PDA

View Full Version : Need Help Desktop Doesnt Work Hourglass Problem



ajonline
05-11-2005, 11:10 AM
Hello,

I have a computer problem when I start windows it very slowly loads the desktop it takes a couple of mins to load the desktop and then I am unable to click on the icons I cant access the desktop and when I place my mouse over the task bar it is a hour glass. I am also unable to do control alt delete only when I am in safe mode and logged in the administrator. When I start the computer in safe mode it is the same thing also. I did get norton to run but it isnt picking up anything and I did get adware se to run and it deleted something but it is still back to normal not working. Please help me fix my computer. Thanks

mark c
05-11-2005, 11:42 AM
FAQ #35 - Computer running slower - RAM clutter

Have a look at the other FAQs here about spyware/adware/crudware.

Did you do something to the comp just before this happened? Different hardware, downloaded new software? What OS? Sounds like it needs a good clean out to me.

Speedy Gonzales
05-11-2005, 11:46 AM
You may have picked something up, by the sounds of it.

Get this http://www.merijn.org/files/hijackthis.zip

From here http://www.spywareinfo.com/~merijn/

Unzip it first, and put it in its own folder. Run this and scan/post the log here

Or try Ewido http://www.ewido.com

And scan with this.

ajonline
05-11-2005, 11:58 AM
Yeah I believe I do have a trojan I am trying to make a bart bootable cd so I can run adware se so I can see if I can detect the file that way. Should I go that route. I have borrowed a laptop so that is how I am on the internet. I am unable to install new programs on the computer. Let me know what I should do.

Speedy Gonzales
05-11-2005, 12:11 PM
Can you get into the registry, and task manager? Or are you denied access?

Try getting ccleaner from http://www.ccleaner.com

Boot into safe mode, and see if it'll install, and then run it.

Then click on tools/startup... whatever u have maybe in here.

What version of Windows, have u got?

ajonline
05-11-2005, 12:26 PM
I am unable to do anything I cant get into task manager or nothing and when I boot in safe mode is is the same thing I cant click anything in safe mode. I have windows xp home edition. Let me know what I should do. Thanks

Speedy Gonzales
05-11-2005, 12:38 PM
You could try this bart thing. I've never used it.

There's not much else u can do, if nothing works in XP or safe mode.

Or take the hdd out of the case, and connect to something as a slave.

Hopefully it doesnt screw up the main PC!

ajonline
05-11-2005, 01:18 PM
Well I just viewed some of the files in the c drive with bart pe and in the cdrive was a winstall.exe which is a virus and norton or adaware se didnt pick up the virus what should I do I am sure there are more viruses on there.

Speedy Gonzales
05-11-2005, 01:31 PM
I would see if Bart can delete things/entries in the startup.

This is where most of them will be running from.

ajonline
05-11-2005, 01:42 PM
How would I go about that is there a way I should run a good scanner. Let me know what to do. Thanks

mark c
05-11-2005, 01:42 PM
Sorry about my uninformative post ajonline, obviously didn't read yours properly. Can fully recommend Speedy's advice.

ajonline
05-11-2005, 01:44 PM
Should I just think of backing up my files and formatting the c drive or should I keep trying to fix it. Let me know. Thanks

Speedy Gonzales
05-11-2005, 01:50 PM
I think the only way you'll scan it, is if u add it to a desktop as a slave.

BUT, this may or may not infect the hdd thats master... If you're not careful

I know nothing about Bart, so dont know what it can / cant do. I wouldnt bother backing up the files. they maybe / or may become infected, and once u copy them back to the hdd after u format it, it may screw the system up again.

Even tho regedit and task manager wont open in safe mode, does msconfig work, from start/run in safe mode?? If it does u could untick whats under the startup tab.

ajonline
05-11-2005, 01:55 PM
I am going to try a few more things I cant even click on the start menu in safe mode when I am in safe mode the cursor moves but I cant click on anything. I am going to see if I can get some other scanners to work in bart or something.

ajonline
05-11-2005, 02:01 PM
Is there any bootable spyware utility disk where it will boot from a cd. Let me know. Thanks

Speedy Gonzales
05-11-2005, 02:19 PM
That winstall.exe file maybe related to spysheriff.

Follow / print out whats on this site, and download the 5 files on the links.

http://www.bleepingcomputer.com/forums/How_to_remove_SpySheriff_Winstallexe_Spysheriffexe-t22402.html

Did u get the message thats on this site?

Cicero
05-11-2005, 04:56 PM
Why not dowload AVG and make a floppy then run that on infected computer?

FoxyMX
05-11-2005, 05:38 PM
Should I just think of backing up my files and formatting the c drive or should I keep trying to fix it. Let me know. Thanks
If you are unable to run anything, even in safe mode, then you are pretty well stuffed, unfortunately.

