| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92398 | 2008-08-09 01:19:00 | Hijack this | smudge (13752) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 696014 | 2008-08-09 01:19:00 | This computer has been getting "The blue screen of death" I've run spy bot, ccleaner, Trojan remover -- can someone please check this out. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:40 p.m., on 9/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcu.co.nz O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE1D650-B58F-4CF1-81A1-72D2D9E9BC36}: NameServer = 203.96.152.4,203.96.152.12 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 5245 bytes |
smudge (13752) | ||
| 696015 | 2008-08-09 01:23:00 | Looks clean to me. WHAT does the BSOD say?? Whats the stop error say. and if it shows the name of a file what is it? Tick these, then tick fix checked Close browsers O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe |
Speedy Gonzales (78) | ||
| 696016 | 2008-08-09 01:33:00 | WHAT does the BSOD say?? Its not my computer, but the guy who owns this computer said it keeps coming up as trojan something, he had taken it into PC world, but the blue screen still comes up. Trojan remover didn't find anything either. Whats the stop error say. and if it shows the name of a file what is it? What's stop error? Spybot came up with two errors as well, but they were fixed. Ccleaner had 962 issues!! and over 2GB of junk.. seems to be running a bit faster now. I have removed those two things you said to. If everything else looks clean then hopefully there will be no more issues :) |
smudge (13752) | ||
| 696017 | 2008-08-09 01:40:00 | Did you update trojan remover then scan? And select all options under utilities? Get this as well (www.malwarebytes.org) Install, update then scan A stop error will have something like stop: 0xxxx it tells u what the prob maybe Ask him what the blue screen says The stop error and the name of the driver/file if there's any |
Speedy Gonzales (78) | ||
| 696018 | 2008-08-09 01:53:00 | Not alot of help, he says he isn't sure what the name was, or what it said. He only knows that it came up with a trojan. When I downloaded trojan remover, i updated it first. Downloading anti malware now. |
smudge (13752) | ||
| 696019 | 2008-08-09 01:57:00 | Is there any entries in the event logs corresponding to the BSOD? | stormdragon (6013) | ||
| 696020 | 2008-08-09 02:52:00 | theres nod32 but it says theres no AV BSOD came up Kernal_Stack_Inpage_Error Vista anti virus as came up wont let me close it task manager wont come up cant even read this screen hardly!!! keeps coming up windows has found spyware etc.. Arg it's real bad!! |
smudge (13752) | ||
| 696021 | 2008-08-09 03:11:00 | I can see the screen now. Next to the clock, it says Virus Alert. Vista anti-virus keeps coming up for me to register, it's not recognising NOD32 as it keeps saying there is no anti-virus enabled. I'm running Spybot S&D now, there is alot of errors coming up. But when I ran it before, everything was clear except for 3 items. Task manager has been disabled somehow. I will run another HJT log in a minute and post back here. |
smudge (13752) | ||
