| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91534 | 2008-07-09 22:55:00 | Operation has been cancelled due to restrictions in effect on this computer | aniloracman3 (13950) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 687280 | 2008-07-24 07:22:00 | Some of that log looks suss Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {24913958-28DC-4285-8CD9-DF8AC0177BB2} - C:\WINDOWS\repair\patfp.dll (file missing) O2 - BHO: (no name) - {47CD7F67-E19B-4158-A0C6-E9BBE3500834} - (no file) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D7F7ED4A-9C51-4138-B65C-23F17FBC67Cc} - C:\WINDOWS\system32\kxeiddir.dll (file missing) O2 - BHO: (no name) - {F99A109A-E8E2-458E-82B6-24F4E9F1BC91} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2811] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BIJE3YNC\WinFixerScannerInstall[1].exe" -nag O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: &Search - kb.bar.need2find.com O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) These 2 belongs to Sony's DRM (Its part of their rootkit) Dont tick these yet. See if the tool in the link below removes these O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe (file missing) O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe I dont know what this came from O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j5201238.exe (file missing) What have you got that needed Sony's DRM software / rootkit? If you dont know use this to remove it (cp.sonybmg.com) Then reboot |
Speedy Gonzales (78) | ||
| 687281 | 2008-07-24 17:02:00 | should I delete it totally or upgrade? | aniloracman3 (13950) | ||
| 687282 | 2008-07-24 21:21:00 | Just get the file in the previous link I posted, (to remove the rootkit) then tick the rest of the log after, (after you run hijackthis again), then tick fix checked Close browsers when you do it |
Speedy Gonzales (78) | ||
| 687283 | 2008-07-25 17:39:00 | It worked Speedy Gonzales, thank you very much. Will there be any side effects of deleting those things and/or deleting the rootkit? | aniloracman3 (13950) | ||
| 687284 | 2008-07-25 19:10:00 | No probs :) No, there shouldnt be any side affects if you tick what I posted. Dont forget to tick fix checked AFTER. So, they disappear Its probably that rootkit, that screwed up the cd. Then get this, install it update it then scan (http://www.malwarebytes.org) |
Speedy Gonzales (78) | ||
| 687285 | 2008-07-25 19:15:00 | Hey Speedy: Couldn't he just go into Safe Mode and get it cleared? Safe Mode will override any Administrators and Users limitations . I know that I can get into and change any files I want to in Safe Mode/Administrator's Account . . even decrypt any "secret" files and such too . Just a thought . |
SurferJoe46 (51) | ||
| 687286 | 2008-07-25 19:24:00 | ?? Boot into safe mode to clear ? The rootkit you mean or something else? I think that rootkit had something to do with the cd's not working. You would probably have to use that Sony removal file in normal windows, so it could remove the rootkit properly. |
Speedy Gonzales (78) | ||
| 687287 | 2008-07-25 21:35:00 | ?? Boot into safe mode to clear ? The rootkit you mean or something else? I think that rootkit had something to do with the cd's not working . You would probably have to use that Sony removal file in normal windows, so it could remove the rootkit properly . Nah . . . to rectify being locked out because of an unknown password and limited rights to access things . But good point there . . . . . I wonder if clearing out a RK in Safe Mode/Admin-rights would be a lot better and a more sure-fire way to do it with HJT? Would the RK be not running in Safe Mode and therefor accessable? |
SurferJoe46 (51) | ||
| 687288 | 2008-07-25 22:01:00 | It sounds like his system is OK now . It depends if that removal tool works in safe mode, or not . It may not . The rootkit may not run in safe mode, thats the point of safe mode . It only loads whatever, (the basics), so you can get into it If you were locked out of a system, one of these reset cd's, I think ones called NT reset cd or something would probably fix it . I've got some kind of reset cd here somewhere . You boot from it, and select whatever option . And it'll reset the password etc for you |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||