neander1
asked on
pernicious virus? - home page hijacked to windowws.cc, IE won't launch, various windows open blank
My laptop appears to be infected with a virus that is causing numerous problems. I presume, but do not know, that the machine became infected during a period of several days between when my Norton Internet Security 2003 subscription lapsed and my attempt to install Norton Internet Security 2004. I will list the symptoms first, then the actions I've taken to correct the problem so far, and last provide the hijackthis log as of this morning. I would deeply appreciate some help ridding my machine of this awful infection.
The symptoms:
1. When attempting to launch Internet Explorer (version 6.0), a browser window briefly flashes and is then replaced with a "File Download" window. (File name: hp.htm; File type: html document; From: www.windowww.cc).
2. Before this started happening, my home page on IE was being hijacked to http://www.windowws.cc/hp.htm?id=9. Uninvited sites are also added to my favorites, mostly porn sites.
3. Windows in various utilities and programs open blank, including the search window in Windows XP, system restore window, help windows in various programs, and all windows in Norton Internet Security 2004. Also some messages arrive in Outlook with blank text fields. When attempting to open or reply to these messages, a window opens with message: "Can't open this item. The text formatting command is not available. It may not be installed correctly. Please install outlook again. An OLE registration error has occurred. The program is not correclty installed. Run SetUp again for the program." I have run set up again, but it did not correct the problem.
4. Various programs/fixes I have downloaded to try to correct this problem, for instance Norton's Intelligent Updater, disappear when I click on their icons or try to install them. I did manage to run a Norton scan however by installing the Updater in Safe Mode with command prompts. (see results of the scan below).
Actions taken so far:
1. I have updated and run Spybot, which found several problems including instances of www.coolwebsearch, which I gather is an adware related virus. Removing them did not fix any problems. I also ran Spysweeper, which also detected and tried to correct the change in my homepage to windowws.cc, but the redirection immediately returns. I also ran CWShredder this morning, which removed 5 infected IE resistry values and “CWS.IEengine,” but this did not fix the problem – according to spysweeper, I’m still getting redirected to windowws.cc, though I’m not actually going there or anywhere else in IE, since it won’t launch.
2. I spent forty bucks and an hour or so with a Norton virus removal person on the phone. With his help I was able to run a scan using their latest update, which detected several instances of the Trojan Horse virus and Download.Trojan. I deleted the infected files during the scan, then reran the scan, which detected no infection. I uninstalled Norton Internet Security, then scanned again just to be sure, then re-installed it. Nothing has changed. Same problems. Norton Antivirus windows open up blank, etc.
In short, my Internet Explorer, Outlook, Search engine, NAV, system restore, etc. are all defunct. I'm able to browse and get email via Netscape and Mozilla however. I would deeply appreciate any help ASAP. As you can no doubt tell, I am not an IT professional, but don’t know where else to turn. I don't understand the point system of this forum but would be glad to pay someone to help me get rid of this problem.
Here is my latest hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 10:41:13 AM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sgmg40
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.
C:\WINDOWS\System32\gearse
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sgmg40
O4 - HKLM\..\Run: [cleaner] C:\WINDOWS\System32\clzsil
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {C432C4BD-3566-411C-8F3C-E
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
The symptoms:
1. When attempting to launch Internet Explorer (version 6.0), a browser window briefly flashes and is then replaced with a "File Download" window. (File name: hp.htm; File type: html document; From: www.windowww.cc).
2. Before this started happening, my home page on IE was being hijacked to http://www.windowws.cc/hp.htm?id=9. Uninvited sites are also added to my favorites, mostly porn sites.
3. Windows in various utilities and programs open blank, including the search window in Windows XP, system restore window, help windows in various programs, and all windows in Norton Internet Security 2004. Also some messages arrive in Outlook with blank text fields. When attempting to open or reply to these messages, a window opens with message: "Can't open this item. The text formatting command is not available. It may not be installed correctly. Please install outlook again. An OLE registration error has occurred. The program is not correclty installed. Run SetUp again for the program." I have run set up again, but it did not correct the problem.
4. Various programs/fixes I have downloaded to try to correct this problem, for instance Norton's Intelligent Updater, disappear when I click on their icons or try to install them. I did manage to run a Norton scan however by installing the Updater in Safe Mode with command prompts. (see results of the scan below).
