Very weird virus symptoms, no shut down button/ run command

User: inactive Posts:

I also cannot log into some websites like yahoo.com and others. I booted up in safe mode and ran anti-virus and malware programs and they did find some things and deleted them, however those symptoms still persist. Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 6:35:28 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] -SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] -C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] -C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] -C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ccApp] -C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] -C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] -C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJPD HID Control] -C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [KEMailKb] -C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ResChanger 2005] -C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [msnmsgr] -"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] -"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - -C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Intel(R) Active Monitor (imonNT) - Unknown owner - -C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe (file missing)
O23 - Service: iPodService - Unknown owner - -C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - -"C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - -C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - -C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

Please Help >.<

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Delete this file if found:

C:\Program Files\Common Files\Microsoft Shared\Temp\MswService.exe

Search for mswservice.exe and delete all instances of it if found.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLogOff"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun"=dword:00000000

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Run a scan at:

http://www.bitdefender.com/scan8/ie.html

If it has an option to remove infected items, choose to remove them. Post the log here if it has one. Restart and give us an update on this. Any improvements?

Also run this scan:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

User: inactive Posts:

Okay I scanned with bitdefender 3 times each time it got rid of more except the last time here's whats left.
C:\System Volume Information\_restore{1A138DE3-2EFE-4C21-9B2B-220223E5DDE3}\RP31\A0007778.exe=>wise0022
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{1A138DE3-2EFE-4C21-9B2B-220223E5DDE3}\RP31\A0007778.exe=>wise0022
Deleted

C:\System Volume Information\_restore{1A138DE3-2EFE-4C21-9B2B-220223E5DDE3}\RP31\A0007778.exe
Update failed

Then this is what panda got me:
Virus:Trj/MezziaCodec.A Disinfected C:\!KillBox\winwlw32.dll
Not sure why it did that because I used killbox to delete that file yesterday. >.>

Here is a new hijack this log too:
Logfile of HijackThis v1.99.1
Scan saved at 8:07:59 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] -SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] -C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] -C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] -C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ccApp] -C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] -C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] -C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJPD HID Control] -C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [KEMailKb] -C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ResChanger 2005] -C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [msnmsgr] -"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] -"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si

53079294
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) -

http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si

53071153
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -

http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - -C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - -C:\Program Files\Norton

Internet Security\ccPxySvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Intel(R) Active Monitor (imonNT) - Unknown owner - -C:\Program

Files\Intel\Intel(R) Active Monitor\imonnt.exe (file missing)
O23 - Service: iPodService - Unknown owner - -C:\Program Files\iPod\bin\iPodService.exe

(file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner -

-"C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner -

-C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

-C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - -"C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

I couldnt do the run thing with the registry stuff cause like it says in the title I have to run command button Windows+R doesnt work either.
Symptoms still persist dispite getting rid of multiple trojans so far.

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Were you able to find and delete the file mentioned to delete?

Do this again:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLogOff"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun"=dword:00000000

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Restart and see if the Run button is back...if so, restart again to be sure.

Please make sure that Word Wrap is turned OFF in Notepad before you post your HijackThis log. As you can see, the formatting it creates (see the log you posted) makes it harder for us to read it. To turn this off, go to Format and make sure Word Wrap is unchecked. Please post a new HijackThis log minus the Word Wrap Very Happy

User: inactive Posts:

Okay, for the third time. I have no run command. I appreciate the help but you should prolly read all the info... >.<

The file you said to delete wasnt there also.

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Go into My Computer->C: Drive->Windows folder. Look for regedit.exe and double click on it. That's the Registry Editor.

Go into My Computer->C: Drive->Windows folder. Look for notepad.exe and double click on it. That's Notepad.

Do the steps now.

Were you able to delete that file in the Temp folder?

Post a new HijackThis log...

