Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

troubles installing programs that run scans


  • This topic is locked This topic is locked
13 replies to this topic

#1 Kaeljia

Kaeljia

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 07 June 2009 - 03:07 PM

I was writing to explain what has been going on with my computer, when I went to copy the info in my shaw secure folder. It froze everything. almost like it didn't want me to see the problems. Never mind copy them and send them to someone else. Its like earlier, I went and downloaded the malware program to help me with my problems thinking it could be related to my stupidly downloading programs that said they would help only after you download it they say you now have to pay.... :thumbsup:
SO I unistall...only to find out that they are still causing me problems. Weeks later I'm now being redirected when I pose a question in google... even facebook is acting up. The page I was writing is still frozen and unresponsive still. I keep sending all these stupid error reports, and yesterday after I uninstalled a simple avi converter program it told me my computer had just recovered from a fatal system error.. or something to that effect.
Needless to say I'm getting pretty frustrated... I've already gone through this once in March, and been without the computer for over a month due to a crash. We lost too much, even after having it all put on an external harddrive. Yesterday before I ran a scan with WIndows livecare online scanning program, I saw that shaw secure had found renamed or quarantined several problems, hackers, trojans, and other malicious problems. I"m lucky to even be on this page still I'm thinking.
I did download the malware scanning program but it wouldn't run for me...so I unistalled it... now I can't reinstall it. even shawsecure is not working properly my computer won't shut down it keeps restarting... I'm beyond frustration.
My daughter recently got utorrent, and has been rebulding her music list, afte we lost even the ones we purchased off of itunes.... since we could only save 350 out of 4500 on her ipod. Four years of music gone.
So if there is any suggestions as to whether this is caused by utorrent or winrar..please let me know. I have not heard of anyone else having problems like this with utorrent but I have heard that winrar can cause problems.

BC AdBot (Login to Remove)

 


#2 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 07 June 2009 - 03:55 PM

So I'm trouble shooting using your tutorials. Which I must thank you for..lolunless they just drive me nuts cause I'm too dimwitted to understand it all. :thumbsup:
so this is a TCP I have that I"m not sure about unless its connected to this site??..
a96-17-15-40.deploy.akamaitechnologies.com:http
it also says close_wait
what does that mean close_wait
?
so far I haven't found anything out of the oridinary to show I've got or had a hacker.. only trojans. which maybe be a result of turorrnet downloads of movies...since the kids have never successfully downloaded one yet without a trojan.. I have run ascan on my download files and it keeps coming back clean. k I know i"m going to be a bother today..to some poor tech that is going to read this..so I apologize in advance. :flowers: I'm off to troubleshoot more in the tutorials.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2009 - 04:30 PM

Merged and moved from XP to a more appropriate forum. TW

#4 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 07 June 2009 - 05:10 PM

so far I've downloaded two programs that were suppose to help me run scans on my computer looking for potential problems. Each time;everything closes down, and they won't run. The combofix tells me I can't rename it to combofix[1] I hadn't done anything.
SO I deleted the file I downloaded and tried again..same thing happened, oh wait the first time I had the program tell me I had to shut down my shawsecure so it could run. So I did and it wouldn't run. Then when I tried to reinstall it said I could not rename.
SO I'm beginning to think there is definetly something wrong, and its smarter than the average dummy. Me.
Neither program was even in control panel add and remove.. they both showed up on the desktop but wouldn't run.

Edited by The weatherman, 07 June 2009 - 05:26 PM.
Merged this also, TW


#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:24 PM

Posted 08 June 2009 - 09:40 AM

Welcome to BC

suggestions as to whether this is caused by utorrent

Torrent sites are a breeding ground for viruses and malware
-----------------------------------



The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


---------------------------------

If mbam won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 June 2009 - 05:29 PM

well I've tried to download this program as well... same thing happened I get it all loading and it comes to finish, I don't even have a chance of choosing it and it closes down. The shortcut is there..the program is installed... but I cannot access it.
I recieved a critical error report:
C:\DOCUME~1\OWNER\LOCALS~1\TEMP\WER1c2c.dir00\Mini060609.08dmp
C:\DOCUME~1\OWNER\LOCALS~1\TEMP\WER1c2c.dir00\Mini060609.sysdata.xml

I wrote it down but cannot remember if the 08dmp was also in the second one or not.
I have uninstalled utorrent and all stuff that was downloaded with it... magiciso and other conversion programs as well as two movies that were downloaded. I do have a predownload scanner that is suppose to find problems or virus'prior to downloading.
I cannot reset my computer back to a previous date. I have run two on line scanners for malware, spyware and virus' and have found nothing, I have run three scans on my computer and still nothing is found.
I cannot shut down my computer is just restarts again. I have to cold boot it. My computer is setup to shut down properly when using cold boot method. Last night the computer just stopped running, only the mouse and alt tab worked..but the pages would not load up they were all frozen.
I am thinking that the only possible solution to this is to reformat my harddrive again. I can access System Restore but after I choose a date to restore to, it won't go past next I can push it all I like it it doesn't do anything.

I am still unable to google queries to do with windows xp it always redirects me to Reg Tools, Registry Mechanic or other sites like it.

Okay, I've managed to download windows defender, only after I unloaded shawsecure. I ran a scan and it says that my computer is running properly. Which is certainly isn't. I am still unable to run a malware or the other program combofix I can install them but not run them.

Edited by Kaeljia, 08 June 2009 - 07:41 PM.


#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:24 PM

Posted 09 June 2009 - 08:28 PM

I am thinking that the only possible solution to this is to reformat my hard drive again

That seems to be your best option at this point

Before giving up, if mbam is installed and just won't run:

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.


Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 10 June 2009 - 07:14 PM

Thank you so much for your help. I did rename the exe file to a bat and it worked.. and found 17 problems...

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/10/2009 4:16:52 PM
mbam-log-2009-06-10 (16-16-48).txt

Scan type: Quick Scan
Objects scanned: 89650
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> No action taken.

Folders Infected:
c:\documents and settings\Owner\Application Data\RegTool (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Logs (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Results (Rogue.RegTool) -> No action taken.

Files Infected:
c:\documents and settings\Owner\application data\RegTool\Logs\2009-05-08 14-00-070.log (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Results\Evidence.db (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Results\Junk.db (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Results\Registry.db (Rogue.RegTool) -> No action taken.
c:\documents and settings\Owner\application data\RegTool\Results\Update.db (Rogue.RegTool) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.

so what do you think? where these a result of downloading and installing programs to find problems on the computer.. or are they from utorrent?

#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:24 PM

Posted 11 June 2009 - 02:40 PM

When the scan was finished, did you click the remove selected tab?

Update mbam and run a FULL scan
Please post the results

Then run ATF and SAS


ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 13 June 2009 - 01:28 AM

Hi, I ran the program.. ten hours later.... here is the result.
my computer still starts up when I shut it down. am wondering if maybe I have it setup to actually shut down only if I push the button..so will have to check that out.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/12/2009 at 10:21 PM

Application Version : 4.26.1004

Core Rules Database Version : 3937
Trace Rules Database Version: 1880

Scan type : Complete Scan
Total Scan Time : 10:21:09

Memory items scanned : 229
Memory threats detected : 0
Registry items scanned : 5664
Registry threats detected : 106
File items scanned : 127426
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.bleepingcomputer[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adecn[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt

Trojan.Unknown Origin
HKU\.DEFAULT\Software\ColdWare
HKU\S-1-5-18\Software\ColdWare