Actions taken so far:
1. I have updated and run Spybot, which found several problems including instances of www.coolwebsearch, which I gather is an adware related virus. Removing them did not fix any problems. I also ran Spysweeper, which also detected and tried to correct the change in my homepage to windowws.cc, but the redirection immediately returns. I also ran CWShredder this morning, which removed 5 infected IE resistry values and “CWS.IEengine,” but this did not fix the problem – according to spysweeper, I’m still getting redirected to windowws.cc, though I’m not actually going there or anywhere else in IE, since it won’t launch.
2. I spent forty bucks and an hour or so with a Norton virus removal person on the phone. With his help I was able to run a scan using their latest update, which detected several instances of the Trojan Horse virus and Download.Trojan. I deleted the infected files during the scan, then reran the scan, which detected no infection. I uninstalled Norton Internet Security, then scanned again just to be sure, then re-installed it. Nothing has changed. Same problems. Norton Antivirus windows open up blank, etc.
In short, my Internet Explorer, Outlook, Search engine, NAV, system restore, etc. are all defunct. I'm able to browse and get email via Netscape and Mozilla however. I would deeply appreciate any help ASAP. As you can no doubt tell, I am not an IT professional, but don’t know where else to turn. I don't understand the point system of this forum but would be glad to pay someone to help me get rid of this problem.
Here is my latest hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 10:41:13 AM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sgmg40
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.
C:\WINDOWS\System32\gearse
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sgmg40
O4 - HKLM\..\Run: [cleaner] C:\WINDOWS\System32\clzsil
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {C432C4BD-3566-411C-8F3C-E
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> I am unable to because the "services" window in the Administrative Tools folder comes up blank.
no problem u can disable it alos from Start>Run>msconfig>Service
and remember Messenger Service is not Windows Messenegr
Windows Messenger is the IM software, Messenger Services is for sending command messages in a network system :)
no problem u can disable it alos from Start>Run>msconfig>Service
and remember Messenger Service is not Windows Messenegr
Windows Messenger is the IM software, Messenger Services is for sending command messages in a network system :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks RevelationCS....I'll peruse that site... meanwhile, SS or Revelation, how do I run an SFC Scan? I got up to that step, but not sure how to proceed. Just in case I have to redo anything (I had to connect to the internet to send this message), my new hijackthis log is below.
Also, is it important to be in safe modeto run the repair/reinstall fix on www.theeldergeek.com? I can't do so since it requires accessing my Windows XP CD, and I have an external CD drive that doesn't work in Safe Mode. Thanks, Neander1
Here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 5:00:48 PM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\WINDOWS\System32\cisvc.
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\svchos
C:\Program Files\Netscape\Netscape\Ne
C:\WINDOWS\System32\wuaucl
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
R1 - HKCU\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
Also, is it important to be in safe modeto run the repair/reinstall fix on www.theeldergeek.com? I can't do so since it requires accessing my Windows XP CD, and I have an external CD drive that doesn't work in Safe Mode. Thanks, Neander1
Here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 5:00:48 PM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\WINDOWS\System32\cisvc.
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\svchos
C:\Program Files\Netscape\Netscape\Ne
C:\WINDOWS\System32\wuaucl
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
R1 - HKCU\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
only this entry is Bad >> O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
so fix it :)
and i think u have installed this ur self and dont want to remove it, right :)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
anywayz,,,, abt SFC Scan,,,, u can run it in Normal Mode without any problem.... Goto START>RUN and type sfc /scannow
u will need ur WinXP CD in order to fix the corrupted windows system files, if found by scan.
its described in the www.theeldergeek.com site also,,,, after SFC scan, reinstall IE by ie.inf method OR run the IEFix tool, both methods are same :)
and after that restart and now check for the remaining problems.... post them here, and we will try to kick them out also, Good Luck =)
so fix it :)
and i think u have installed this ur self and dont want to remove it, right :)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
anywayz,,,, abt SFC Scan,,,, u can run it in Normal Mode without any problem.... Goto START>RUN and type sfc /scannow
u will need ur WinXP CD in order to fix the corrupted windows system files, if found by scan.
its described in the www.theeldergeek.com site also,,,, after SFC scan, reinstall IE by ie.inf method OR run the IEFix tool, both methods are same :)
and after that restart and now check for the remaining problems.... post them here, and we will try to kick them out also, Good Luck =)
BAH! You beat me to it SS! You gotta stop that! ;)
As he said, do the above steps...
As he said, do the above steps...
>> BAH! You beat me to it SS! You gotta stop that! ;)
No one can stop me..... coz Im not at work and not Married yet !!
LOL :D
No one can stop me..... coz Im not at work and not Married yet !!
