Jump to content


Photo
- - - - -

Computer messed up!


  • This topic is locked This topic is locked
119 replies to this topic

#81 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 06 April 2008 - 05:21 PM

Hi,

Here's the link: http://rapidshare.co...mboFix.txt.html

Waterburn

#82 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 06 April 2008 - 08:02 PM

Can you do the following

Go to START>>RUN>>Type in

services.msc

Hit OK
The Services Windows should open
On the right hand side of the screen
Look for this EXACT service name
Remote Procedure Call (TPM) <-notice the TPM in brackets,
Don't confuse it with (RPC) or (RPC) Locator,


Double click on Remote Procedure Call (TPM)
In the Startup type drop down menu, set to Disabled
Apply and OK it

Next, look for this Exact service name
Remote Access Auto Connection Manager
Double click on it to open it's Properties
In the Startup type drop down menu, set to Manual
Apply and OK it
Exit from the Services windows

NEXT: Go to START>>RUN>>Type in
regedit

Navigate to this Registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto

Left click to Highlight RasAuto
On the right hand side of the screen for this value name
ImagePath
Right click on ImagePath and select Modify

Under Value data:
It should read Exactly this

%SystemRoot%\System32\svchost.exe -k netsvcs

If it doesn't, replace what you have with the above
You can copy>>paste it to ensure it's exact
Exit the registry editor

Reboot the computer, come back here and post a fresh hijackthis log

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#83 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 07 April 2008 - 01:41 PM

Hi,

Here's the Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:43 PM, on 07/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\SoftwareDistribution\Download\3f7da105e4a8ee0eb9cd753ca285be6f\update\update.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/sec...nfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinn...man/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinn...es/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5677 bytes


Thanks!

Waterburn

#84 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 07 April 2008 - 04:05 PM

Hi,

Whenever I open setup.exe, a message pops up: Setup.exe has generated errors and will be closed by windows. You will need to restart the program. An error log is being created. Like the one here: http://rubenlaguna.c.../11/cygwin4.png

So I check drwtsn32.log. I find a part which I think is my error (Here's a translation): Application procedures accident occurred mistakes:
Application procedures: (pid = 1424)
Time: 2008-4-7 @ 17:27:51.605
Unexpected #: c00000fd (stack overflow)


Waterburn

P.S Check the above post


#85 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 April 2008 - 11:01 PM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer

Do you still get an error message
If so, be EXACT of what you are doing when it happens
Are you trying to run a game, if so, how old is it
What game is it?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#86 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 08 April 2008 - 01:36 PM

Hi,

I do still get an error message. I get the message when I double click setup.exe to install the Roller Coaster Tycoon 2. The game is 6 years old which is suitable for my computer since it is 10 years old-> used to be Windows 98.

Thanks!

Waterburn

#87 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 April 2008 - 05:05 PM

Hi,

I do still get an error message. I get the message when I double click setup.exe to install the Roller Coaster Tycoon 2. The game is 6 years old which is suitable for my computer since it is 10 years old-> used to be Windows 98.

Thanks!

Waterburn


This sounds totally unrelated to the problems of malware you were experiencing earlier
You should start a whole new topic about it
I want to finish this topic
Besides the setup.exe error, how is everything running?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#88 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 08 April 2008 - 05:59 PM

Hi,

Besides that everything else is fine. All the problems: copy & paste, drag and drop, links...etc. are fixed.

I gotta to hand it all to you.

Thank you very much!!!! B) B) B)

Waterburn

#89 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 April 2008 - 07:33 PM

To save on room on your harddrive
You can uninstall Kaspersky's online scanner
Bit Defender can be removed within Internet Explorer in the toolbar under TOOLS

Go to START>>RUN>>copy then paste the next entry in bold

ComboFix /u
Then hit OK
This will uninstall combofix

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

When that's done

download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Click the Cleanup! button
    A list will be downloaded>>Allow it Internet access if prompted by your Firewall
    Don't change anything in this list
  • Select Yes at the prompt
    Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop


I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Take a look at miekiemoes site with other ideas on How to prevent Malware:

Keep your new Firewall installed and operational when Online
You can check in it's options to disable the Automatic update, as it won't check for updates

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#90 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 09 April 2008 - 02:29 PM

Hi,

I have a lot of quotes to explain what didn't work in your instructions.

ComboFix /u
Then hit OK
This will uninstall combofix

In run, it doesn't recognize the command.

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

Doesn't exist probably because that was meant for Windows XP

  • Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now

The confirmation box doesn't open.


"Check for updates every couple of weeks"

That button doesn't exist. Do you mean for me to do that? Am I protected if I close SpywareBlaster?


Keep your new Firewall installed and operational when Online
You can check in it's options to disable the Automatic update, as it won't check for updates

Could you clarify?


There is a problem/question in bold after every quote.

Thanks!

Waterburn

#91 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 April 2008 - 05:23 PM

In run, it doesn't recognize the command.
Don't worry about it, Delete these folders if found

C:\Qoobox
C:\Deckard

Then ensure you run OTMoveit2 cleanup instructions

Doesn't exist probably because that was meant for Windows XP

Yup, I have XP on my brain, keep forgetting your running 2000

The confirmation box doesn't open.

Did you allow it to communicate thru Sygates?

Could you clarify?

Double click on the Sygate Icon by the clock to open the Program
Click on TOOLS>>OPTIONS>>UPDATES
Uncheck "Auto check for Updates...."

That button doesn't exist. Do you mean for me to do that? Am I protected if I close SpywareBlaster?

Open SpywareBlaster, it's not really a button, but notice UPDATES on the left hand side?

From the Creators site of SpywareBlaster

The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.

# Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
# Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
# Restrict the actions of potentially unwanted sites in Internet Explorer.


SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web.

And unlike other programs, SpywareBlaster does not have to remain running in the background.


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here