Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Page 1 of 2 12 LastLast
Results 1 to 25 of 43

Thread: Bad Image Error, please help.

  1. #1
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37

    Bad Image Error, please help.

    Good morning all, I recieved this error last night, but before I get into that, I must mention a few things that may help in troubleshooting this.
    -I am in the Navy, and just returned to the states from the middle east on April 18th, the last time my laptop had an internet connection was early febuary of 09, and that was on a USO filtered network, in the middle east.
    -The said laptop does not currently have an internet connection, i am currently using the computer in work center onboard my ship, so massive downloads that cannot fit on a 4 gig thumb drive cant happen.

    Okay so the situation is a few days ago i returned to the states, and enjoyed some high speed interenet for the 1st time in 8 months. The 1st few pages I went to, would bring me several pop-ups and errors, common spyware crap it looked like, so i just canceled them, then IE crashed on me, restart IE, and it was fine. for the next few days i resumed my ignorance of this problem until i finally decided to download the trial edition of Norton 360, and during the scan, my laptop crashed. Apon restart I get a "LogonUI.exe - Bad Image" error, stating that "C:\windows\stystem32\gosufido.dll is either not designed to run on windows or it contains an error. Try installing the program again using original installation media or contact system admin or the spftware vendor for support". the only option is to click ok, apon doing so another comes up, this time a logon.scr bad image, and the same thing, another, i click past about 8 of them and windows will launch. apon running any program i will get the same thing, and the program will run after i click past these errors. I have searched many forums, and saw this problem dates back to as far as 03. non of the forums had any fixes that i saw. The laptop is an HP dv6500 running Vista. I do not have the roboot CD, and am willing to try nearly anything at this point. a speedy responce is much appreciated, but i do have all day speaking that im stuck on this damn boat for the next 24 hours. any questions, i will answer. Im not too computer savy, so if its something too complicated, give descent instructions, thank you for your time.

  2. #2
    Join Date
    Mar 2002
    Location
    west Lothian, Scotland.
    Posts
    13,320
    1. To QUICKLY get an OS back up and running...
    Download an iso of some puplet of Puppy Linux...
    Make the "live" optical disk [DVD or CD]...
    Boot that into the desktop [make configuration choices during boot]...
    If there is available some internet connection...
    Click the "Connect" icon on the desktop...
    Or else use "Setup->Network Wizard" to do the necessary.

    2. Then you can take your time trying to fix Windows, whilst you have a working OS.

    3. Recommended puplets of Puppy Linux:
    (a) SMALL.
    Use this BoxPup 4.1.3 ISO file to make a bootable CD [rewritable is good].
    md5sum for BoxPup 4.1.3
    This latest updated version was only recently released a few days back.
    Elegant, stylish, minimalist, small [87MB ISO], FAST, nice features.
    If asked:
    Name = puppy
    Password = linux
    You may need to enter these twice.

    (b) LARGE.
    Muppy Linux 008.4c
    Large ISO [764MB] needs a DVD.
    Comprehensive, lots of goodies, colorful, slightly slower than boxPup but still MUCH faster than Windows.
    Go for this if you can.

    4. See logonUI.exe - Bad Image for possible fix for your Vista.

  3. #3
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Im going to go with option 4 for now, because the others were too much for me to do without detailed instructions, i read through the link and hopefully it will work, will post back shortly

  4. #4
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Okay no fix, that thread states that i can find the original logonui.exe in
    C:Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5 092764d99de, and that i have to replace the corrupted file with the origional, well i tried to do that in safe mode like it said, and then i had to kill explorer like the thread also stated, but then he said to replace the file via cmd or disable wfp, and i really dont know how to do either, any thoughts?

  5. #5
    Join Date
    Mar 2002
    Location
    west Lothian, Scotland.
    Posts
    13,320
    Well, it's very easy to manipulate the folders/files on your Windows partition using "X File Explorer" [Xfe], which is included in Muppy, but needs to be installed in BoxPup.
    [Unless there is some difficulty caused by this being the Vista file system]
    Because you would be doing this whilst Vista is dormant [you're not attempting to mess with files that are in use] I'd expect there to be no problems.
    In Puppy you work as ROOT by default, so have total power.