| 696022 | 2008-08-09 03:16:00 | All these shortcuts keep coming up on the desktop, gay porn and masterbation sites!! they weren't there before, they just keep putting themselves on the desktop! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36: VIRUS ALERT!, on 9/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\wusb54gc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\VAV\vav.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe" O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll (file missing) O2 - BHO: QXK Olive - {7DD5E9FE-DDCA-4B22-88CD-BA9E0439E9B4} - C:\WINDOWS\wnlmdakqnwt.dll O2 - BHO: mxlivemedia browser optimizer - {a1dd0f28-c46b-ece4-c8ee-206a9b366c48} - C:\WINDOWS\system32\eqgqrrgmyxoj.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: bgrqfetx - {AC5F10A8-46F1-4AC9-9A4F-00AFA5FBD618} - C:\WINDOWS\bgrqfetx.dll O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [\WinFE7.exe] C:\Windows\system32\WinFE7.exe O4 - HKLM\..\Run: [\WinFE8.exe] C:\Windows\system32\WinFE8.exe O4 - HKLM\..\Run: [\WinFE9.exe] C:\Windows\system32\WinFE9.exe O4 - HKLM\..\Run: [\WinFED.exe] C:\Windows\system32\WinFED.exe O4 - HKLM\..\Run: [\WinFF3.exe] C:\Windows\system32\WinFF3.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKLM\..\Run: [{d479e967-54d2-a946-42cd-1e7d21df76a4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eqgqrrgmyxoj.dll" DllStart O4 - HKLM\..\RunOnce: [ Spybot - Search & Destroy] "C:\Program Files\ Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [\WinFE7.exe] C:\Windows\system32\WinFE7.exe O4 - HKCU\..\Run: [\WinFE8.exe] C:\Windows\system32\WinFE8.exe O4 - HKCU\..\Run: [\WinFE9.exe] C:\Windows\system32\WinFE9.exe O4 - HKCU\..\Run: [\WinFED.exe] C:\Windows\system32\WinFED.exe O4 - HKCU\..\Run: [\WinFF3.exe] C:\Windows\system32\WinFF3.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcu.co.nz O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE1D650-B58F-4CF1-81A1-72D2D9E9BC36}: NameServer = 203.96.152.4,203.96.152.12 O21 - SSODL: tfnslopk - {A40AED5F-83C3-48A5-AE53-FAFEE2ADFE14} - C:\WINDOWS\tfnslopk.dll O21 - SSODL: xokvrpwg - {552800E0-CFBD-4C27-976F-C3DFB58B9524} - C:\WINDOWS\xokvrpwg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 7361 bytes |
smudge (13752) | ||
| 696023 | 2008-08-09 03:38:00 | Disable system restore Tick these then tick fix checked Close browsers Watch what you install next time ! Get rid of / uninstall Vista AV 2008, thats why youre getting all this crap. Its malware. Why did you install it anyway?? You had NOD32. Uninstall Vista AV 2008 first If you dont KNOW what youre doing, dont try and fix it ! C:\Program Files\VAV\vav.exe O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll (file missing) O2 - BHO: QXK Olive - {7DD5E9FE-DDCA-4B22-88CD-BA9E0439E9B4} - C:\WINDOWS\wnlmdakqnwt.dll O2 - BHO: mxlivemedia browser optimizer - {a1dd0f28-c46b-ece4-c8ee-206a9b366c48} - C:\WINDOWS\system32\eqgqrrgmyxoj.dll O3 - Toolbar: bgrqfetx - {AC5F10A8-46F1-4AC9-9A4F-00AFA5FBD618} - C:\WINDOWS\bgrqfetx.dll O4 - HKLM\..\Run: [\WinFE7.exe] C:\Windows\system32\WinFE7.exe O4 - HKLM\..\Run: [\WinFE8.exe] C:\Windows\system32\WinFE8.exe O4 - HKLM\..\Run: [\WinFE9.exe] C:\Windows\system32\WinFE9.exe O4 - HKLM\..\Run: [\WinFED.exe] C:\Windows\system32\WinFED.exe O4 - HKLM\..\Run: [\WinFF3.exe] C:\Windows\system32\WinFF3.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKLM\..\Run: [{d479e967-54d2-a946-42cd-1e7d21df76a4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eqgqrrgmyxoj.dll" DllStart O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O21 - SSODL: tfnslopk - {A40AED5F-83C3-48A5-AE53-FAFEE2ADFE14} - C:\WINDOWS\tfnslopk.dll O21 - SSODL: xokvrpwg - {552800E0-CFBD-4C27-976F-C3DFB58B9524} - C:\WINDOWS\xokvrpwg.dll O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Run trojan remover again , then scan, then select all options under utilities Then run my computer, highlight C / right mouse / scan with trojan remover Did you install malwarebytes then update it?? If you did click on scan Then reboot |
Speedy Gonzales (78) | ||
| 1 2 3 4 | |||||