HighJackThis log/recieving random errors

Status
Not open for further replies.
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\tmp.reg
  • Click on the submit button
  • Please post the results in your next reply.
 
OK after doing all that, heres the results. First the Jotti's results.
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: tmp.reg
Status: OK
MD5: 1f2d11a050b9d81b228212092518365e
Packers detected: -
Bit9 reports:

Scanner results
Scan taken on 09 May 2008 23:59:00 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

PANDA REPORT:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-09 18:33:13
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00122892 Adware/ShowBehind Adware No 0 Yes No C:\Documents and Settings\Melody\My Documents\Unzipped\myDLoad file\pokesol\thank.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Melody\Cookies\melody@trafficmp[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\OTHG_ChefTreb\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\mels downloads\Nailfix.zip[Nailfix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jesse\Cookies\jesse@ad.yieldmanager[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jesse\Cookies\jesse@ads.pointroll[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Melody\Cookies\melody@hc2.humanclick[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jesse\Cookies\jesse@realmedia[1].txt
00272231 Trj/FamKeylog.A Virus/Trojan No 0 No No C:\mels downloads\familykeylogger-2.83.zip[FamilyKeyLogger-setup.exe][ctfmon.exe]
00272231 Trj/FamKeylog.A Virus/Trojan No 0 No No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP73\A0021292.exe[ctfmon.exe]
00272231 Trj/FamKeylog.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP64\A0017677.exe
00821548 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP73\A0021292.exe[ctfmon.dll]
00821548 Generic Malware Virus/Trojan No 0 No No C:\mels downloads\familykeylogger-2.83.zip[FamilyKeyLogger-setup.exe][ctfmon.dll]
00821548 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP64\A0017679.dll
00874691 Generic Malware Virus/Trojan No 0 No No C:\mels downloads\familykeylogger-2.83.zip[FamilyKeyLogger-setup.exe][ctfs.dll]
00874691 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP73\A0021292.exe[ctfs.dll]
00874691 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9888817D-0088-4B33-B896-7DA08F76E3C7}\RP71\A0019959.dll
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\OTHG_ChefTreb\Desktop\SmitfraudFix\Reboot.exe
02888408 Trj/BHO.AB Virus/Trojan No 0 Yes No C:\Documents and Settings\OTHG_ChefTreb\Desktop\SmitfraudFix\IEDFix.exe
02888408 Trj/BHO.AB Virus/Trojan No 0 Yes No C:\WINDOWS\system32\IEDFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location G"
;===================================================================================================================================================================================
No C:\WINDOWS\system32\xactengine2_2.dll G"
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description G"
;===================================================================================================================================================================================
182048 HIGH MS07-069 G"
176382 HIGH MS07-057 G"
170906 HIGH MS07-045 G"
170904 HIGH MS07-043 G"
164913 HIGH MS07-033 G"
160623 HIGH MS07-027 G"
150253 HIGH MS07-016 G"
141030 HIGH MS06-072 G"
137568 HIGH MS06-067 G"
126083 HIGH MS06-042 G"
120814 HIGH MS06-021 G"
114664 HIGH MS06-013 G"
;===================================================================================================================================================================================
 
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:07 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Kine\Runner.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.othg-gamers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207341449203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4260 bytes

How The System is doing: It seems to be running great! it boots, opens programs and plays games so much better than my old machine it blows my mind. except for the once in a while random reboots on its own and the recovering from a critical error it seems fine. this afternoon I played a round of COD4 and after the round when it went to the score page it rebooted and gave me an RUNDLL32.exe error, but nothing real critical.
Note: when I ran Memtest through the night last night, I hope I did it right. I made a bootable cd from the iso. I rebooted wth cd in and it did boot to the cd. Never having run this before I didnt know what to look for and most info on what exactly its supposed to look like is not very good. all it did was run numbers in DOS down the left side of my screen, I think they were 8004 and 3202 or something like that. I let it run like that all night, when I got up this morning I rebooted and took the cd out. Is there a log file it posts or something I should look for , I didnt see any errors at all.
Hope thats everything you guys need and a big thanks to techpro5238 for all of his time and effort!
 
Hello OTHG,

Step1

Please delete the following files and folders (if they exist):

C:\Documents and Settings\Melody\My Documents\Unzipped
C:\Documents and Settings\OTHG_ChefTreb\Desktop\SmitfraudFix
C:\mels downloads\Nailfix.zip
C:\WINDOWS\system32\Process.exe
C:\mels downloads\familykeylogger-2.83.zip
C:\WINDOWS\system32\IEDFix.exe

Step2

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step3

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Step4

Please goto:
http://www.windowsupdate.microsoft.com

Download Windows Service Pack 3, and update any updates that are needed.
 
It's no problem at all. I live to serve in malware removal :D.

That's great to hear your system is returning to normal. Just follow my last four steps and we can call you clean.

Kind Regards,
Techpro5238
 
Hello again, Its still doing the same thing, random reboots on its own with a real quick bkuescreen that I cant see whats on it. Yesterday it kept looping, it would reboot with option of how to boot-normally,last known good config or safe mode. it would not boot normally, would just keep looping not even getting to the black windows load screen. So I booted into safe mode remembering what Makaveli said about driver conflict and removed the 174.74 drivers I was using. Running on the VGA drivers it booted into windows fine, I ran driver cleaner and went to Nvidias site and got the 169.21 driver it recommended for my Evga 8800gts. It booted right up and seemed to be doing great and I thought ok then we've gotten it fixed now when it did the same thing again after obout an hour in COD4. At this point Im thinking it could be a heat problem but realtemp shows 25c and hardware monitor shows 33c. Ive never seen it get over 40c even while playing or running Prime95. The only other driver that Ive changed was the realtek sound driver update from Gigabyte, maybe Ill try to roll it back to the one that came on the cd for the motherboard. Other than that I would think it would have to be the memory or PSU wouldnt it? And how do I test them besides replacing them trail and error. Like I said before I ran memtest86 over night but Im not positive it ran correctly beings Im not sure what Im looking at or for.
Thanks again
Chef
EDIT: Im also running Crucial Ballistix DDR2800 at 2.2v that Crucial rated it at instead of the MoBos stock 1.8v, should I put it back to stock settings?
 
Status
Not open for further replies.

Similar threads

G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
K
Computer functioning very slow, log
Replies
3
Views
3K
carnageX
carnageX
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom