Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

programs not opening and blue screen on shutdown?


  • This topic is locked This topic is locked
2 replies to this topic

#1 dinanm5

dinanm5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 August 2010 - 08:44 PM

hi, im having problems with my computer. it had a bunch of viruses a week ago that i used MBMA to remove then used HijackThis on my computer to delete any entry which i didnt recognize (i have a basic understanding of how HijackThis works, so i dont think i did anything seriously bad here). they were mostly web toolbars that i didnt know about. everything was working well till i received a low virtual memory warning when i woke up in the morning. so i shutdown, added a 1gb ddr2 chip to my laptop that a friend gave me, then turned on the computer to have it working well again. everything is going good, then i came back to my computer to have it telling me low virtual memory again!! then suddenly i could not open chrome because "chrome.exe was not functioning, a re-installation may fix this problem" or something along those lines. then i tried to open internet explorer and it told me the same thing with a different .dll filename. so i went to restart my computer which a blue screen popped up right after it started doing its shutdown procedure. i just restarted quickly (so i dont know what the error said) and have not encountered the same error since. but i am worried that i have not gotten rid of all of this virus that i had before. i think i can still get the old MBMA logs (they should be on the computer still, right?) and i did another scan just today after restarting to find nothing. i have attached the required logs. please any help would be very appreciated.

PS: also another thing that isnt working correctly is when i right click my desktop and go to "display properties", all the tabs are there EXCEPT for "Desktop" where i can change the desktop image and what not. i dont know why that is the case, but maybe it is linked to the problem? i know that one of the viruses that i had before would not let me change my desktop image, but after i cleaned the virus it would allow me to. again i think i have the logs from MBMA so if u guys need that please let me know. THANKS!!

PS#2: im not too sure but for some reason i dont have an attach toolbar on my topic creation section.. not sure if i should just attach the "attach.txt" and "ark.txt" as separate replies with the text pasted in the fields or what. please let me know! thanks again guys!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by TOSHIBA USER at 16:43:48.20 on Sun 08/29/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.830 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TOSHIBA USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TOSHIBA USER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\toshiba user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoActiveDesktop = 2 (0x2)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper = 2‘|
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {522F229A-897A-49B6-BEE8-405C0E6E357A} - hxxps://expressmanager.unishippers.com/account/ScaleX.ocx
DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxp://uone.unishippers.com/prmportal_enu/16279/applets/SiebelOptionPack.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {8D5267D0-657B-4A38-94C7-6F2888EDFC60} - hxxps://expressmanager.unishippers.com/account/KPrintActiveX.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://dhltraining.webex.com/client/T23L/training/ieatgpc.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-25 11608]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-8-21 80640]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-25 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-25 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-25 60936]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-8-21 126976]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-8-21 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-8-21 122368]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-8-21 114464]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-21 29744]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-8-21 245760]

=============== Created Last 30 ================

2010-08-26 01:01:33 0 d-----w- c:\docume~1\toshib~1\applic~1\Avira
2010-08-26 00:58:57 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-26 00:58:50 0 d-----w- c:\program files\Avira
2010-08-26 00:58:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-25 05:24:07 0 d-----w- c:\program files\Trend Micro
2010-08-25 05:11:45 0 d-----w- c:\program files\CleanUp!
2010-08-25 05:05:12 0 d-----w- c:\docume~1\toshib~1\applic~1\Malwarebytes
2010-08-25 05:02:49 0 d-----w- c:\windows\pss
2010-08-25 04:53:26 0 d-----w- c:\program files\CCleaner
2010-08-25 04:49:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 04:49:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 04:49:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 04:49:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-16 04:03:33 0 d-----w- c:\docume~1\toshib~1\applic~1\PriceGong
2010-08-16 04:03:01 0 d-----w- c:\program files\Conduit
2010-08-15 20:00:03 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-15 20:00:03 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-15 20:00:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================


============= FINISH: 16:44:19.75 ===============

Edited by Budapest, 06 September 2010 - 01:32 AM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:50 PM

Posted 06 September 2010 - 12:15 PM

Hello dinanm5, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:50 PM

Posted 10 September 2010 - 05:38 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users