Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Changes to Selected Windows Preference


  • Please log in to reply
35 replies to this topic

#1 Dangerouslydefective

Dangerouslydefective

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 03 July 2011 - 07:42 PM

Hello,

I have been receiving excellent help to rid my computer of the Google Redirect Virus in the Virus Forums.

According to the excellent assistance of SweetTech, my system has been cleared of the virus, but I'm still experiencing weird behavior. I have the following issues:
Windows change from smooth Windows XP styling to blocky Win95 style
Any folders opened from the Task Bar have the same blocky look, and open another explorer.exe in my Task Manager
My sound will stop working if I force-close a large (20K+ Mem Usage) svchost.exe file.I have noticed that some of the windows changes are linked to force-closing the svchost.exe program. I can post screen-shots of this behavior if necessary.

After running through the works in the virus-busting department, these issues could not be resolved.

I look forward to your generous and top-notch help!!

Thanks in advance!!!

Edited by Dangerouslydefective, 03 July 2011 - 07:44 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 03 July 2011 - 09:12 PM

Hello Dangerouslydefective! :thumbsup:

Just a quick question:

Have you tried to change your theme?

Try this, right-click on an unused part of your desktop screen (somewhere in the background). In the drop-down menu click Properties. The themes tab should already be selected, but if not click on the Themes tab.

The tab should look something like my modified theme here (with the colors blue and green instead of grey as mine is):

Posted Image

Now click on the Theme: dropdown arrow, and click on Windows XP from the list, then click Apply.

Do you now see the smooth styling of XP as opposed to the older boxy 95 version?

Hope this helps,


bloopie


EDIT: Added bolds

Edited by bloopie reborn, 03 July 2011 - 09:20 PM.


#3 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 03 July 2011 - 10:28 PM

I have checked my theme, and it hasn't changed from Windows XP, even when I get the Win95 blocky look. I've even had a Windows XP style Task Bar and Win95 blocky windows open at the same time. I've you'd like screenshots, I have several.


BTW love your profile picture!

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 09:55 AM

Thanks! :thumbsup:

Have you also tried the Appearance tab in Display Properties to check under Windows and Buttons? Does it also say:

Windows XP style

You may also post some screenshots of your problem. They almost always help! :thumbup2:


bloopie

#5 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 04 July 2011 - 10:53 AM

As I was verifying my settings, I noticed that my Windows XP style option had vanished, and all my windows had the classic styling. Please refer to the attached screenshots:
  • Windows Classic style toolbar, even though Windows XP Style is selected.
  • Missing option for Windows XP style. Please note that my Task Manager in the same shot is in Windows XP style.
  • Current Display settings, as directed in the previous post. Even though Windows XP style is selected, you can see under the Advanced window (on the left) that the style looks like Windows Classic.

Thanks again for your help.

EDIT: Added screenshots and descriptions.

Edited by Dangerouslydefective, 04 July 2011 - 11:11 AM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 01:33 PM

I enjoy trying to help when I can! :thumbsup:

Interesting...

Do you have this problem right after a reboot, or only after stopping an instance of svchost.exe?

Let see some other settings you have set for visuals.

Try this:
  • Click Start
  • Click Run
  • Type sysdm.cpl in the Open box, or just copy the bold text and paste it in the Run box
  • Then press ENTER

Click the Advanced tab, and then under Performance click Settings.

Click the Visual Effects tab, and let us know what yours is set to. Also let us know if ALL the boxes are checked in the list.


bloopie

EDIT: Also, does your sound normally work fine until you stop an svchost.exe? Stopping these services can cause a number of things to go wrong, as they load MANY different services in a single instance.

Edited by bloopie reborn, 04 July 2011 - 01:38 PM.


#7 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 04 July 2011 - 02:27 PM

In the Performance Options Visual Effects, all boxes are checked, and the radio button options is set to 'Let Windows choose what's best for my computer'.

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 02:59 PM

Okay, please answer these two questions I posted earlier:

Do you have this problem right after a reboot, or only after stopping an instance of svchost.exe?
Also, does your sound normally work fine until you stop an svchost.exe?


One more question: Why are you stopping those processes in the task manager at all?

bloopie

Edited by bloopie reborn, 04 July 2011 - 03:00 PM.


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 03:27 PM

After reviewing your saga with SweetTech more thoroughly, there may be something else I am unaware of.

Since you've already ran the SFC successfully, It may be time to do a repair installation of XP. Please make sure the XP disc you have is a full installation disk that matches your current version of XP...i.e. XP Home disk.

