Am I Being Hijacked?

Help and Discussion

Moderator: The Mod Squad

Postby Toby B. » Wed Jun 15, 2011 4:24 pm

Any idea why Malwarebytes makes windows xp mad when I use it and reboot? Why won't it restart properly after using Malwarebytes?
Please be more specific. I used MalwareBytes for quite a while on XP and never ran into that big of a problem.
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Malwarebytes makes windows mad

Postby OneSpirit » Thu Jun 16, 2011 11:47 am

When I run Malwarebytes and let it do it's thing ... it found a couple of things and I tell it to remove them ... then malwarebytes says it has to reboot ... when it does windows won't start ... I get a quick flash of a blue screen then widows starts to reboot itself with no prompting. After it starts rebooting it gives me an option of going back to the last know good configuration ... and I'm still left with the same problems as before. Could it be the nasties are causing it?

I went to the site evasive posted and it was just one of those scams where they find all kinds of made up crap then ask you to buy the software ... no thanks.
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby Mr T » Thu Jun 16, 2011 12:07 pm

Yes, thats why I said, note down where they are and try manually deleting them... It wouldn't hurt to download and run CrapCleaner... Run the registry fix tool there too, it may resolve the issue...

All can be got from Filehippo.com...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17093
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Better Performance

Postby OneSpirit » Sat Jun 18, 2011 9:21 am

I did the Panda scan again and made note of the virus location in java ... I believe T stated in another thread that these virus can get through to java ... will I moved/deleted the bad files rebooted and ran ace utilites to clean and fix the registry ... thing are loading up again normally, instead of slow ... hopefully I've got the main bug ... AVG and Comodo have found and got rid of some of the trojans too.

Will post again if more to report ...
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Update

Postby OneSpirit » Sat Jun 18, 2011 11:00 am

Okay I am still getting tabs that are opening taking me to sites like "quiztakeonline" ... "mymoneyonline" ... and when I do a search and click on the link to go to particular sites I'm still getting redirected to pages I don't want to go do ... some times I have to keep clicking and closing the link when redirected until I get to the site I want to see ... so the computer is not operating slow anymore, but I'm still getting these annoying tabs opening ... not all the time ... sometimes ... and the redirecting ... not all the time ... sometimes ...

I'd like to try malwarebytes again, but not for that problem of windows getting mad and not restarting, but keeps rebooting until I tell it to go back to the last known good configuration. When that happen I think that all malwarebytes did was undone ... anyone can clarify on that?
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby Toby B. » Sat Jun 18, 2011 11:30 am

I'd like to try malwarebytes again, but not for that problem of windows getting mad and not restarting, but keeps rebooting until I tell it to go back to the last known good configuration. When that happen I think that all malwarebytes did was undone ... anyone can clarify on that?
Typically will happen with most reliable programs. If a "nasty" is attached to a vital file the said program will try and clean or quarantine it thus causing windows to puke on itself cause its not able to access the needed file.

Hence why evasive said reinstall originally.
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby OneSpirit » Sat Jun 18, 2011 4:23 pm

Are you saying the only way to get rid of the nasty is to reinstall?
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby Toby B. » Sun Jun 19, 2011 6:50 am

OneSpirit wrote:Are you saying the only way to get rid of the nasty is to reinstall?
Its the best, easiest and fastest way yes.

Its not the only way, but less time consuming.
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby Mr T » Sun Jun 19, 2011 8:26 am

After the time you have spent, a reinstall is probably best... I give myself 2 hours too clear a visru, before a back up and reformat... On a customers PC - straight reformat - (backup optional extra).. Saves time and guarantees virus is gone...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17093
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Hijack this file report ...

Postby OneSpirit » Sun Jun 19, 2011 10:25 am

Mr T wrote:After the time you have spent, a reinstall is probably best... I give myself 2 hours too clear a visru, before a back up and reformat... On a customers PC - straight reformat - (backup optional extra).. Saves time and guarantees virus is gone...


I know T ... but, I really want to learn more about clearing viruses ... this is more a learning experience ... if I have to do a reinstall I will, but I like to see if I can clear it out ... since it's my machine and no one is waiting on it ... I figure I got the time to see what I can learn from all this ...

I ran hijack this ... I don't know if this is the right place to post it if not please direct me to the right place ... are there hijack readers on this forum? This is the log I got ... I ran this today. The slowness returned and programs not opening ... the machines sometimes just sits with it thumb up it's @$$. Have to hit the reset button to wake it back up.

Comodo is reporting a lot of trojanware in the windows temp files, it says it clean it, but it keeps coming back and I don't see any of it when I manually search the temp files

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:30 PM, on 6/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pbase.com/clubdiva78/rude_smileys
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" R=450 T=300 A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: &Search - ?s=100000337&p=ZUfox000&si=&a=CV3I0IdGxEPr77WO.HsJAg&n=2010122111
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\..\{400EA44C-5B61-41FE-9EFA-C1B1F36FA005}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{400EA44C-5B61-41FE-9EFA-C1B1F36FA005}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9335 bytes
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

PreviousNext

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest