Maybe you're over thinking the problem and that your computer is really junk? Anyways, honestly check your process sesions and see if anything unwanted is running. If nothing seems to out of the ordinary, then maybe your computer is junk.
Maybe you're over thinking the problem and that your computer is really junk? Anyways, honestly check your process sesions and see if anything unwanted is running. If nothing seems to out of the ordinary, then maybe your computer is junk.
Why would you even bother posting if thats the only thing you have to say? Not everyone gets their computer for Christmas, and not everyone can afford to just toss it when it has a problem. I can think of a dozen different rootkits that don't show up as running processes, sorta like the one which killed my hard drive last week. Task Manager is just a quick and dirty way to find out what is hogging all your CPU usage.
As for telling you how to get into Safe Mode, I did.
Quote from coradon »
If for some reason it won't install, reboot your computer in safe mode (by tapping the F8 from a cold start and select Safe Mode WITHOUT Networking) Click yes when it asks you if you want to run in safe mode. Once it comes up, then retry installing HijackThis.
Long time haven't posted, well I did went on Safe Mode (eww small screen) and did use HiJackThis AND Malware Antibytes... On Anti-bytes, I got this virus that started with R, I think it was Rootkit? But it got removed, and here's my log from HiJackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:46 AM, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Safe mode with network support
Ok, get back into Safe Mode and re-run HijackThis! and put check marks next to the following items:
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: 2bb6168d7f94d39addae76c92d0b9bdb (aceefbeabadeeefc) - Unknown owner - C:\WINDOWS\aceefbeabadeeefc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
npkcmsvc.exe is an anti-hacking tool that MapleStory and a few others use to monitor what processes you have running and what key strokes you use, basically to keep you from running bots in their games. IF you dont play them go ahead and delete it, but it most likely will come back until you disable it in the services tab.
One you've put a check mark next to those, click Fix and let it run. Reboot and see if it comes up normally.
Ok, get back into Safe Mode and re-run HijackThis! and put check marks next to the following items:
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: 2bb6168d7f94d39addae76c92d0b9bdb (aceefbeabadeeefc) - Unknown owner - C:\WINDOWS\aceefbeabadeeefc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
npkcmsvc.exe is an anti-hacking tool that MapleStory and a few others use to monitor what processes you have running and what key strokes you use, basically to keep you from running bots in their games. IF you dont play them go ahead and delete it, but it most likely will come back until you disable it in the services tab.
One you've put a check mark next to those, click Fix and let it run. Reboot and see if it comes up normally.
Lol... I'll do that later, I also play Combat Arms.. (Iguana knows).
Yea if you still play Combat Arms, leave the npkcmsvc.exe alone, or you won't be able to connect to it. You also never said whether the things I had you do made any improvement to your machine. Guys like me like to hear the "good job" on occasion, lol.
Yea if you still play Combat Arms, leave the npkcmsvc.exe alone, or you won't be able to connect to it. You also never said whether the things I had you do made any improvement to your machine. Guys like me like to hear the "good job" on occasion, lol.
I'm glad I was able to help. But do me a favor and and rerun your MalwareBytes in safe mode again and see if that Rootkit.TDSS shows up again. I have a feeling it will and its going to be a bit harder to get rid of. Its a pretty nasty virus that not only can and will steal passwords and login info, but it can also re route the DNS info in your router to automatically go to websites with even more nasty bugs.
I'm glad I was able to help. But do me a favor and and rerun your MalwareBytes in safe mode again and see if that Rootkit.TDSS shows up again. I have a feeling it will and its going to be a bit harder to get rid of. Its a pretty nasty virus that not only can and will steal passwords and login info, but it can also re route the DNS info in your router to automatically go to websites with even more nasty bugs.
Well I tried testing Avast if it captures this website virus who commonly people mistype.
youtbue.cm Note: I scrambled the letters so YOU don't get it.
I'm glad I was able to help. But do me a favor and and rerun your MalwareBytes in safe mode again and see if that Rootkit.TDSS shows up again. I have a feeling it will and its going to be a bit harder to get rid of. Its a pretty nasty virus that not only can and will steal passwords and login info, but it can also re route the DNS info in your router to automatically go to websites with even more nasty bugs.
Well I tried testing Avast if it captures this website virus who commonly people mistype.
youtbue.cm Note: I scrambled the letters so YOU don't get it.
And it did!
Ok you really, really need to update your security patches on Windows Update. Websites that cause a virus popup are usually because they are exploiting a vulnerability in your browser that lets that website automatically run scripts. Most of those are fairly quickly fixed but it sounds like you have a few patches missing.
Here is how to update, if you are unsure.
-If you are using Internet Explorer click Tools at the top of the page and then Windows Update.
-Say yes if it asks you if it can install an active X control or some form of update tool.(sorry can't think of the exact name for it)
-Once it does that select Express updates. Depending on how long its been since you have updated, this could take anywhere from 5 mins to an hour, with multiple reboots.
I'm glad I was able to help. But do me a favor and and rerun your MalwareBytes in safe mode again and see if that Rootkit.TDSS shows up again. I have a feeling it will and its going to be a bit harder to get rid of. Its a pretty nasty virus that not only can and will steal passwords and login info, but it can also re route the DNS info in your router to automatically go to websites with even more nasty bugs.
