Spyware,please help

[Sai]

Originaly posted here; https://www.techspot.com/vb/topic51569.html

sorry for posting my hijackthis log in the wrong forum


Hi

My Windows XP home version is stuck in classic mode ie I no longer have the Windows XP task bar and so on. If I rightclick on desktop>properties>appearence my only option is Windows classic style. Clicking on themes then selecting Windows XP theme simply changes the background wallpaper. If I click on the desktop tab the properties window mysteriously disappears.

I've tried changing visual effects settings in rightclick my computer>properties>advanced>performance etc but nothing changed.

I did have some spyware that was affecting my system. It was SpySheriff and Winstall.exe. I used the process described by this guy to remove it; http://www.bleepingcomputer.com/forums/topic22402.html . After step 8 I rebooted in normal mode as he said and that is when it loaded in classic view and after following the rest of his steps it was still stuck in classic view.

Since doing the above steps I have tried other spyware programs etc and they all mysteriously close half way through and scans, none have been able to finish for some unknown reason. I also have no restore points (why did I stop it ).


Can anyone help me restore my Windows XP desktop view


Attached is my Hijackthis log

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:

 

[Sai]

Ok it took a while but i went through everything you told me to.

1.

Trend Micro Housecall - for some reason would not work
Kaspersky - scanned but i dont think it removed what it found. report attached
F-Secure - report attached but would not save properly in txt
BitDefender - report attached


2.

I ran Ewido and it found a few things that it fixed.


3.

Run SmitFraudFix first.
Next run Look2me Destroyer.
Next run AboutBuster.
Next run CWShredder. If needed, run SmartKiller first.
Next run VundoFix.
Next run AdAware, click 'Start', UNcheck 'Scan for negligible risk entries',
select 'Perform full system scan' and click 'Next'.
Let AdAware remove anything it finds.

Next, run Spybot and let it remove anything it finds.

I dont understand Smitfraud very well but i think it found some things. I saved a report of the search function in it and the clean function.

All of the other programs found almost nothing. A few found tracking cookies but thats about all.



I then followed all of the steps for Hijackthis Fixes. Only a few things were on the list that needed fixing. I saved a hijackthis report after all of the fixes while still in safe mode and second one in normal mode.



Now i think that most of the nasties have been removed. I no longer have anoying pop ups which is great. However my computer is still stuck in classic view and cannot change it to windows XP view. I've tried the reg files found here http://www.kellys-korner-xp.com/top10faqs.htm as well as the other checks that are recommended as well but none of them made a difference.

*(Only 5 files can be attached per post so i will be posting the other files in a new post below)*

 

[Sai]

*(post to attach the remaining .txt files)*

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type regsvr32 /u C:\WINDOWS\system32\win32hp.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ibm00001.exe
cb6bff93.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {F484C398-C71D-4482-8700-A9CCE5D2A0BE} - C:\WINDOWS\system32\win32hp.dll

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [cb6bff93.exe] C:\Documents and Settings\Lucky\Local Settings\Application Data\cb6bff93.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: winola32 - winola32.dll (file missing)

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Kpjchl32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\Documents and Settings\Lucky\Local Settings\Application Data\cb6bff93.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\system32\win32hp.dll

Reboot into normal mode and turn system restore back on.

You are running a completely unpatched version of Windows. This is a huge security risk and has no doubt contibuted to your system being infected.

Download and install at least service pack 1(sp1) and preferably service pack 2(sp2). You can get these by running Windows updates.


Regards Howard

 

[Sai]

Thank you very much for your quick reply. I will do those steps imediatly.

Will this fix my "stuck in classic view" problem or is this still removing nasty security problems?

 

[howard_hopkinso]

This may or maynot fix your stuck in classic view problems. It all depend on whether your classic view problem is caused by a nasty infection, of which you have a few.

Follow the above instructions and see how it goes.

It is very important, that after doing the above, you install one of the service packs.

Regards Howard

 

[Sai]

Ok i did those steps and have new HJT report added to this post.

Click start/run and type regsvr32 /u C:\WINDOWS\system32\win32hp.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

i ran this and ran successfuly.

Click on the processes tab and end process for(if there).

ibm00001.exe
cb6bff93.exe

neither were there.


all HJT fixes were run except for;

O2 - BHO: (no name) - {F484C398-C71D-4482-8700-A9CCE5D2A0BE} - C:\WINDOWS\system32\win32hp.dll

for some reason it was no longer found by HJT.

Locate and delete the following bold files(if there).

C:\Documents and Settings\Lucky\Local Settings\Application Data\cb6bff93.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\system32\win32hp.dll

cb6bff93.exe and ibm000001.exe could not be found but win32hp.dll was found and deleted.



After these fixes i am still stuck in classic view. I am now updating the service packs as you recommended. I have broadband connection so it shouldnt take too long.

Attached are the new HJT logs.

p.s. A friend of mine installed kaspersky anti-virus since the last HJT log.

 

[howard_hopkinso]

Well done. Your HJT log is now clean.

Don`t forget to install the service pack.

Regards Howard

 

[Sai]

Thank you very much Howard

Should i post in the Windows OS section of the forums for further help in restoring my Windows XP themes?

 

[howard_hopkinso]

There`s a programme I missed that you should uninstall.

Go to add remove programmes and uninstall anything to do with.

DAP.

It`s an undesirable programme to have on your computer.

If you really want a download manager, get the Stardownloader from HERE.

Yes you can start a new thread in the Windows OS forum, for your theme problem.

You may want to consider doing a Windows repair as per this thread HERE.

Regards Howard

 

[Sai]

I will remove that program and try the windows repair and then if i still have a problem i will post in the Windows OS section.


Thank you once again