Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Creating Folders In Xp Pro


  • This topic is locked This topic is locked
4 replies to this topic

#1 bentwings

bentwings

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 16 October 2005 - 02:52 PM

Hi,
I'm new to this forum so please bear with me. Before entering this I did a search to see if there was anything like this...didn't see anything. I also looked thru quite a number of posts and topics.

Here is the problem. It started about 2 weeks ago.

I really wanted to create a new folder in "My Documents" to store some new items in.

When I go to my desktop, click on "mydocuments", It opens fine with a list of folders and files. THEN about 20 seconds later a small gray window comes up. This looks like something is being installed. It has the open box with the disc and small computer icon. It says Window Installer... like it is running something. However it locks up the entire screen and computer. I do a CNT,ALT,DEL to get task manager. I check to see if anything strange is running. It says windows installer is running, my documents not responding as well as any other things I have running. usually a forum or SolidWorks remain responding. These usually appear to be runing ok. There doesn't seem to be excess cpu being used. I usually only have 20-21 processes running PF usage is around 140.

It actually creates a folder but I can't name it at this point. This greay window looks for the world like something that is supposed to be MS installer. But I suspect that it is either corrupted or some virus thing.

In order to stop it I must do multiple end tasks and either send or don't send from TM. It will finally end and I will see a folder 1 or folder 2 listed. If I am quick I can rename this folder and all seems ok at least so far. I'm not really sure what to look for.

I had a virus thing that was very similar to this last year that took a reload to get rid of. This turned out to be some porn site installer. It was real tough to deal with. Appeared to come from off shore.

I have Search and destroy, ad-ware, and microsoft antivirus. I try to keep them upto date and run all 3 of them every day. About the only thing I find are a persistant keylogger that ad-ware only picks up and an ocassional browser modifer. Microsoft gets about 1 hit every 8 hours from something trying to be installed. I never accept anything I haven't specifically requested. Search and destroy hasn't picked up anything for awhile.

I hope I have covered enough. I haven't filled out the sig yet but I have a 2.2 pent 4 with 512 ram and a reasonable yr old vid card. The comp works great other wise. I run Solidworks just as well as at work so I have enough power for me.

bentwings


ok I ran a full scan with my ad-ware,spybot and micro soft. now i did the Hijack this. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 AM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: downloa
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.oilburners.net
O15 - Trusted Zone: http://*.usbank.com
O16 - DPF: {0B729AFF-64F7-64D0-463F-761540DFBF24} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {13AC42E6-4044-1E5F-0B56-4C1F0AA7E69C} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15B1D1F4-2C8A-7A01-51E0-17E879F8D187} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {16D3E07E-A3D3-0E73-DB60-06EF70FE469F} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D75CC7D-C517-22DC-2CFB-06A4632BC100} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {2799714C-EAA5-1D97-2E78-66F92DC86EED} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {2DA25C2C-8A6E-0219-995A-69A163B1723B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {33EC1593-EBB7-29C9-EC71-00A16A532850} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {35C2FF55-CA29-6EED-F20E-38256746CF7C} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {36CE4FCB-4724-2353-43AD-54FE6A42BC0A} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {3FD0D289-170E-542E-1B73-46E92E0AC7F6} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {4D1C626E-CA54-54CD-80E5-056D05549FC0} - http://69.50.182.94/1/rdgUS1754.exe
O16 - DPF: {52EE8933-5CAF-4671-F0C9-44823F425CED} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {54BDC0CD-B4A3-4D16-0EF7-6E9E664167F9} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {5E2BDDB7-6FA5-12F6-5520-7CD24C225F4A} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {72A10A09-2A17-1CED-D803-3B823F0A8DA6} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {75AD6A42-7619-08C5-0BF1-436579244791} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {76F65B2E-59F4-646F-4685-0AA269CCC22C} - http://69.50.182.94/1/rdgUS896.exe
O20 - AppInit_DLLs: 1tkj9vll9315nb.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jaweed asked if I could post a screen shot . Apparently I can't add an attachment so how do I do this?
I have already saved it as a word doc using ALT Print Screen.

Edited by bentwings, 16 October 2005 - 02:56 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 21 October 2005 - 04:50 AM

Hi,

Sorry for the late reply.
If you still need some help and because this is already a couple of days ago, please start with posting a new hijackthislog in this thread (don't start another thread), so I can take a look at it.

Also, before posting next log, please install an antivirus, because you really need one!
Let it perform a full scan and let it delete everything it is finding.
I also see you disabled things via msconfig > startup. This is not the way to deal with it, because you disable bad entries (if present) instead of deleting them. This also makes the entries invisible for us, so we can't tell you what to delete and what can stay.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bentwings

bentwings
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 22 October 2005 - 09:24 AM

I just wanted to let you know I appreciate the help and I'm still having problems. I do have MS antivirus, Search and destroy, and Adware. I run these every day.
The startup 'idea' came from a IS guy I used to work with. (maybe that's why he doesn't work for us anymore haha) I will reset this, do reboot and restart etc. Then I repost the hijackthis.
I'll try to do this Sunday night as I will be gone for today and Sun morning.
thanks
bentwings

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 22 October 2005 - 09:36 AM

Ok,

I'll read you sunday then.

But I can already give you some instructions to perform before posting the new hijackthislog.

Download swap.zip from next location:
http://forums.skads.org/index.php?showtopic=81

(you'll find swap.zip as an attachement there)

Unzip the folder, but make sure all those files are still present in the same folder swap!!

Doubleclick swap.bat.
Don't worry, your computer will reboot by itself, so let it finish the job.

When rebooted...

Download Ad-aware version SE Personal 1.06 from one of these locations:

http://www.download.com/3000-2144-10045910.html
http://www.majorgeeks.com/download506.html

Install by double-clicking on the downloaded file.
If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version. Be sure to uninstall the previous version.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.
12. Reboot your computer and post a new hijackthislog
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 01 November 2005 - 07:22 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users