Hidden Files Problem on Laptop

[Hedon]

My laptop still has the show hidden files disabled, I ran a lot of different anti virus softwares but nothing shows up. So attached are the logs from the 8 steps.

HELP

 

[Bobbye]

First of all, your AVG v7 antivirus is out of date. Version 8 is the most current. However, since it's not going to be updating, I suggest you install Avira or Avast and remove AVG:

Avira: https://www.techspot.com/downloads/41-antivir-personal-edition.html
OR
Avast: https://www.techspot.com/downloads/223-avast-home-edition.html

If the system will not allow this because of the malware, See if AVG will allow an update for now.

Source: kritius:
P2P Warning!

You are participating in a File sharing network. Please read ths information and consider uninstalling the program:

C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs HERE where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs HERE

Please do this while I am reviewing your logs. you have a great deal of malware and it's going to take a while.


This thread is for the use of Hedon only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Virus and Malware Removal Forum

 

[Bobbye]

This is Step 2:

Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):

C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\DOCUME~1\Aisthu\LOCALS~1\Temp\Temporary Directory 1 for anti_mosquito.zip\Anti Mosquito.exe
C:\Program Files\Config2500\Utility\Config2500.exe (RaConfig2500 is not necessary for startup. It is usually run infrequently and can be started manually if needed.)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Anti Mosquito] C:\DOCUME~1\Aisthu\LOCALS~1\Temp\Temporary Directory 1 for anti_mosquito.zip\Anti Mosquito.exe
O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe>> Added by the Troj/ShipUp-A Trojan.
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Config2500.lnk = C:\Program Files\Config2500\Utility\Config2500.exe
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aisthu\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Boot into Safe Mode:
Start> Run> msconfig> enter> Selective Startup> Startup Menu> UNCHECK all of the following if present:

Ares
sm56hlpr.exe
RaConfig2500.exe
Anti-Mosquito- uninstall or delete
Macrogaming and or SweetIM
IMVU (3D Avatar Chat Instant Messenger & Dress Up Game)
Any 'Norman' entries'

Start> Run> services.msc> double click on NipSvc> change Startup type to Disabled> Close

Control Panel> Add/Remove Programs> Strongly suggest UNINSTALL all of the following:

Ares
SweetIM
Anti-mosquito
Macrogaming
IMVU

Reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

Download SDFix HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run SDFix

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
* Attach Report.txt back here

Update and rescan with HijackThis. Attach new log and SDFix Report with next reply.

(I did my best to find something reasonable about 'Anti-Mosquito'. But according to the publisher who has no information on the website: "("This is a pro that will drive the mosquitoes away fast."
BS Editor: This pro produces sound in the range of 16000Hz to 20000Hz which is beyond the audible range of the humans.Pets and other animals can
This sound produces an undesirable effect on the mosquitos and other pests thus restrains them from..).

 

[Hedon]

thanks for the time taken to review and provide a solution, i have removed most of the software mentioned and repaired the Hijack errors, by doing which my hidden files are shown again.

But i will continue with what you have mentioned and revert with the logs ASAP.

Thanks again for the help.

 

[Bobbye]

Please don't start any new thread concerning this same matter. Along the way, this is what happened:

1. Unknown Virus: 12/25/08:

2. at first i noticed that the option to view hidden files cannot be enabled

3. Recently my PC went haywire it started acting on its own and once i press alt+control+delete it displayed the calculator.

4. format my C drive and reinstall windows,

5. problem occurred when i connected my wireless USB mouse and keyboard. please let me know a solution urgently.

6. The logs you posted were irregular

7. i reinstalled windows and reset my BIOS as well i havent updated it yet (1/14/09)

8. I will post the necessary files (in a new thread) when i have the ti.me. Then you added on 1/14/09: I forgot to mention, I sold this PC and bought a new one. so now the thread status is solved. However i have a laptop which has the same issues as my old PC. I will post the necessary files (in a new thread) when i have the time.

Hard Disk not recognized on Windows but does on Linux 4 days ago
9. No logs> next post: recently had a crash and i could not install windows as the harddisk was not detecting. I attached another harddisk and after the installation blue screen it says "windows does not recognize hardware...etc..etc"

10. kimsland: It sounds to me like a faulty Partition
Obviously any Linux bootCD does not

11. From you two days ago: I have one hard drive and one CD/DVD let me try the jumper settings
I have one hard drive and one CD/DVD let me try the jumper settings

12. Then this 04/05.09: Current thread: Hidden Files Problem on Lap Top

Let's get some focus on this because at this point I have gone berserk!

