|
|
Thread Tools | Display Modes |
12-08-2010, 04:35 PM | #11 | ||
Join Date: Aug 2007
Location: Dixmuide, Belgium
Posts: 2,767
|
Pretty hopeless, isn't it _r.u.s.s. ?
Sometimes I forget it's useless to try to help some peeps, and post even if I should know by now they are beyond any help you can offer them. Ahwell, sad but true. ....walks away .......
__________________
Not a member of The Victorious People's Shoutbox Liberation Army. Not a member of the GAG Guerrilla. Don't get A Grip! FOR RENT *Advertising space* |
||
|
|
12-08-2010, 06:14 PM | #12 | ||
Join Date: Jul 2010
Location: ,
Posts: 20
|
Trying this in parts.. won't let me post a whole thing :\
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:44:33 PM, on 8/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2535290 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555 R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll R3 - URLSearchHook: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll O2 - BHO: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll O3 - Toolbar: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll O4 - HKLM\..\Run: [wvwxyasys] rundll32.exe "jkhebx.dll",DllRegisterServer O4 - HKLM\..\Run: [efdcdddrv] rundll32.exe "efddcb.dll",s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [tuvwusdrv] rundll32.exe "efddcb.dll",s O4 - HKUS\S-1-5-18\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [wmsdk64_32.exe] C:\WINDOWS\TEMP\wmsdk64_32.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ljkljkdrv] rundll32.exe "efddcb.dll",s (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab (why isn't it let me post this T___T) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169245842125 O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing) O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (file missing) O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 7552 bytes There is one line that it just will not let me post :S hold on I'll figure something out I can't seem to post the rest at the moment... it keeps saying the server gets restarted or something *sigh* stupid technology I ran Autoruns and Process explorer but I have no clue what I'm looking for in those logs ... I also tried to downloaded Microsoft Security essentials like you said, but when I try to download it I get a command prompt message saying "program is too big to fit in memory" :S And if this is any help one of the error reports is called "dr watson postmortem debugger error" Some people say its nothing some say its a virus but i don't know, it pops up numerous times while I'm on the computer, even the moment I start up before I do anything it pops up. Hope that helps some maybe :S Oh and i ran my scan in safe mode but stuffs still going wrong. I notice it seems to keep finding the same viruses over and over even though it says it fixes them... I should have wrote them down for you next scan I will! Sorry for being so helpless guys O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) (I had to delete the website listed to let me post this :\) Last edited by The Fifth Horseman; 12-08-2010 at 06:34 PM. Reason: One Post is enough not 7!!!!! -.- |
||
|
|
12-08-2010, 06:48 PM | #13 | ||||
Join Date: Oct 2004
Location: Opole, Poland
Posts: 14,276
|
Quote:
Quote:
Quote:
Remove entry. Boot into Safe Mode. Delete or rename the file. Quote:
Remove entry. Boot into Safe Mode. Delete or rename the file. Note: The removal should be done simultaneously. So should be deletion. Some of those assholes have a tendency to come back if even only one of their files was left on your system (been there when cleaning malware from a PC at work in 2008) |
||||
|
|
12-08-2010, 11:31 PM | #14 | ||
Join Date: Jul 2010
Location: ,
Posts: 20
|
Oh thank you! Thanks to everyone. It seems the situation has been cleared. All the random system errors have stopped and iexplore.exe has stopped running. I'm very glad thank you again
|
||
|
|
13-08-2010, 08:24 AM | #15 | ||
Join Date: Oct 2004
Location: Opole, Poland
Posts: 14,276
|
That doesn't mean your system is clean yet.
Make another scan with Spybot and HijackThis, posibly also with another anti-malware/anti-virus program. If nothing shows up, then the problem is most likely solved. Also, use pastebin for the new log: http://pastebin.com/ |
||
|
|
16-08-2010, 05:19 AM | #16 | ||
Join Date: Jul 2010
Location: ,
Posts: 20
|
Forgive me guys, new problem arised... please view my new thread for details since it is quite unrelated and diffrent to my previous problem. I thought a new thread would help attract people who knew how to fix my new problem otherwise I would have just posted it here. Sorry for all the trouble I'm causeing
|
||
|
|
23-09-2010, 05:04 PM | #17 | ||
Join Date: Feb 2009
Location: Dog City, Cayman Islands
Posts: 107
|
Quote:
Just to be sure you should check your MBR. If it is infected you're in deep trouble and even a complete reinstallation won't help. Try Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net A nice and easy to use tool is System Explorer. My biggest requirement for an advanced task-manager was that it forces itself to the foreground in no time no matter what. But I'm impressed about this piece of software. It's quite better then the process explorer imho. If you got a process you don't know about you can simply send it to virustotal.com. It then checks the checksum and in most cases this file was scanned b4 and you also got comments from other users about this file. Is it a threat or not. Can be helpful in lots of cases. Especially when you got 5 similiar looking svchost.exe running edit: check the in and outgoing traffic with your firewall or specialized programs. when there's an svchost.exe listed as outgoing you can be sure that you got malware on your PC Last edited by KrazeeXXL; 29-09-2010 at 08:58 PM. |
||
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Mass Destruction | Luchsen | M | 2 | 29-06-2011 08:37 PM |
Mass Destruction | BranjoHello | Approved Requests | 10 | 29-12-2009 01:01 PM |
dreamweb: unable Allocate expanded memory problem | rsdworker | Troubleshooting | 5 | 26-01-2009 05:10 AM |
Out Of Memory Allocating Buffer Problem? | scyta | Troubleshooting | 4 | 30-07-2007 09:13 PM |
Cannon Fodder & Base Memory Related Problem. | Tinman | Troubleshooting | 1 | 06-05-2005 10:48 AM |
|
|
||
  |