LOL :D
ASKER
Hi SS,
Sorry for the delay in responding -- been traveling. I ran through the steps you suggested and low and behold, everything worked again, except was still getting hijacked to windowws.cc home page, and unwanted sites being added to favorites. I ran a Spysweeper scan this morning though which appears to have taken care of that problem -- we'll see. In any case, the news is good. Much thanks. Please send yr email address.
Sorry for the delay in responding -- been traveling. I ran through the steps you suggested and low and behold, everything worked again, except was still getting hijacked to windowws.cc home page, and unwanted sites being added to favorites. I ran a Spysweeper scan this morning though which appears to have taken care of that problem -- we'll see. In any case, the news is good. Much thanks. Please send yr email address.
neander1 never mind abt the delay.... and its really good that ur system is running again smoothly..... :)
but i want u to test ur system for some days more to verify if all junk are really gone from ur system, and its safe from the Reinfection :)
>> Please send yr email address
may i ask why,,,, i mean any problem which u want to ask or anything ??
anywayz u can still find it in my profile, as publishing emails on Questions is not allowed here, due to those Spammers =\
Feel free to ask\discuss anything else if u find it confusing =)
but i want u to test ur system for some days more to verify if all junk are really gone from ur system, and its safe from the Reinfection :)
>> Please send yr email address
may i ask why,,,, i mean any problem which u want to ask or anything ??
anywayz u can still find it in my profile, as publishing emails on Questions is not allowed here, due to those Spammers =\
Feel free to ask\discuss anything else if u find it confusing =)
ASKER
SS- Only reason I wanted yr email was to discuss a little compensation for your help, which I wasn't sure was appropriate here. I paid Symantec corp. $40 to not fix the problem, and I think it's only fair if I offer you the same for fixing it.
Here is my latest hijackthis log. Let me know what else is needed to verify if junk is gone from the system.. thanks
Logfile of HijackThis v1.97.7
Scan saved at 11:37:01 AM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\System32\cisvc.
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\svchos
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
C:\Program Files\Netscape\Netscape\Ne
C:\WINDOWS\System32\msiexe
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sgoc0t
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
Here is my latest hijackthis log. Let me know what else is needed to verify if junk is gone from the system.. thanks
Logfile of HijackThis v1.97.7
Scan saved at 11:37:01 AM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDis
C:\Program Files\TaskPlus\taskplus0.e
C:\WINDOWS\System32\cisvc.
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\svchos
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
C:\Program Files\Netscape\Netscape\Ne
C:\WINDOWS\System32\msiexe
C:\Documents and Settings\Jessica\My Documents\downloads\Hijack
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sgoc0t
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDis
O4 - Global Startup: Task Plus.lnk = C:\Program Files\TaskPlus\taskplus0.e
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
Well ur Log is perfectly fine now,,,,, good job ^_^
>> Only reason I wanted yr email was to discuss a little compensation for your help,
lol my friend,,,, no nooooooo.... u dont need to pay or do anything for us,,,,, i and all experts here work for free.... some for helping others with their experience and knowledge, and some(like me) for gaining knowledge and sharing with others :)
and in return we get points and a thank u from the asker and that's more than enough for us :)
actually how we work here..... is u give points value for asking a question, as u gave 500 for this question..... and then u get helpfrom one or more experts.... u try their suggestions, and then when u get the solution of ur problem, u have to Accept the suggestion from that expert which solved ur problem :)
these points rank experts and provide them with premium services.... and that's the erason we compete for them, u know like old school days,,, whoever gets the highest points will declare as First :D
Here is out Help Page which u will love to read, on How we move on EE >> https://www.experts-exchange.com/help.jsp
and abt this question,,,,, i dont want u too close this question right now..... i want u to use ur system for some days more and when u will satisfy that yes everything is OK now.... u can come back and close this qeustion by Accepting the right comemtns which solved ur problem :)
anything else where i can help u =)
>> Only reason I wanted yr email was to discuss a little compensation for your help,
lol my friend,,,, no nooooooo.... u dont need to pay or do anything for us,,,,, i and all experts here work for free.... some for helping others with their experience and knowledge, and some(like me) for gaining knowledge and sharing with others :)
and in return we get points and a thank u from the asker and that's more than enough for us :)
actually how we work here..... is u give points value for asking a question, as u gave 500 for this question..... and then u get helpfrom one or more experts.... u try their suggestions, and then when u get the solution of ur problem, u have to Accept the suggestion from that expert which solved ur problem :)
these points rank experts and provide them with premium services.... and that's the erason we compete for them, u know like old school days,,, whoever gets the highest points will declare as First :D
Here is out Help Page which u will love to read, on How we move on EE >> https://www.experts-exchange.com/help.jsp
and abt this question,,,,, i dont want u too close this question right now..... i want u to use ur system for some days more and when u will satisfy that yes everything is OK now.... u can come back and close this qeustion by Accepting the right comemtns which solved ur problem :)
anything else where i can help u =)
You can also split points between comments if multiple comments assisted you with the resolution... to do so, just click on the linke that says "Split Points" and divide them up appropriately...
