5/4/2005 10:05:06 AM
Date last modified: 12/4/2004 3:32:40 AM
Size: 90,112.00 Bytes
Attributes: A
Type: Application Extension
Version: 6.14.10.4107
Manufacturer: ATI Technologies Inc.

embryooo
2005-12-12, 01:46
Here's the post for c:\windows\system32\drivers ( second half)

Here are the Files whose Manufacturer is listed as Microsoft in this Folder:

1394bus.sys
ABP480N5.SYS
acpi.sys
acpiec.sys
adpu160m.sys
aec.sys
afd.sys
AGP440.SYS
AGPCPQ.SYS
aha154x.sys
aic78u2.sys
aic78xx.sys
ALIM1541.SYS
amdk6.sys
amdk7.sys
amsint.sys
arp1394.sys
asc3350p.sys
asyncmac.sys
atapi.sys
atmarpc.sys
atmepvc.sys
atmlane.sys
atmuni.sys
audstub.sys
battc.sys
beep.sys
bridge.sys
cbidf2k.sys
cd20xrnt.sys
cdaudio.sys
cdfs.sys
cdrom.sys
classpnp.sys
CmBatt.sys
compbatt.sys
cpqarray.sys
crusoe.sys
dac960nt.sys
disk.sys
diskdump.sys
dmboot.sys
dmio.sys
dmload.sys
DMusic.sys
dpti2o.sys
drmk.sys
drmkaud.sys
dxapi.sys
dxg.sys
dxgthk.sys
enum1394.sys
fastfat.sys
fdc.sys
fips.sys
flpydisk.sys
fltMgr.sys
fsvga.sys
fs_rec.sys
ftdisk.sys
hidclass.sys
hidparse.sys
hidusb.sys
hpn.sys
http.sys
i2omgmt.sys
i2omp.sys
i8042prt.sys
imapi.sys
ini910u.sys
intelide.sys
intelppm.sys
ip6fw.sys
ipfltdrv.sys
ipinip.sys
ipnat.sys
ipsec.sys
irenum.sys
isapnp.sys
kbdclass.sys
kmixer.sys
ks.sys
ksecdd.sys
mcd.sys
mf.sys
mnmdd.sys
modem.sys
mouclass.sys
mouhid.sys
mountmgr.sys
mrxdav.sys
mrxsmb.sys
msfs.sys
msgpc.sys
MSKSSRV.sys
MSPCLOCK.sys
MSPQM.sys
mssmbios.sys
mup.sys
ndis.sys
ndistapi.sys
ndisuio.sys
ndiswan.sys
ndproxy.sys
netbios.sys
netbt.sys
nic1394.sys
nmnt.sys
npfs.sys
ntfs.sys
null.sys
nwlnkflt.sys
nwlnkfwd.sys
nwlnkipx.sys
nwlnknb.sys
nwlnkspx.sys
ohci1394.sys
oprghdlr.sys
p3.sys
parport.sys
partmgr.sys
parvdm.sys
pci.sys
pciide.sys
pciidex.sys
pcmcia.sys
perc2.sys
perc2hib.sys
portcls.sys
processr.sys
psched.sys
ql10wnt.sys
ql1240.sys
rasacd.sys
rasl2tp.sys
raspppoe.sys
raspptp.sys
raspti.sys
rawwan.sys
rdbss.sys
rdpcdd.sys
rdpdr.sys
rdpwd.sys
redbook.sys
RMCast.sys
rndismp.sys
rootmdm.sys
scsiport.sys
sdbus.sys
serenum.sys
serial.sys
sffdisk.sys
sffp_sd.sys
sfloppy.sys
smclib.sys
sonydcam.sys
splitter.sys
sr.sys
srv.sys
stream.sys
swenum.sys
swmidi.sys
sysaudio.sys
tape.sys
tcpip.sys
tcpip6.sys
tdi.sys
tdpipe.sys
tdtcp.sys
termdd.sys
tosdvd.sys
toside.sys
tunmp.sys
udfs.sys
update.sys
usb8023.sys
usbcamd.sys
usbcamd2.sys
usbd.sys
usbehci.sys
usbhub.sys
usbintel.sys
usbport.sys
usbprint.sys
USBSTOR.SYS
usbuhci.sys
vga.sys
VIAAGP.SYS
viaide.sys
videoprt.sys
volsnap.sys
wanarp.sys
wdmaud.sys
wmilib.sys
wpdusb.sys
ws2ifsl.sys

embryooo
2005-12-12, 01:47
Last but not least, here's the post for F-secure Blacklight

12/11/05 18:35:12 [Info]: BlackLight Engine 1.0.29 initialized
12/11/05 18:35:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/11/05 18:35:12 [Note]: 7019 4
12/11/05 18:35:12 [Note]: 7005 0
12/11/05 18:35:16 [Note]: 7006 0
12/11/05 18:35:16 [Note]: 7011 1864
12/11/05 18:35:17 [Note]: FSRAW library version 1.7.1013
12/11/05 18:36:09 [Note]: 7007 0

LonnyRJones
2005-12-12, 03:13
How long has this been going on ?
If not long then perhaps using a system restore point would be a good idea

Maybe an aim virus/trojan
It cant hurt to try aimfix http://www.jayloden.com/aimfix.htm

embryooo
2005-12-13, 21:24
Hi,

This has probably been going on for a little under two weeks now.


Okay I tried AIM fix, but I don't think that it helped.
This is what the text showed:

SetPrivilege successfully set SeDebug rights
failure in getRegString for "load" key: The system cannot find the file specified.


failure in getRegString for "run" key: Cannot create a file when that file already exists.


1.3.1112.1421


Setting security privileges for AIMfix...

First, closing any running copies of AOL Instant Messenger (aim.exe):

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***


***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

LonnyRJones
2005-12-13, 21:46
Hi
Save yourself some trouble and just use a system restore point back to a couple days before the problems started.

embryooo
2005-12-14, 05:22
Hi,

Sorry for the trouble, but how do you restore the system to a specific date?
Thanks!

LonnyRJones
2005-12-14, 09:40
Hi

Start system restore choose restore my computer to an earlier time > next you will see a calender, you can use this months or click the < to see and choose from last months restore ponts < i suggest going back two or three days before the problems started.
Good luck

embryooo
2005-12-14, 17:21
Hi,

Okay my sysmtem restore utility is non-responsive as well. I was able to turn it back on, but as for checking for dates, it just freezes. THANKS for all the suggestions and help! I think I might have to reformat.

tashi
2005-12-17, 22:43
This topic will now be archived.
Good luck and if you need the thread reopened please pm me.