Well I tried testing Avast if it captures this website virus who commonly people mistype.
youtbue.cm Note: I scrambled the letters so YOU don't get it.
And it did!
Ok you really, really need to update your security patches on Windows Update. Websites that cause a virus popup are usually because they are exploiting a vulnerability in your browser that lets that website automatically run scripts. Most of those are fairly quickly fixed but it sounds like you have a few patches missing.
Here is how to update, if you are unsure.
-If you are using Internet Explorer click Tools at the top of the page and then Windows Update.
-Say yes if it asks you if it can install an active X control or some form of update tool.(sorry can't think of the exact name for it)
-Once it does that select Express updates. Depending on how long its been since you have updated, this could take anywhere from 5 mins to an hour, with multiple reboots.
At the risk of sounding too geeky, let me back up a second and give you some info. That Rootkit.tdss infection that MalwareBytes saw and says it removed, is one of the hardest to remove ones out there. What makes it so hard to get rid of is that it stores itself outside of your file system in a tiny bit of unallocated sectors at the end of your drive. Thus you sometimes see evidence its there, like the file MalwareBytes found and removed, but most likely you havn't gotten rid of it completely. The main thing this rootkit does is turn your machine into the part of the "bot nets" you hear about, which would cause alot of the symtoms you first posted.
You most likely didn't get this from a random webpage you visited. It's almost always caught by peer-2-peer downloads of infected stuff or using cracks or keygens you have downloaded. I myself am/was a big fan of my torrents and cracks and have paid the price, losing a 500GB hard drive I'm still trying to fix.
As for the updates I was talking about, they were not just for Internet Explorer, they are mainly for Windows XP, which you are running. Try to check for updates at least once a week. If you REALLY want to see something scary, log into your router and view the incoming connection log and watch how many times a minute someone tries to get thru it. Mine is usually 5 to 10 a minute.
At the risk of sounding too geeky, let me back up a second and give you some info. That Rootkit.tdss infection that MalwareBytes saw and says it removed, is one of the hardest to remove ones out there. What makes it so hard to get rid of is that it stores itself outside of your file system in a tiny bit of unallocated sectors at the end of your drive. Thus you sometimes see evidence its there, like the file MalwareBytes found and removed, but most likely you havn't gotten rid of it completely. The main thing this rootkit does is turn your machine into the part of the "bot nets" you hear about, which would cause alot of the symtoms you first posted.
You most likely didn't get this from a random webpage you visited. It's almost always caught by peer-2-peer downloads of infected stuff or using cracks or keygens you have downloaded. I myself am/was a big fan of my torrents and cracks and have paid the price, losing a 500GB hard drive I'm still trying to fix.
As for the updates I was talking about, they were not just for Internet Explorer, they are mainly for Windows XP, which you are running. Try to check for updates at least once a week. If you REALLY want to see something scary, log into your router and view the incoming connection log and watch how many times a minute someone tries to get thru it. Mine is usually 5 to 10 a minute.
I just remove/checked/did what you said but it feels like nothing changed. I'm going to go back on MalwareBytes and try to do a quick scan... but while I'm there, I'm going to remove some programs I don't use.
MBAM Results:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
That looks clean, yes. But realize the quick scan checked 119,000 files and the full scan checked 482,000 .
I want you to create a new system restore point since that first scan found it hiding in one of the backups. To do it open your Control Panel and click System. Select the System Restore tab and Turn OFF system restore. That will get rid of the previous system saves so you don't bring the virus back if later you need to use System Restore. Click Yes at the popup. Then remove the check mark from Turn Off system restore so its back on. It should show that its monitoring your drives again.
Now if you want to be a little more confident that its gone, try running Trend Micro's HouseCall. Its an online virus scanner that works pretty good and doesn't require much to download or install. Just download the launcher here , install it and run it. Its always good to basically get "a second opinion" so to speak.
That TROJ_Generic.dit is most likely whats called a 'false positive'. Looking around it seems to only show up via Trend Micro. HOWEVER that being said, I would like you to delete the file named "aceefbeabadeeefc.exe" which is located in C:\Windows, just to be safe. I see no purpose in that file being there. Its likely though that when you try to delete it, its going to tell you its in use or access denied. In that case, reboot your computer again in safe mode and try deleting it again.
As for a good anti-virus, you get what you pay for. IF you are willing to pay the $59.95 then I would suggest Kapersky. If, like me you opt for the free one I would stick with Avast. But there are a couple of others you can also try if you like. Avira is a good anti-virus, but no so good when it comes to spyware. AVG is decent also, but for the best use of it, you need to pay, the free versian doesn't have all the bells and whistles.
Well I blame Avast for getting this virus. But I'll just stick with it for a couple of months or so.
Also aceefbeabadeeefc.exe was deleted after you told me about HiJackThis.