But before that, lets make sure your disk is ok. Please follow these instructions on running Checkdisk:

Use the Windows Error Checking utility (Check Disk), with the options to scan the disk surface for errors, and attempt recovery of data and repair the disk.
  • Open "My Computer"
  • Right-click on the drive that you wish to check > Properties > Tools > and in the "Error checking" section, click on "Check now".
  • Place a tick in both boxes > Start.
  • If the disk you have chosen is the system disk:
  • A message will notify you that a restart is necessary: Click OK, and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
    This test will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the Posted Image button to copy the log text to the clipboard.
  • Paste the log text into your next reply.


bloopie

#10 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 04 July 2011 - 03:54 PM

Sorry I missed those questions... ^_^;

From what I can tell, I only have these issues after I close the svchost.exe. Also, yes, my sound works until I close this program. I was closing svchost.exe because I was assuming it was a process attached to the infection I had at the time. I've never watched my Task Manager like a hawk, but 20K+ of Memory Usage seemed too high.

Also, I tried to check my XP, but I didn't have a Tools option within my drive properties. I only have General, AutoPlay, Hardware, Sharing, and Recording.

Edited by Dangerouslydefective, 04 July 2011 - 04:04 PM.


#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 05:06 PM

Sorry I missed those questions... ^_^;

That's ok. :thumbup2:

What happens when you just run the computer normally without stopping processes? Does it become slow or use too much CPU by itself?

And about checking the drive...after opening My Computer, right-click on the "C:" drive to continue to properties!

Verify you are checking the C drive as shown below:

Posted Image

You should have the Tools tab at the top available. Do you not see this (or something similar)? You are trying to check your MAIN hard drive here. How many drives do you have installed?

In addition to the above please post a speccy snapshot for review:

Please Publish a Snapshot using Speccy, and post a link to it in this thread.
This is a convenient and accurate way of providing us with details of your computer specifications.
If you cannot get on-line to publish the information, and wish to attach it as a text file to your post, then please edit it to ensure that you do not include your Windows Key.

Let us know if this works for you! :thumbup2:

bloopie

Edited by bloopie reborn, 04 July 2011 - 05:08 PM.


#12 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 04 July 2011 - 05:22 PM

I probably didn't see it because I was checking my disk drive, not my hard drive...

I haven't really let the computer run for long periods of time without closing the file since it became infected. I have noticed that the file size continues to increase the longer I leave it open. It has gotten as high as 50K before I closed it. The only real performance hit I've noticed is to my bandwidth; average download speeds are around 80kb/sec normally, but can be as low as 5kb/sec when active.

I'm running the scan on the proper drive now (>//<), and I'll post the log when it is available.

Edited by Dangerouslydefective, 04 July 2011 - 05:56 PM.


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:05 PM

Posted 04 July 2011 - 05:53 PM

Good work, :thumbup2:

Yes, it is the Hard Drive we wish to check, not the CD drive here.

As long as your CPU usage doesn't spike up to near 100%, it should be okay.

Some systems need to be cleaned as dust will build up inside the tower and cause overheating of the CPU or other hardware. This is a good idea if done correctly. I will assemble the correct steps to take to do this if your drive is ok.

Lets see what the chkdsk reveals first.


bloopie

#14 holmesnmanny

holmesnmanny

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 04 July 2011 - 06:20 PM

svchost.exe is a legitimate service. You shouldn't be trying to stop it.

#15 Dangerouslydefective

Dangerouslydefective
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 05 July 2011 - 05:49 AM

As promised, here is the Event Viewer Information Log:

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 7/4/2011
Time: 9:52:49 PM
User: N/A
Computer: FIRST
Description:
Checking file system on C:
The type of the file system is NTFS.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1328 unused index entries from index $SII of file 0x9.
Cleaning up 1328 unused index entries from index $SDH of file 0x9.
Cleaning up 1328 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

308769299 KB total disk space.
307067840 KB in 185744 files.
74836 KB in 22832 indexes.
0 KB in bad sectors.
326419 KB in use by the system.
65536 KB occupied by the log file.
1300204 KB available on disk.

4096 bytes in each allocation unit.
77192324 total allocation units on disk.
325051 allocation units available on disk.

Internal Info:
10 c1 03 00 cb 2e 03 00 6d da 04 00 00 00 00 00 ........m.......
74 4f 00 00 04 00 00 00 53 0d 00 00 00 00 00 00 tO......S.......
42 7f e8 14 00 00 00 00 c8 12 e2 f1 00 00 00 00 B...............
9a 31 26 18 00 00 00 00 d2 18 23 f5 15 00 00 00 .1&.......#.....
08 00 5e 3f 00 00 00 00 6e d8 74 55 17 00 00 00 ..^?....n.tU....
30 f2 26 ca 00 00 00 00 98 38 07 00 90 d5 02 00 0.&......8......
00 00 00 00 00 00 ef 35 49 00 00 00 30 59 00 00 .......5I...0Y..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users