Tell me EXACTLY what you do to try and 'show hidden files and folders.'
Give me the exact path from start to finish.

You had an enormous amount of junk on the system! A program to emit a sound to keep mosquitoes away- ya gotta to be kidding! Plus the risky P2P and 'no file' entries. It would appear that whatever you've done, you have done wrong.

 

[Hedon]

that is another system and the laptop belongs to my wife which is currently having the hidden folder issue. The system mentioned on the other thread has been formatted and sold and i bought a new Aser system.

Also the hardisk issue is in another system, a friend of mine was unable to fix it, I am in the process of trying to learn more on this stuff so i stepped in to fix it.

So lets get to the laptop, i deleted and uninstalled all the crap you told me to.

please find the logs attached

 

[Bobbye]

So lets get to the laptop, i deleted and uninstalled all the crap you told me to.

I listed and put in BOLD the previous threads because you said you are having the same problem with hidden files on another computer.

Well, some of the 'crap' is still there!
1. You did not get a current updating antivirus program.
2. You still have a program that is buzzing mosquitoes.
3. You are still using the P2P Ares program
4. You still have SweetIM running

And you did not give me this information:

Tell me EXACTLY what you do to try and 'show hidden files and folders.'
Give me the exact path from start to finish.

 

[Hedon]

Sorry i posted the log before i did most of that, i was able to get the mosquito thing out.

To see the hidden folders i go to tools and folder options and check the see hidden files and folders button but the laptop hides it again automatically, i read from somewhere that this is due to a virus.

i will post the logs again later and thank you again for your time.

 

[Hedon]

hello sorry for the delay, here are the logs again after i removed the items you told me to.

please analyze and let me know what to do next, also i really appreciate the support.

 

[Bobbye]

Okay, I'd like to keep this going until you're clean. There is too much time in between and you're getting new malware.

Mbam found and hopefully removed this:
Worm.Brontok
The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer.
It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "I miss you so much"). When Brontok is first run, it copies itself to the user's application data directory.

You need to be aware of opening attachments. IF you don't know the attachment is coming, IF you don't know what's in it, IF you don't know someone specific is sending it, Do NOT open it.

I think the problem(s) you having is because the system isn't configured correctly. IO may regret saying this but usually I groan when I open logs that go on for several screens. But in your case, the HijackThis log-again-doesn't look 'normal'

You have no 016 entries: these are for Active X Objects for downloaded program files. Some of the processes that would be in these entries are:
Java
Shockwave flash
Adobe
These are "normal" entries. If you have the program installed but don't have the add-ons enabled, they won't work.

You need to reinstall this program: Please try to reinstall over the current installation. I don't want you to do an uninstall first because the modem needs it to start. Hopefully the reinstall will correct the entry:

C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
It is for your modem. It needs to start when you boot.
The entry for it isn't complete.
Your entry is: O4 - Global Startup: DSLMON.lnk = ?
Full entry should be: O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

I strongly suggest you delete and/or uninstall this:

C:\Documents and Settings\Aisthu\Application Data\Smilebox\SmileboxTray.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Aisthu\Application Data\Smilebox\SmileboxTray.exe"

smileboxtray.exe uses excessive system and memory resources with no corresponding benefit. Applications such as these should be disabled to improve overall system performance.

Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):

C:\Documents and Settings\Aisthu\Application Data\Smilebox\SmileboxTray.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Aisthu\Application Data\Smilebox\SmileboxTray.exe"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Boot into Safe Mode:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK any of the following if present:
Smilebox
Control Panel> Add/Remove Programs> Uninstall any Smilebox entry

Right click on Start> Explore> Windows system32> right click> Delete on these files if present:
n8127
c.bron.tok.txt
getdomlist.tx

Reboot into Normal Mode. Ignore the nag message and close after checking "don't show this message again." Stay in Selective Startup.

Please review the settings for your Services using this site as you guide:
http://www.blackviper.com/WinXP/servicecfg.htm

There may be a slight difference as this is for SP3.

As for the hidden files going back into hiding, it is possible the Worm is responsible. Have you run a full system scan with Avast?

 

[Hedon]

Thanks Bobbye, will do the needful and post again as soon as i can. The hidden file seems to be ok now after a couple of scans and cleaning. However there are still some serious issues from what i read from your post.