Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Dont Start Up..


  • Please log in to reply
2 replies to this topic

#1 truvisions

truvisions

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 26 May 2007 - 11:27 AM

Hi

I notice the computer crashed when I donwloaded Net Tools.

I did the AVG scan.. Found like 56 HIGH virus.. mostly trojans.. & did the spybot check too.. in SAFE MODE>.

im typing this post on my cpu.. my infected LAPTOP..

it goes & works normally.. then a BLUE screen pops up & says it most restart to avoid problems.. happens to fast.. cant catch it..

& its hard to catch Safe Mode.. I press f9 all the time.. i have hi jack installed to..

Please help thank you,


TruVisions

BC AdBot (Login to Remove)

 


m

#2 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 26 May 2007 - 11:50 AM

HI JACK THIS LOG::


Logfile of HijackThis v1.99.1
Scan saved at 11:30, on 2007-05-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dx8.dll
O21 - SSODL: HMlOCJeeBCoY - {74E6974D-DE4C-3DE7-4E74-B72A84094E78} - C:\WINDOWS\system32\gnebd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Performance Monitor Command Line Shell (Performance Monitor) - Unknown owner - C:\WINDOWS\perfmon.exe
O23 - Service: Print Spooler SpoolerMSIServer (SpoolerMSIServer) - Unknown owner - C:\WINDOWS\system32\3076d.exe

#3 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 26 May 2007 - 12:18 PM

Combo Fix Log::

"petee" - 2007-05-26 12:02:13 Service Pack 2 [SAFE MODE]
ComboFix 07-05.04.3.V - Running from: "C:\Documents and Settings\petee\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\kernels32.exe
C:\WINDOWS\system32\vexg4am1et2.exe
C:\WINDOWS\system32\vexg6ame4.exe
C:\WINDOWS\system32\vexga1me4t1.exe
C:\WINDOWS\system32\vexga3me2.exe
C:\WINDOWS\system32\vexga4m1et4.exe
C:\WINDOWS\system32\vexga4me1.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\retadpu27.exe
C:\DOCUME~1\petee\APPLIC~1\Install.dat
C:\WINDOWS\2552.exe
C:\WINDOWS\system32\max1d164v.exe
C:\WINDOWS\system32\yrflu.dll
C:\DOCUME~1\petee\APPLIC~1\Microsoft\60787.dat
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\windows\xpupdate.exe
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\Documents and Settings\All Users.\documents\settings
C:\Program Files\ipwindows


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_PERFORMANCE_MONITOR
-------\LEGACY_WINCOM32
-------\Performance Monitor


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-26 09:29 <DIR> d-------- C:\Scansoft
2007-05-26 09:29 <DIR> d-------- C:\DOCUME~1\petee\WINDOWS
2007-05-26 09:21 1,632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe
2007-05-26 09:21 1,632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe
2007-05-26 09:21 1,632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe
2007-05-25 16:28 153,216 --a------ C:\WINDOWS\system32\windev-5ed8-1f05.sys
2007-05-25 16:28 133,621 --a------ C:\WINDOWS\system32\alt.exe
2007-05-25 16:11 544,768 -r-hs---- C:\WINDOWS\perfmon.exe
2007-05-25 16:11 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-25 16:10 61,440 --a------ C:\WINDOWS\system32\aspimgr.exe
2007-05-25 16:09 13,332 --a------ C:\WINDOWS\system32\a3dx8.dll
2007-05-25 16:07 45,664 --a------ C:\WINDOWS\system32\ipv6mons.dll
2007-05-25 16:07 11,253 --a------ C:\xx1232255.exe
2007-05-25 16:07 0 --a------ C:\WINDOWS\system32\kernel32.exe
2007-05-25 16:06 53 --ahs---- C:\WINDOWS\system32\1961269068.dat
2007-05-25 16:06 22,580 -r-hs---- C:\WINDOWS\system32\3076d.exe
2007-05-25 11:59 77,824 --a------ C:\WINDOWS\system32\nmapwin.exe
2007-05-25 11:59 561,179 --a------ C:\WINDOWS\system32\dao360.dll
2007-05-25 11:59 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-05-25 11:59 452,096 --a------ C:\WINDOWS\system32\nmap.exe
2007-05-25 11:59 299,008 --a------ C:\WINDOWS\system32\MSDBRPTR.DLL
2007-05-25 11:59 290,816 --a------ C:\WINDOWS\system32\nmapserv.exe
2007-05-25 11:59 192 --a------ C:\WINDOWS\system32\nmap_performance.reg
2007-05-25 11:59 137,216 --a------ C:\WINDOWS\system32\MSDERUN.DLL
2007-05-25 11:59 114,688 --a------ C:\WINDOWS\system32\CCGNU32.dll
2007-05-25 11:59 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-05-25 11:59 <DIR> d-------- C:\Program Files\WinPcap
2007-05-25 09:59 <DIR> d-------- C:\Program Files\CoreFTP
2007-05-25 09:59 <DIR> d-------- C:\DOCUME~1\petee\APPLIC~1\CoreFTP
2007-05-16 10:43 23,216 --a------ C:\DOCUME~1\petee\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-11 21:52 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-04 16:13 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-04 11:01 <DIR> d-------- C:\avenger
2007-05-04 10:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-04 09:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-04 09:16 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-05-04 09:16 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-04 09:15 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-04 08:20 <DIR> d-------- C:\DOCUME~1\petee\.housecall6.6
2007-05-03 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-25 17:10:47 -------- d-----w C:\DOCUME~1\petee\APPLIC~1.\CoreFTP
2007-05-25 16:59:18 -------- d-----w C:\Program Files\Net Tools
2007-05-19 03:42:40 -------- d-----w C:\Program Files\Badder Adder
2007-05-16 15:43:29 23,216 ----a-w C:\DOCUME~1\petee\APPLIC~1.\GDIPFONTCACHEV1.DAT
2007-05-15 14:50:04 -------- d-----w C:\Program Files\FriendBlasterPro
2007-05-08 14:35:55 -------- d-----w C:\DOCUME~1\petee\APPLIC~1.\uTorrent
2007-04-25 16:41:16 212 ----a-w C:\delete.bat
2007-04-20 05:36:31 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-20 05:36:27 -------- d-----w C:\Program Files\NETGEAR GA511 Adapter
2007-04-20 05:14:41 -------- d-----w C:\Program Files\WinFax
2007-04-20 05:14:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-20 04:38:35 -------- d-----w C:\Program Files\uTorrent
2007-04-20 04:37:25 -------- d-----w C:\DOCUME~1\petee\APPLIC~1.\LoadLiteNew
2007-04-18 16:54:21 -------- d-----w C:\Program Files\Common Files\ParetoLogic
2007-04-18 16:20:30 -------- d-----w C:\Program Files\support.com
2007-03-13 04:03:52 -------- d-----w C:\Program Files\Space Station
2007-02-23 17:59:40 41 ----a-w C:\WINDOWS\WFXDEL.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"XGIWatchDog"="C:\\Program Files\\XGI\\XWatDog.exe"
"RegServer"="regserve.exe"
"Trirot"="Trirot.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"BrMfcWnd"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl06a\\BrStDvPt.exe"
"ControlCenter3"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"*combofix"="C:\\WINDOWS\\system32\\cmd.exe /e:on /f:off /v:off /c C:\\ComboFix\\Combofix.bat "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""
"Service Pack 1"="C:\\WINDOWS\\system32\\vexg6ame4.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{74E6974D-DE4C-3DE7-4E74-B72A84094E78}"="C:\WINDOWS\system32\gnebd.dll" [x]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PXHELP20


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ParetoLogic Update.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 12:07:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-26 12:07:28
C:\ComboFix-quarantined-files.txt ... 2007-05-26 12:07
C:\ComboFix2.txt ... 2007-05-04 10:29




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users