Rootkit.Agent/Gen-GXServ
HKLM\Software\gxvxc
HKLM\Software\gxvxc\disallowed
HKLM\Software\gxvxc\disallowed#avp.exe
HKLM\Software\gxvxc\disallowed#klif.sys
HKLM\Software\gxvxc\disallowed#mrt.exe
HKLM\Software\gxvxc\disallowed#spybotsd.exe
HKLM\Software\gxvxc\disallowed#sasdifsv.sys
HKLM\Software\gxvxc\disallowed#saskutil.sys
HKLM\Software\gxvxc\disallowed#sasenum.sys
HKLM\Software\gxvxc\disallowed#superantispyware.exe
HKLM\Software\gxvxc\disallowed#szkg.sys
HKLM\Software\gxvxc\disallowed#szserver.exe
HKLM\Software\gxvxc\disallowed#mbam.exe
HKLM\Software\gxvxc\disallowed#mbamswissarmy.sys
HKLM\Software\gxvxc\disallowed#pctssvc.sys
HKLM\Software\gxvxc\disallowed#pctcore.sys
HKLM\Software\gxvxc\disallowed#mchinjdrv.sys
HKLM\Software\gxvxc\disallowed#avgfwdx.sys
HKLM\Software\gxvxc\disallowed#avgldx86.sys
HKLM\Software\gxvxc\disallowed#avgmfx86.sys
HKLM\Software\gxvxc\disallowed#avgrkx86.sys
HKLM\Software\gxvxc\disallowed#avgtdix.sys
HKLM\Software\gxvxc\disallowed#hijackthis.exe
HKLM\Software\gxvxc\disallowed#combofix.exe

Trojan.Hugipon
HKLM\System\CONTROLSET002\SERVICES\6TO4
HKLM\System\CONTROLSET002\SERVICES\6TO4#Type
HKLM\System\CONTROLSET002\SERVICES\6TO4#Start
HKLM\System\CONTROLSET002\SERVICES\6TO4#ErrorControl
HKLM\System\CONTROLSET002\SERVICES\6TO4#ImagePath
HKLM\System\CONTROLSET002\SERVICES\6TO4#DisplayName
HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnService
HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnGroup
HKLM\System\CONTROLSET002\SERVICES\6TO4#ObjectName
HKLM\System\CONTROLSET002\SERVICES\6TO4#Description
HKLM\System\CONTROLSET002\SERVICES\6TO4\Config
HKLM\System\CONTROLSET002\SERVICES\6TO4\Interfaces
HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters
HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters#ServiceDll
HKLM\System\CONTROLSET002\SERVICES\6TO4\Security
HKLM\System\CONTROLSET002\SERVICES\6TO4\Security#Security
HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo
HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo#Type
HKLM\System\CONTROLSET003\SERVICES\6TO4
HKLM\System\CONTROLSET003\SERVICES\6TO4#Type
HKLM\System\CONTROLSET003\SERVICES\6TO4#Start
HKLM\System\CONTROLSET003\SERVICES\6TO4#ErrorControl
HKLM\System\CONTROLSET003\SERVICES\6TO4#ImagePath
HKLM\System\CONTROLSET003\SERVICES\6TO4#DisplayName
HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnService
HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnGroup
HKLM\System\CONTROLSET003\SERVICES\6TO4#ObjectName
HKLM\System\CONTROLSET003\SERVICES\6TO4#Description
HKLM\System\CONTROLSET003\SERVICES\6TO4\Config
HKLM\System\CONTROLSET003\SERVICES\6TO4\Interfaces
HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters
HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters#ServiceDll
HKLM\System\CONTROLSET003\SERVICES\6TO4\Security
HKLM\System\CONTROLSET003\SERVICES\6TO4\Security#Security
HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo
HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo#Type
HKLM\System\CONTROLSET004\SERVICES\6TO4
HKLM\System\CONTROLSET004\SERVICES\6TO4#Type
HKLM\System\CONTROLSET004\SERVICES\6TO4#Start
HKLM\System\CONTROLSET004\SERVICES\6TO4#ErrorControl
HKLM\System\CONTROLSET004\SERVICES\6TO4#ImagePath
HKLM\System\CONTROLSET004\SERVICES\6TO4#DisplayName
HKLM\System\CONTROLSET004\SERVICES\6TO4#DependOnService
HKLM\System\CONTROLSET004\SERVICES\6TO4#DependOnGroup
HKLM\System\CONTROLSET004\SERVICES\6TO4#ObjectName
HKLM\System\CONTROLSET004\SERVICES\6TO4#Description
HKLM\System\CONTROLSET004\SERVICES\6TO4\Config
HKLM\System\CONTROLSET004\SERVICES\6TO4\Interfaces
HKLM\System\CONTROLSET004\SERVICES\6TO4\Parameters
HKLM\System\CONTROLSET004\SERVICES\6TO4\Parameters#ServiceDll
HKLM\System\CONTROLSET004\SERVICES\6TO4\Security
HKLM\System\CONTROLSET004\SERVICES\6TO4\Security#Security
HKLM\System\CONTROLSET004\SERVICES\6TO4\Teredo
HKLM\System\CONTROLSET004\SERVICES\6TO4\Teredo#Type
HKLM\System\CONTROLSET004\SERVICES\6TO4\Enum
HKLM\System\CONTROLSET004\SERVICES\6TO4\Enum#0
HKLM\System\CONTROLSET004\SERVICES\6TO4\Enum#Count
HKLM\System\CONTROLSET004\SERVICES\6TO4\Enum#NextInstance
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Description
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security#Security
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance
I have no idea where these came from... I can't believe that my virus and spyware programs could miss these. 82 trojans? 106 all toll in problems. So whats my next step?

#11 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 13 June 2009 - 01:39 PM

So I went to defrag my computer today..and it wouldn't let me. I still cannot restore to another point of time either. It lets me choose it but it doesn't go through with the process... I still have this problem as well
C:\DOCUME~1\Owner\LOCALS~1\Temp|WER3bc3.dir00\Mini060809-04.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp|WER3bc3.dir00\sysdata.xml
I await your help and gratiously thank you for all you've done thus far for me. :thumbsup:

So I figured I would do a check disc from my C: harddrive... went into tools and chose error checking check now. chose both buttons and it said "WIndows was unable to complete check disc.

so I thought I"d try a few run commands
I managed to open up sys edit.. but config.sys and autoexec.bat were unable to open. Now I"m not a techie or anything but should'nt those be opening up LOL man I think my comp is really scrambled. defrag is still not working as well.. I think my operating system is down man.

Edited by Kaeljia, 13 June 2009 - 05:18 PM.


#12 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:24 PM

Posted 13 June 2009 - 07:10 PM

If it were me, I'd reformat, but you can also try submitting a DDS/HJT log



Two options left-Post a HJT log or re-install

If you want to give removal of the infection a try, please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

====================================

Option 2
Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.

In case you need help with this, please review:These links include step-by-step instructions with screenshots:Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, personal data files and photos. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr) or autorun (.ini) files because they may be infected by malwareware appending itself to the executable. Some types of malware may even disguise itself by adding and hiding its extension to the existing extension of files so be sure you look closely at the full file name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

Note: If your using an IBM, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it.

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.

Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 Kaeljia

Kaeljia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 June 2009 - 05:13 PM

Hi Mark, thank you for all your advice and help. I will follow your next instructions. As I read through your notes to me, I realized that I did just as you said not to do.. I reformatted and I cannot recall cleaning my hard drive after the first initial infection. SO I guess the problem was already there just waiting for the right moment to bite me in the butt again.
After I ran the malware program, I ran it again a day later and it showed no problems. My computer even shut down prperly once or twice... I'm still unable to hear sound in internet explorer, I can hear some but no youtube and videos .. its kind of selective.
I am hopefull that I can clean out the webs and moles in my computer so fingers crossed here I go.
Quick question.. why are all the programs downloaded to desktop instead of to C:\program spot?

Edited by Kaeljia, 15 June 2009 - 05:15 PM.


#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:24 PM

Posted 16 June 2009 - 10:00 AM

Hello there,

The C:\Programs location is where INSTALLED programs are located. When you download a program, they should not be downloaded to that location. I have various folders that I download programs to so I can find them if I need to reinstall. That said, many of the programs we use to disinfect computers are of the sort that don't install. It is important to follow the instructions given as downloading to a different location can mess things up.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/234134/trojan-agent-and-other-rogues/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users