ASKER
Hi SS and RCS --
well, things didn't turn out so well after all. My computer ran for a day or two, then after trying to load Java and some small Microsoft update (not SP2), I restarted and got a blue screen with a STOP: fatal error {C000021a}. I was not able to reboot, even in Safe Mode. I called Dell, and after being on hold for a couple of hours and bouncing from one person to another was told to try a parallel reinstall of Windows. I did this and the computer will reboot in safe mode, but I still am being hijacked to windowws.cc home page and a lot of stuff doesn't work right, perhaps because I haven't reinstalled all the Dell drivers, and I can't reboot normally -- just get a blank screen. Dell now suggests I back everything up and do a complete reinstall, which I'm a little relucant to do, because I'm not sure I've got my emails backed up properly (can't find Outlet.pst file, since my Windows search program comes up with only partial text) and because I can't find the device drivers CD... but will reinstall if there is no other solution. Meanwhile I'm working on my old computer... any suggestions? Should I post another hijackthis log here? Or just bite the bullet and reinstall Windows? Will that get rid of this virus for sure?
well, things didn't turn out so well after all. My computer ran for a day or two, then after trying to load Java and some small Microsoft update (not SP2), I restarted and got a blue screen with a STOP: fatal error {C000021a}. I was not able to reboot, even in Safe Mode. I called Dell, and after being on hold for a couple of hours and bouncing from one person to another was told to try a parallel reinstall of Windows. I did this and the computer will reboot in safe mode, but I still am being hijacked to windowws.cc home page and a lot of stuff doesn't work right, perhaps because I haven't reinstalled all the Dell drivers, and I can't reboot normally -- just get a blank screen. Dell now suggests I back everything up and do a complete reinstall, which I'm a little relucant to do, because I'm not sure I've got my emails backed up properly (can't find Outlet.pst file, since my Windows search program comes up with only partial text) and because I can't find the device drivers CD... but will reinstall if there is no other solution. Meanwhile I'm working on my old computer... any suggestions? Should I post another hijackthis log here? Or just bite the bullet and reinstall Windows? Will that get rid of this virus for sure?
well, as the old saying when it comes to viruses goes... "If all else fails, reinstall"
This will clean the virus, however, could be a hassle if you don't have everything backed up. have you tried to back out the Java or MS update to try to locate which one was causing the STOP error?
try taking a look at this link to fix the STOP issue:
https://www.experts-exchange.com/questions/20790028/message-on-bootup-stop-c000021a-fatal-system-error-the-windows-logon-process-system-process-terminated-unexpectedly.html
This will clean the virus, however, could be a hassle if you don't have everything backed up. have you tried to back out the Java or MS update to try to locate which one was causing the STOP error?
try taking a look at this link to fix the STOP issue:
https://www.experts-exchange.com/questions/20790028/message-on-bootup-stop-c000021a-fatal-system-error-the-windows-logon-process-system-process-terminated-unexpectedly.html
>> STOP: fatal error {C000021a}.
that means registry corruption..... and u dont know if virus has damaged it or those updates....
but its more better that if u have backed up ur data.... do a Fresh Install..... means restore to the factory settings using Dell Recovery Disks..... and if u will tell the me the model of ur system,,, i can provide u with the Deull Drivers Download page which u can use to download and install the required drivers for ur system.... if u have lost the CD :)
Post Back if anymore question or confusion =)
that means registry corruption..... and u dont know if virus has damaged it or those updates....
but its more better that if u have backed up ur data.... do a Fresh Install..... means restore to the factory settings using Dell Recovery Disks..... and if u will tell the me the model of ur system,,, i can provide u with the Deull Drivers Download page which u can use to download and install the required drivers for ur system.... if u have lost the CD :)
Post Back if anymore question or confusion =)
ASKER
Revelations, where would I look for the MS update so I can try to back it out? From the link you supplied it sounds like that might be a factor. But maybe better to do a fresh install as SS says, which would rid me of the virus too.
I think I found the Outlook.pst file, all 115 mb worth, which I presume is my emails, contacts etc.? I've backed it up on disk. If I do fresh install, I can just replace the new Outlook file in the same folder with this one, right?