    I can give you detailed instructions on how to bring a puplet into use if you want them.
    Last edited by Sylvander; 04-26-2009 at 12:18 PM.

  6. #6
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    That sounds good, if i have to download them, then the file must be under 4 gig, my laptop is next to me, but i am on a govt computer, and the download speed is running between 13 - 100 kb/second. I prefer not to be farting around all day, but if its the only option, ill be patient

  7. #7
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Right, ive been on the forums all day today, ive run a system scan in command prompt and it cant start the service. I did a clean boot and the problem still persists, im starting to lean toward the clean sweep, or the computer repair guys, but thats no guarentee
    V/R AEAN Del Gatto, CVN71, USN

  8. #8
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    It appears that you have a fake security (rogue) program problem... Please follow the instructions here to produce a HJT log:

    http://www.pcguide.com/vb/showthread.php?t=60009

    And then do this:

    How to run a scan with Malwarebytes' Anti-Malware

    Download Malwarebytes' Anti-Malware from Here or Here

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.


    You will need to do a manual update of MBAM...
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  9. #9
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    gosufido.dll is a nasty!

    Because your laptop crashed while Norton's was doing a scan, the file 'gosufido.dll' is broken because it was being removed or quarantined. From what I can gather it's a bunch of malware that will need to be purged out, possibly even using some custom scripts to get rid of it all.

    Can you get to Safe Mode? Could you borrow a Vista OS DVD if you don't have restore disks or a restore partition? Also please wait for one of our more knowledgeable malware fighters to assist you further.

    EDIT:
    Budfred slipped in while I was replying.

    Bud, I think he mentioned the inability to boot to Windows normally hence my questions.
    /EDIT
    There's no place like 127.0.0.1

  10. #10
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    I can get into safe mode just fine, gosufido.dll is nto the only file that shows up, i will get 5 or 6 of these messages each program i run, in replacement of gosufido.dll will sometimes be Johazaka.dll or larihisu.dll. Those 3 occur most commonly, in the mean time i will attempt bufreds post
    Last edited by seed323; 04-26-2009 at 03:16 PM. Reason: misread
    V/R AEAN Del Gatto, CVN71, USN

  11. #11
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Quote Originally Posted by Fruss Tray Ted View Post
    gosufido.dll is a nasty!

    Because your laptop crashed while Norton's was doing a scan, the file 'gosufido.dll' is broken because it was being removed or quarantined. From what I can gather it's a bunch of malware that will need to be purged out, possibly even using some custom scripts to get rid of it all.

    Can you get to Safe Mode? Could you borrow a Vista OS DVD if you don't have restore disks or a restore partition? Also please wait for one of our more knowledgeable malware fighters to assist you further.

    EDIT:
    Budfred slipped in while I was replying.

    Bud, I think he mentioned the inability to boot to Windows normally hence my questions.
    /EDIT

    I can boot to windows normally, but i have to click pas about 40 of these errors, then windows will boot, and all programs i try to run will give me about 5-6 of the same errors
    V/R AEAN Del Gatto, CVN71, USN

  12. #12
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    Yep. Follow Budfred's lead, use Safemode if you have to because of the program errors you're encountering.

    I only quoted one file as a reference but it's definitely a malware issue, and Bud is about as good at it as any. His hound dogs got good noses for this kinda stuff...
    There's no place like 127.0.0.1

  13. #13
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    I am unable to get malewarebytes from that website from this computer..... im not on the infected computer. do you have anothe rplace to get it from?
    V/R AEAN Del Gatto, CVN71, USN

  14. #14
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Heres the HJT log by the way, let me know what to do from here

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:50:32 PM, on 4/26/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r65=1184465030
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 82.98.231.89 url.adtrgt.com
    O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {a079832a-caa1-41af-bda4-8eb562fd1028} - C:\Windows\system32\rogiwofi.dll (file missing)
    O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\Windows\system32\wvUkIARh.dll (file missing)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [pipeneroru] Rundll32.exe "C:\Windows\system32\mopazazi.dll",s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [CPM0d8469be] Rundll32.exe "c:\windows\system32\johazaka.dll",a
    O4 - HKLM\..\Run: [0eb75a22] rundll32.exe "C:\Windows\system32\zisizaru.dll",b
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Tom\lsass.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O20 - AppInit_DLLs: C:\Windows\system32\gosufido.dll c:\windows\system32\johazaka.dll c:\windows\system32\larihisu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
    V/R AEAN Del Gatto, CVN71, USN

  15. #15
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    Are you able to run HJT in regular boot mode? I'm sure Budfred will chime in the request to do so if possible. It may have more entries that will show up and possibly be of importance.