It sounds to me like the only way you are going to be able to clean your beast up is by bunging the hard drive into another PC as a slave. If you can't do that then I would back up the files and reformat.

From what you are saying though, I can't see how you are going to backup your files if nothing will run when clicked on so the next option is to boot up a live Linux distro (Mepis is a good one), back your files up to CDs from within Linux then reformat.

After reformatting you will need to run a couple of anti-virus programs over the files on the CD to ensure they don't reinfect your nice shiny new install.

ajonline
06-11-2005, 06:43 AM
I did figure out a way to run stuff on the desktop in safe mode I just have to click on it right away when it loads. I ran ewido and it deleted about 14 bad files that was on my computer. Then I restarted and the same thing happends. Do you want me to run hijack and post the log here to see if there is anything else. I am going to run ccleaner right now but that prob wont do anything. I might just have to backup my files but that is going to take forever I have over 200gigs of stuff and some programs I cant get anymore. Please help.

Speedy Gonzales
06-11-2005, 06:55 AM
What do u mean the same thing happened?

Umm depending on what programs, you're deciding to back up and how.

If you're thinking about copying program files that have already been installed, and expect them to work, if u format, they may not. It's better to reinstall them.

Since you've got a big hdd, now might be a good idea to partition it, when u format it, and format it in NTFS.

So, if this kind of thing happens again, the files you download / updates etc, will be safe.

Yer post a HJT log. See whats in it.

ajonline
06-11-2005, 06:59 AM
Alright I ran ccleaner and I went to tools and startup to see what program starts up is there any programs I should delete plase let me know. I did have to type all this ;(

C:\windows\system32\ctfmon.exe
c:program files\creative\sbaudigy2\surround mixer\
cthelper.exe
regsvr32.exe /s ctasio.dll
c:\WINDOWS\UPDREG.EXE
c:\windows/system32\nerocheck.exe
C:\programs files\ahead\incd\incd.exe
C:\program files\viewpoint\viewpoint manager\viewmgr.exe
C:\program files\common files\real\update_ob\realsched.e..
C:/progra~1\symnet~1\sndmon.exe/consumer
C:\progra~1\addweb8\smartpatrol.exe
C:\windows\system32\kernels32.exe
C:\windows\system32\multitran.exe
C:\windows\system\svwhost.exe /s
C:\windows\system32\mpsegment.exe
ato2mdxx.exe
rundll32 srclient.dll, createfirstrunrp
mstinit.exe /firstlogon

ajonline
06-11-2005, 07:15 AM
Here is the hijak file and since I am typing it and I am on a laptop I will just type the ones I dont know.

hkcu\software\microsoft\internet explorer\main,start page=
hkcu\software\microsoft\internet explorer\main,local page=
default urlsearchook is missing
c:windows\system32\appwiz.dll
C:\program files\norton systemworks\norton antivirus\navshext.dll(file missing)
c:\windows\system32\msdxm.ocx
cthelper.exe
regsvr32.exe /s ctasio.dll
c:\windows\updreg.exe
c:\program files\ahead\incd\incd.exe
c:\program files\viewpoint\viewpoint manager\viewmgr.exe
c:\program files\common files\real\update_ob\realsched.exe -osboot
c:\progra~1\addweb8\smartpatroll
I am just going to type the file name
refiebar.dll
msmsfs.exe
npdocbox.dll
q89468.dll
fclemncj.dll (file missing)
jdapeibd.dll (file missing)
ati2evxx.exe
ati2sgag.exe
ccevtmgr.exe
ctsvccda.exe
savscan.exe (file missing)
sbserv.exe
sndsrvc.exe
spbbcsvc.exe
starwindservice.exe
symlcsvc.exe

Speedy Gonzales
06-11-2005, 07:24 AM
OK. those files seem to be OK.

This can be removed from startup tho. It isnt needed.

c:\windows/system32\nerocheck.exe

This can be removed/deleted from startup

C:\program files\viewpoint\viewpoint manager\viewmgr.exe

If viewpoint manager, is in add/remove programs uninstall it.

C:\progra~1\addweb8\smartpatrol.exe

C:\windows\system32\kernels32.exe - Not sure why this is in startup, it shouldnt be, or normally isnt.

C:\windows\system32\multitran.exe
C:\windows\system\svwhost.exe /s
C:\windows\system32\mpsegment.exe
ato2mdxx.exe

q89468.dll
fclemncj.dll (file missing)
jdapeibd.dll (file missing)

ajonline
06-11-2005, 08:44 AM
Still nothing I have tried about everything I am probably just have to backup files and reload windows. Quick Question if I paid someone to fix my computer would they try anything different do you think they would get it fixed.

Speedy Gonzales
06-11-2005, 09:25 AM
Umm, where are you Ajon? Auckland? NZ?

Well it depends how they go about it, and what they use, on whether they can get rid of the probs / files on those systems.

What do you mean by still nothing? Something's still popping up?

Other than this, it'll be better to do a clean install.

FoxyMX
06-11-2005, 10:11 AM
So you can use programs in safe mode after all. Excellent.

Firstly disable System Restore.

Next, download, install and run the following programs in this order from within safe mode. You will need to download and install the update definitions for some of them as well. I have marked those with an asterisk *.

CCleaner, Ad-Aware*, Spybot Search and Destroy*, Avast anti-virus and Ewido Security Suite.

Once all those have done what they can you will hopefully be able to boot into normal mode and get online to download the latest updates for the last two so that you can run them again.

See the forum's Spyware FAQ (http://www.pressf1.co.nz/faq.php?faq=pressf1_faqs_security#faq_pressf1_faq_ 16) for more instructions on how to run those programs. There are other utilities listed there that you may also wish to run.

If you still can't get on the internet after doing all of the above you may need to download the WinSock fix.

Post back with your results, preferably with a full HijackThis log if you can get that far.

ajonline
06-11-2005, 07:05 PM
WOW I finally got the damn computer to load correctly. The program that really did it for me was Spybot Search and Destroy it picked up more things then the other programs and when I was about to give up hope and backup and install a new copy of windows it finally booted. Not sure if everything is back to norm I notice the control alt delete says it is disabled by the admin why would that be how can I fix it? That was some really bad virus/spyware on there that wouldn't let me access anything I had to boot with bart pe and I had to transfer the scanners with another disk onto my computer that way otherwise I couldn't have done it. Well I guess lesson learn you have to try all the damn virus/trojan scanners to detect everything. Which they could just be a all in one. Well thank you Speedy and Foxy for your help it was greatly appreciated.

Speedy Gonzales
06-11-2005, 07:17 PM
Try this

http://dl.filekicker.com/send/file/168259-1P80/trsetup.exe

Its only a trial but it might do something.

Get it / run it if u can, and click on scan.

Then go to the utilities menu. Select the 3rd to the 7th option. Select each one. Then see what happens

ajonline
06-11-2005, 07:39 PM
Alright I will give that a try when I start up windows it does take longer then normal it sorta hangs on windows is starting message do you have any idea man you are smart what kind of work do you do speedy?

Speedy Gonzales
06-11-2005, 07:49 PM
Alright I will give that a try when I start up windows it does take longer then normal it sorta hangs on windows is starting message do you have any idea man you are smart what kind of work do you do speedy?

Well right now, nothing lol. I used to work, but looking for work atm.

I think I may move out of Auckland. I'm getting nowhere, trying.

BUT in my spare time, I fix mates PC's / reformat hdd's / install windows / whatever / get rid of nasties, like spyware / trojans etc, and make up my own computers.

Run Trojan remover, it may fix something, so it works a bot better.

ajonline
06-11-2005, 08:03 PM
Yeah I live in the states I dont really work either just do stuff on the computer for money trying to build successful websites and whatnot.

FoxyMX
06-11-2005, 08:31 PM
So far so good! :thumbs:

From experience though I don't think you have quite finished yet, especially if the computer is still slow.

Can you get on the internet with it now? If so, I recommend you do an online virus scan from one or two of the sites listed in the FAQ. Doing a scan with the program Speedy mentioned is also a good idea.

After that we need to see your full HijackThis log.

ajonline
06-11-2005, 10:36 PM
Yeah everything is back to normal I got rid of everything thanks for all your help.

ajonline
06-11-2005, 11:11 PM
Well actually the only problem I am currently having is the windows explorer keeps crashing about every 10 mins it gets this message I will keep trying to scan for these dumb files.

AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: chp.dll
ModVer: 0.0.0.0 Offset: 00001925

Speedy Gonzales
07-11-2005, 06:41 AM
Get this

http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe

And run it. That chp.dll file, maybe related to coolwebsearch. Which is a browser hijacker.

Did u download / run Trojan remover??

ajonline
07-11-2005, 07:25 AM
I ran the ewido program and spybot search and destroy what other program do you want me to run trojan remover where is that program let me know. Thanks

Speedy Gonzales
07-11-2005, 07:28 AM
I posted the link for Trojan remover in a previous post

http://dl.filekicker.com/send/file/168259-1P80/trsetup.exe

Download it, run it, click on update, for updates, click on scan, and select the 3rd to 7th option under the utilities menu.

Close the browsers before u select any of these options in the utils menu.

drcspy
07-11-2005, 07:30 AM
chp.dll

http://castlecops.com/o18list-26.html