User: inactive Posts:

OKay did that reg stuff and I got my run command and shut down buttons back but i still have other problems.
Certain websites it wont let me go to like logging into things like yahoo, ebay, paypal, stuff like that. Probably because those pages are protected in some way, not sure. Also most of the things that startup when my comp starts up are gone such as all my norton stuff and all the nvidia graphics things that start up. I noticed hijack this says file missing. Any ideas on fixing that stuff.

oh and no I couldnt find that file in the temp folder because there was no temp folder in that location but I did run a search command on the comp for that file and nothing came up.

here's the hijack this log again as requested:

Logfile of HijackThis v1.99.1
Scan saved at 5:13:47 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] -SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] -C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] -C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] -C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ccApp] -C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] -C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] -C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJPD HID Control] -C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [KEMailKb] -C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ResChanger 2005] -C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [msnmsgr] -"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] -"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - -C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Intel(R) Active Monitor (imonNT) - Unknown owner - -C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe (file missing)
O23 - Service: iPodService - Unknown owner - -C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - -"C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - -C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - -C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Let's try registering Internet Explorer's DLL files. Go to Start->Run and copy and paste the following into the Run box and hit OK (go to Start->Run again for each one):

regsvr32 Shdocvw.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

See if you can login to those sites now.

Go to Start->Run and type in services.msc and hit OK. Then look for Norton and all those other programs you want to startup. Just double click on the entry and under Startup type, make sure it's set to Automatically. Then restart your computer after doing that for all those services you want to startup and see if they startup now. If not, uninstall those programs and restart your computer. Then reinstall them.

User: inactive Posts:

I registered the dlls successfully however that didnt change the problem also, my norton programs and etc that dont start up we're already set on automatic its just that hjt says that the files are missing >.<

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Try this:

* From the Start menu, select Search, select All Files and Folders.
* Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
* Ensure that Search System Folders and Search Subfolders are also checked.
* In the All or Part of the File Name box, type ie.inf
* In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
* Click the Search button.
* In the search results pane, find the ie.inf file located in Windows\Inf folder.
* Right click the ie.inf file and click Install on the context menu.
* Reboot the computer when the file copy process is complete.

Have you tried uninstalling and reinstalling Norton?

User: inactive Posts:

When I try to install ie.inf I get a message that says "The file IEXPLORE.EXE on Windows XP Home Edition Service pack 2 CD is needed. Type the path where the file is located and click ok.

The default file it has selected is C:\WINDOWS\inf\i386 When I click ok I hear a ding but the window still stays there. Not sure if this is what it was supposed to do or not.

Ill try the norton thing but its jsut that thats not the only thing. On the HJT log everything that says (file missing) by it are the things that are not loading up Sad

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. See if it finds anything missing. Then do the following scan:

Download and run Blacklight http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

Note that you must have local administrative privileges to run the program. Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this. When it finishes, click Next.

BlackLight beta would create a log file 'fsbl-<date-and-time>.log'. By default, the log file is in the same directory as the executable. Please post the log.

User: inactive Posts:

Okay the sfc /scannow thing did ask me to put the windows cd in said that it needed to add stuff to the DLL Cache I don't have my windows restore disks with me though they are at my moms about 45 mins away so I could probably get them if I need to.

The scan said it didnt find anything heres the log:
09/04/06 12:26:40 [Info]: BlackLight Engine 1.0.46 initialized
09/04/06 12:26:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/04/06 12:26:40 [Note]: 7019 4
09/04/06 12:26:40 [Note]: 7005 0
09/04/06 12:26:44 [Note]: 7006 0
09/04/06 12:26:44 [Note]: 7011 1348
09/04/06 12:26:44 [Note]: 7026 0
09/04/06 12:26:44 [Note]: 7026 0
09/04/06 12:26:51 [Note]: FSRAW library version 1.7.1019
09/04/06 12:28:49 [Note]: 7007 0

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

For those services that says file missing, I want you to check the folder themselves and see if the file is actually missing. If not, try restarting the service (right click My Computer->Manage->Services and Applications->Services and look for the services....double click and make sure Startup type is automatic and hit the Start button if it's not started already).

Whatever is doing this must be hiding pretty well...run one more tool below. If that still won't find anything, I'll have to send you over to the Windows forum and see if it's more of a Windows issue at this point.

Right click on this link http://www.silentrunners.org/Silent%20Runners.vbs and choose Save As...Save it to your desktop. Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts. Launch SilentRunners by double-clicking the downloaded file. In the ensuing window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt 'All Done!'. It will create a file called 'Startup Programs'. Post ALL its contents here.