    I am surprised to see some nasties in that Safe Mode log but I will defer the prescribing to the doctor's..

    I'm just a med student/nurse holding the penicillin...
    There's no place like 127.0.0.1

  16. #16
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    First: This computer is massively infected including a very nasty infection called virut... Since you are already considering it, my first recommendation would be to wipe and reinstall... If you choose to do that, wipe the hard drive as thoroughly as possible before installing the new install... It is possible that any personal information stored on the computer is already in the hands of criminals, so you may need to contact any credit card, bank or other financial companies you have done business with on this computer to change passwords, account numbers and so on... Use a phone or mail to contact them since anything done on this computer is likely to be stolen and you will be no better off...

    If you opt to clean this up, there is no guarantee that it will ever be completely free again on this install... Keeping that in mind, if you choose to make the effort, please do this:

    Try this site for MBAM

    http://www.filehippo.com/download_ma..._anti_malware/

    If you are connected to the Internet at all, please do NOT log on with "Safe mode with network support" -- it leaves your computer wide open to infection and strengthening the infections that are already there... Just use Safe Mode...

    To see if you can weaken the pest, please open another HJT scan and put checks next to:

    O1 - Hosts: ::1 localhost
    O1 - Hosts: 82.98.231.89 url.adtrgt.com
    O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {a079832a-caa1-41af-bda4-8eb562fd1028} - C:\Windows\system32\rogiwofi.dll (file missing)
    O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\Windows\system32\wvUkIARh.dll (file missing)
    O4 - HKLM\..\Run: [pipeneroru] Rundll32.exe "C:\Windows\system32\mopazazi.dll",s
    O4 - HKLM\..\Run: [CPM0d8469be] Rundll32.exe "c:\windows\system32\johazaka.dll",a
    O4 - HKLM\..\Run: [0eb75a22] rundll32.exe "C:\Windows\system32\zisizaru.dll",b
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\Windows\system32\gosufido.dll c:\windows\system32\johazaka.dll c:\windows\system32\larihisu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll

    Once you have checked all of these items, please close all windows except HJT and press "Fix checked"...

    Reboot and post a new HJT log, preferably from Normal Mode...

    You will also need to run this program, so please download it, run it and post that log along with the MBAM and HJT log... You will probably need several posts to post it all...

    1. Download this file -
    ComboFix
    2. Double click ComboFix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  17. #17
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    This is the regular boot log of HJT, it failed the 1st time halfway through due to "Unknown Issues", told me to re-run as administrator, this is the administrative run.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:40:02 PM, on 4/26/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\HJT\HijackThis.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\msfeedssync.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r65=1184465030
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 82.98.231.89 url.adtrgt.com
    O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {a079832a-caa1-41af-bda4-8eb562fd1028} - C:\Windows\system32\rogiwofi.dll (file missing)
    O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\Windows\system32\wvUkIARh.dll (file missing)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [pipeneroru] Rundll32.exe "C:\Windows\system32\mopazazi.dll",s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [CPM0d8469be] Rundll32.exe "c:\windows\system32\johazaka.dll",a
    O4 - HKLM\..\Run: [0eb75a22] rundll32.exe "C:\Windows\system32\zisizaru.dll",b
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Tom\lsass.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O20 - AppInit_DLLs: C:\Windows\system32\gosufido.dll c:\windows\system32\johazaka.dll c:\windows\system32\larihisu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\johazaka.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE

    --
    End of file - 8298 bytes
    V/R AEAN Del Gatto, CVN71, USN

  18. #18
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Okay, i just had HJT fix those selected files from your post earlier, just rebooted in normal mode, and the error message is gone, but as you said before, there still may be more, and i want to ensure that it is clean before i close the case. I am in the process of getting malwarebyts, but im not sure it will work, that may have to wait until tomorrow afternoon when i get on an unfiltered connection, govt computer wont let me download most stuff, for this very reason. while i wait for this download to fail, im going to get an updated HJT log for you, will post it shortly.
    V/R AEAN Del Gatto, CVN71, USN