I think I found the Outlook.pst file, all 115 mb worth, which I presume is my emails, contacts etc.? I've backed it up on disk. If I do fresh install, I can just replace the new Outlook file in the same folder with this one, right?
first off, to the second question, yes that would be correct. I can't remember, but I think the contacts are a seperate PST file.. I might be wrong with this...
secondly, to look for the MS Update, you typically would go into add/remove programs and look for the KB # that you installed last. If you know the KB #, look for that, or if you use Windows Update you can look at the installation history there.
secondly, to look for the MS Update, you typically would go into add/remove programs and look for the KB # that you installed last. If you know the KB #, look for that, or if you use Windows Update you can look at the installation history there.
neander, u can check these articles on how to Backup and Restore Outlook Data , may be can help u :)
MICROSOFT OUTLOOK
--------------------------
OL2000: (IMO) How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196492
OL2000: (CW) How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/?kbid=195719
OL97: How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q168644.
Outlook Express
------------------
How to Back Up and Recover Outlook Express Data
http://support.microsoft.com/default.aspx?scid=kb;EN-US;270670
How to Back Up the Outlook Express Address Book and Mail Folders
http://support.microsoft.com/default.aspx?scid=kb;en-us;188854
MICROSOFT OUTLOOK
--------------------------
OL2000: (IMO) How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196492
OL2000: (CW) How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/?kbid=195719
OL97: How to Back Up, Restore, or Move Outlook Data
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q168644.
Outlook Express
------------------
How to Back Up and Recover Outlook Express Data
http://support.microsoft.com/default.aspx?scid=kb;EN-US;270670
How to Back Up the Outlook Express Address Book and Mail Folders
http://support.microsoft.com/default.aspx?scid=kb;en-us;188854
ASKER
OK, backed up Outlook.pst and will do fresh install. My dell driver CD isn't lost, but it is cracked :). The page with the downloads for my system (Dell Latitude X200, service tag 6SVMW11) is http://support.dell.com/support/downloads/devices.aspx?c=us&cs=19&l=en&s=dhs&SystemID=LAT_PNT_P3T_X200&category=0&os=WW1&osl=EN. How do I know which of these many drivers to download? Just see what isn't working and download a driver to fix it?
provided you dont have any wierd controller cards running the HD, you should be okay starting out with the base install. Once you have everything up and running, windows should use default drivers (ie VGA drivers) for the devices that it has drivers for... One recommendation - download the network drivers to disk before you start this process, unless if you have another PC you can download from ;)
Once you have the OS up and running and network connectivity, you can go out and update the drivers to the latest that are on the web site....
Once you have the OS up and running and network connectivity, you can go out and update the drivers to the latest that are on the web site....
well u will have to install the drivers for those devices, which u are using :)
if u are not sure what are they, u can Download this utility and install it,
EVEREST Home Edition:
http://www.lavalys.com/products/download.php?pid=1&lang=en&pageid=3
it will give u a list of all the hardware attached to ur system, note down the correct
version and make of ur required device, and then u will be able to download and install the correct drivers for ur devices :)
if u are not sure what are they, u can Download this utility and install it,
EVEREST Home Edition:
http://www.lavalys.com/products/download.php?pid=1&lang=en&pageid=3
it will give u a list of all the hardware attached to ur system, note down the correct
version and make of ur required device, and then u will be able to download and install the correct drivers for ur devices :)
ASKER
OK, when using Windows Setup to do a fresh install, I'm asked what partition to install Windows XP into. I have two partitions. One is too small (31 MB) for the installation, and the other (28577 MB) already contains the existing (presumably corrupted) version of Windows XP. Is it OK to install into this second partition?
why second drive,,,, u have baked up ur data.... right ??
u wanna do a fresh and clean install after formatting the drvie and deleting the old winxp corrupted install, right ??
so choose the 28577MB drive, it will ask u to Either Repair or to Format the installtion
choose Format. it will format the drive and delete the contents of this drive including XP and ur data(which u have backed up)
then after that it will start installing XP on this formatted drive,,,,, that's all !!
Dont u want to do this..... are u upto a Repair install coz u have not backed up the data :-?
u wanna do a fresh and clean install after formatting the drvie and deleting the old winxp corrupted install, right ??
so choose the 28577MB drive, it will ask u to Either Repair or to Format the installtion
choose Format. it will format the drive and delete the contents of this drive including XP and ur data(which u have backed up)
then after that it will start installing XP on this formatted drive,,,,, that's all !!
Dont u want to do this..... are u upto a Repair install coz u have not backed up the data :-?
what he said... .. ;)
ASKER