Why would you even bother posting if thats the only thing you have to say? Not everyone gets their computer for Christmas, and not everyone can afford to just toss it when it has a problem. I can think of a dozen different rootkits that don't show up as running processes, sorta like the one which killed my hard drive last week. Task Manager is just a quick and dirty way to find out what is hogging all your CPU usage.
As for telling you how to get into Safe Mode, I did.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:46 AM, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O1 - Hosts: 69.112.70.151 game03.xgenstudios.com
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: 2bb6168d7f94d39addae76c92d0b9bdb (aceefbeabadeeefc) - Unknown owner - C:\WINDOWS\aceefbeabadeeefc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8c2c873e2475f) (gupdate1c8c2c873e2475f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10231 bytes
The malware bytes thing log, is here: (two logs)
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
08/01/2010 9:35:45 AM
mbam-log-2010-01-08 (09-35-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 482614
Time elapsed: 1 hour(s), 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{537238E5-9393-48D3-8ADD-200DA2D6528B}\RP126\A0038600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
-------
Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 3
08/01/2010 7:00:13 AM
mbam-log-2010-01-08 (07-00-13).txt
Scan type: Quick Scan
Objects scanned: 75013
Time elapsed: 4 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: 2bb6168d7f94d39addae76c92d0b9bdb (aceefbeabadeeefc) - Unknown owner - C:\WINDOWS\aceefbeabadeeefc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
npkcmsvc.exe is an anti-hacking tool that MapleStory and a few others use to monitor what processes you have running and what key strokes you use, basically to keep you from running bots in their games. IF you dont play them go ahead and delete it, but it most likely will come back until you disable it in the services tab.
One you've put a check mark next to those, click Fix and let it run. Reboot and see if it comes up normally.
Lol... I'll do that later, I also play Combat Arms.. (Iguana knows).
"Good job" is too low... I'd rather say Thanks.
Well I tried testing Avast if it captures this website virus who commonly people mistype.
youtbue.cm Note: I scrambled the letters so YOU don't get it.
And it did!
Ok you really, really need to update your security patches on Windows Update. Websites that cause a virus popup are usually because they are exploiting a vulnerability in your browser that lets that website automatically run scripts. Most of those are fairly quickly fixed but it sounds like you have a few patches missing.
Here is how to update, if you are unsure.
-If you are using Internet Explorer click Tools at the top of the page and then Windows Update.
-Say yes if it asks you if it can install an active X control or some form of update tool.(sorry can't think of the exact name for it)
-Once it does that select Express updates. Depending on how long its been since you have updated, this could take anywhere from 5 mins to an hour, with multiple reboots.
I have Firefox? With Greasemonkey.
It's also not a browser exploit... Web Of Trust users also say it's a typo.
http://www.mywot.com/en/scorecard/youtube.cm
You most likely didn't get this from a random webpage you visited. It's almost always caught by peer-2-peer downloads of infected stuff or using cracks or keygens you have downloaded. I myself am/was a big fan of my torrents and cracks and have paid the price, losing a 500GB hard drive I'm still trying to fix.
As for the updates I was talking about, they were not just for Internet Explorer, they are mainly for Windows XP, which you are running. Try to check for updates at least once a week. If you REALLY want to see something scary, log into your router and view the incoming connection log and watch how many times a minute someone tries to get thru it. Mine is usually 5 to 10 a minute.
I just remove/checked/did what you said but it feels like nothing changed. I'm going to go back on MalwareBytes and try to do a quick scan... but while I'm there, I'm going to remove some programs I don't use.
MBAM Results:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
11/01/2010 7:08:34 PM
mbam-log-2010-01-11 (19-08-34).txt
Scan type: Quick Scan
Objects scanned: 119630
Time elapsed: 8 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
It's a quick scan, does this mean it's gone (since it didn't detect it?)
I want you to create a new system restore point since that first scan found it hiding in one of the backups. To do it open your Control Panel and click System. Select the System Restore tab and Turn OFF system restore. That will get rid of the previous system saves so you don't bring the virus back if later you need to use System Restore. Click Yes at the popup. Then remove the check mark from Turn Off system restore so its back on. It should show that its monitoring your drives again.
Now if you want to be a little more confident that its gone, try running Trend Micro's HouseCall. Its an online virus scanner that works pretty good and doesn't require much to download or install. Just download the launcher here , install it and run it. Its always good to basically get "a second opinion" so to speak.
YOU SIR... IS THE BEST PERSON IN THE WORLD. The virus is gone, I can see My Computer load.
Thank youuuuuu. <3
Now I need some advice on getting the "best" antivirus instead of shitty Avast. :biggrin.gif:
Also check it out, I got a Trojan. I managed to take a screenshot.
http://i48.tinypic.com/2i7kzo2.png
I would suggest Kaspersky.
As for a good anti-virus, you get what you pay for. IF you are willing to pay the $59.95 then I would suggest Kapersky. If, like me you opt for the free one I would stick with Avast. But there are a couple of others you can also try if you like. Avira is a good anti-virus, but no so good when it comes to spyware. AVG is decent also, but for the best use of it, you need to pay, the free versian doesn't have all the bells and whistles.
Also aceefbeabadeeefc.exe was deleted after you told me about HiJackThis.
I got over 9000 false positives with that thing though