  19. #19
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Updated HJT running normal boot


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:57:27 PM, on 4/26/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r65=1184465030
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Tom\lsass.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE

    --
    End of file - 7008 bytes
    V/R AEAN Del Gatto, CVN71, USN

  20. #20
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Ha well, i just got my ass reamed for being late to my duty section muster, i was in the middle of transfering the HJT log earlier, when i heard the bell go off for muster, but they can deal with it, go figure my muster PO is a complete turd. but anyway, malwarebyts will not download on this computer, so i will have to wait till tomorrow to get it from my home connection in the afternoon. would you suggest i keep the tainted machine disconnect from web and just get malwarebytes from my roomate?
    V/R AEAN Del Gatto, CVN71, USN

  21. #21
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    would you suggest i keep the tainted machine disconnect from web ?
    Absolutely! Either disconnect cables or if wireless, shut the thing down or disable the wireless network.

    I don't know if Norton's360 has a firewall built in to it's AV and I didn't look hard to find another in your HJT log, but the safe bet is to disable communications except when actively downloading or uploading something YOU want. If unattended, the incoming and outgoing IP traffic could be worsening the issue without any of our knowing.

    and just get malwarebytes from my roomate?
    You may be able to keep this PC disconnected if you can download files with another and use a write protected file transfer with disks or pen drives with a specific ability to be write protected. Physically or with software. Personally, I like the fingernail switches on the device itself. You don't want to reverse flow (data, like tides..) and cause any other PC trying to help, to become infected.

    This is why I still like write once, read only disks ie CD's. You can keep a huge pile of helpful apps without the risk of cross contamination.
    There's no place like 127.0.0.1

  22. #22
    Join Date
    Apr 2009
    Location
    Norfolk, VA
    Posts
    37
    Quote Originally Posted by Fruss Tray Ted View Post
    I don't know if Norton's360 has a firewall built in .
    yes norton does come with a firewall, but im looking to get Avast when i get back to my house tomorrow afternoon, along with it im looking to get the other programs you sugested earlier. Im going to try to ride this one out without wiping the hard drive, for i do have alot of music files that i would surely loose. But if the problem persists,i wont hesitate to wipe the thing. Im alittle nervouse about changing my account numbers and all that, because it may be overkill, i know im not very computer savvy, but im not stupid enough to store that kind of stuff on any thing i cant shread, but i do realize they can read my internet transactions, but i didnt buy anything with on the web since this problem occured, but if you still think im in danger, let me know, and actually explain that one very basically, i am interested if it is threatening. I believe this will be my last post for the night, but i will be back tomorrow afternoon to give the update after i do the malwarebytes scan. Thank you for your much needed/useful information guys, talk to you tomorrow.
    V/R AEAN Del Gatto, CVN71, USN

  23. #23
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    The firewall Norton bought rights to is the one I still use from back when it had a freeware version. You'll need something to accompany Avast AV. Try Sygate
    There's no place like 127.0.0.1

  24. #24
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Virut is still showing in that log...

    I agree with FTT to disconnect completely from the Internet... If you do connect, only do it long enough to download a tool and then get off again...

    If you can't get MBAM, see if you can get ComboFix and run it -- it will probably do better with virut anyway...

    Once you are cleaned up, I will give you more ideas about prevention... In the meanwhile, please don't remove your antivirus or change other parts of your security, it can actually make things worse...
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  25. #25
    Join Date
    Oct 2001
    Location
    N of the S of Ireland
    Posts
    20,504
    I fully agree with earlier suggestions to wipe and clean reinstall. Suspect you will save yourself much time in the long run and only then know you have a clean system. Burn any valuable data files to a CD beforehand. The CD can be scanned later for infected files and would be safe to access if it contains no autorun information. You can grab such data using Knoppix (as in my sig) if nothing else works.
    Take nice care of yourselves - Paul - ♪ -
    Help to start using BiNG. Some stuff about Boot CDs & Data Recovery Basics & Back-up using Knoppix.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •