tristonsmy

Hi, I had a problem in that my mouse would not work in safe mode, I thought that a re-install would solve the problem, when in fact it was much simpler than I thought, (I was using an old serial mouse as a replacement for a broken mouse). Problem solved, however before I realived this I tried to re-install 2000 pro, I got an error message that said 'file fasttrak.sys could not be found', the installation aborted. When i boot the machine now, it automatically tries to carry on the installation, there is also a setup partition added to the boot menu, of which this setup has become the default, and I have to abort and select my operating system to boot into the current 2000 pro. How can I remove this from the machine and return it to the original config. ? Cheers

sorry, another question, will i be able to use the automatic removal method they talk about from safe mode without the use of a mouse, as i still haven't found my 2000pro serial key to be able to repair install and fix the mouse to work in safe mode ?

Hi again, right what I did in the end was download a copy of the anti vir from free av to a recovery partition which was put in place on my machine by the guy who built it for me, ran the scan, and low and behold it discovered 4 trojans and a worm, (not bad for a free programme, when all the paid for stuff couldn't do it). After the repairs, the problems I had noticed disappeared, even Outlook Express was reinstalled,that was o.k though I managed to import all the old messages etc. But I would like you to check the hijack this log as every time I boot Outpost warns me of a change of component to Internet explorer, the file is always named Jav.tmp there is a number or a letter after the Jav which changes at every boot. I haven't got a clue what it is or if it's o.k, it's filepath is c:\tmp Logfile of HijackThis v1.99.1 Scan saved at 15:38:59, on 27/01/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINNT\system32\CTsvcCDA.EXE D:\WINNT\System32\svchost.exe D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE D:\Program Files\Agnitum\Outpost Firewall\outpost.exe D:\WINNT\system32\pctspk.exe D:\WINNT\system32\MSTask.exe D:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe D:\WINNT\system32\stisvc.exe D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.EXE D:\Program Files\Common Files\Symantec Shared\SymTray.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\WINNT\system32\taskmgr.exe D:\WINNT\system32\LSASS.EXE D:\Program Files\iPod\bin\iPodService.exe D:\PROGRA~1\WinZip\winzip32.exe C:\Tmp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [symTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [sSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Microsoft Office] D:\WINNT\system32\msoff.exe O4 - HKLM\..\Run: [ntdll.dll] D:\WINNT\system32\msoff.exe O4 - HKLM\..\Run: [Outpost Firewall] D:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ntdll.dll] C:\winstall.exe O4 - HKCU\..\Run: [spyware Cleaner] "D:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - Startup: Task Manager.lnk = D:\WINNT\system32\taskmgr.exe O4 - Global Startup: Task Manager.lnk = D:\WINNT\system32\taskmgr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU) O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {A5C76BEB-C8A9-4F59-BB90-52A821EAB9C9} (Desktop Object) - http://sib1.od2.com/common/cman/cman.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O20 - AppInit_DLLs: D:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: MS-DOS Emulation - D:\WINNT\system32\fp6q03j5e.dll (file missing) O20 - Winlogon Notify: printpn2 - printpn2.dll (file missing) O20 - Winlogon Notify: ShellCompatibility - D:\WINNT\system32\mjclus.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - D:\WINNT\system32\pctspk.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Look forward to hearing your comments cheers for now, Triston

Sorry forgot to say, the virus removal didn't resolve the initial probs, but then I couldn't do it in 'safe mode'

Hi again, thanks for the replies, progress so far, some good some bad, booting in to safemode with networking and safemode, I don't have the use of my mouse, so I cant execute any scans, can't even navigate my way past the evaluation page of Trojan hunter! I did however manage to download the lastest Norton updates. Booting and scanning in the normal O.S Norton found two problems, avAw6.sys and Symsvcsa.exe and Spyware Dr found Trojan downloader.VB.RI and VX2.Look2me, i forgot to say before, when I boot I get a warning from Outpost firewall pro of Internet explorer components change New Jav1c.tmp and Jav11.tmp. This still happens now. Also to add insult to injury, I thought I could resolve the damaged Outlook Express and mouse issues by doing a repair install, wasn't sure about the message warning SP2 cannot be installed over SP4. Then I got to the serial no. and found that in our recent house move I've lost it ! Never rains but pours. Has 2000 pro got a System restore ? Not sure where to go from here.

Cheers will give it a try and see what happens

Hi, my machine picked up a virus , the O.S is 2000pro, it managed to get past Outpost, Norton, Adaware se and Spy bot, none of these could find anything wrong so I installed Spyware Dr which did find problems and a mate installed Trojan Hunter which found several more problems. After trying to fix these, none of these programmes now find anything wrong, however I've been left with a couple of problems: The files for Outlook Express are damaged and I can't use it, but more importantly, the machine still seems to be displaying some 'virus-like' traits. I can't retreive any updates for Norton antivirus, if I try to download them manually, the machine won't install them, if I go to the Symantec site I can't get to any links, I just get an error msg 'Error! the requested page does not exist'. I even tried the online scan at Trend micro, but I get the same error msg when I try to click the icon to perform that. Any ideas much appreciated, and I'll warn you I'm a novice who knows nothing about registry etc !!!!!!!!