*hijack this log*

View previous topic View next topic Go down

Solved *hijack this log*

Post by ryazmom on 8th February 2009, 3:24 pm

The following is the hijackthis log file. I just picked up this laptop and it was loaded with malware,trojan horses,runtime errors.....dll errors. I did run Spybot and I still have issues. One of the virus's that keeps showing up is the one named "brastk".

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:52 AM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tdydowkc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\system32\inf\svchoct.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\1024\SVCHOST.EXE
C:\Documents and Settings\Lisa\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\config\systemprofile\uee.exe \s,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\pdbcopy.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE"
O4 - HKLM\..\Run: [IUpd721] "C:\Documents and Settings\Lisa\Application Data\NI.GSCNS\IUpd721.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [A00F169FB9.exe] "C:\DOCUME~1\Lisa\LOCALS~1\Temp\_A00F169FB9.exe"
O4 - HKCU\..\Run: [DE9F56ECBB1BE329410C6616D67F8B9E] C:\Program Files\A360\av360.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKLM\..\Policies\Explorer\Run: [mininyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080830a.dll tanlt88
O4 - HKLM\..\Policies\Explorer\Run: [minyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080919a.dll tan16d
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_081027a.dll tan16d
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gadcom] "C:\Documents and Settings\Lisa\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrfsjmbl.exe] C:\WINDOWS\jrfsjmbl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnddnakv.exe] C:\WINDOWS\bnddnakv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00F59EEF2.exe] C:\WINDOWS\TEMP\_A00F59EEF2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00F5A62BD.exe] C:\WINDOWS\TEMP\_A00F5A62BD.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - [You must be registered and logged in to see this link.]
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: __c00F4100 - C:\WINDOWS\system32\__c00F4100.dat
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: afisicx Co. Ltd. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe Corporation (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdxdowkc Portable Media Serial Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 10329 bytes

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 3:27 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved MBAM LOG ???

Post by ryazmom on 8th February 2009, 4:35 pm

My log file is to long..I don't see where I can send as a attachment...

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 4:39 pm

Okay, don't need the log right now, lets go onto the next tool.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 4:45 pm

As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.

'EDS.EXE' is not recognized as an internal or external command,
operable program or batch file.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 4:47 pm

That's what DDS says, did it actually make any reports?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 4:59 pm

That is all it did. I copied/pasted the results.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 5:00 pm


  • Download combofix from here [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it. See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 5:33 pm

This is all the text reads....

'SORT.exe' is not recognized as an internal or external command, operable program or batch file.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 5:36 pm

Lets do one other scan.

* Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]


  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


Last edited by Belahzur on 8th February 2009, 7:33 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 7:24 pm

Ok, I did all the above...I restarted the PC and I keep getting this error...svchost.exe Application Error. Followed with a bunch of 0x00000000 referenced memory at 0x00000000 Memory could not be read.

I am using another PC in the house as I am unable to connect on the virus stricken Lap Top.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 7:31 pm

Google gives me this about the error:
[You must be registered and logged in to see this link.]

Try the solution posted, see what happens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 8:08 pm

Ok, I did all that and still get the same error. Darn I wish I had the XP disk. I would wipe everything out. Any other suggestions?

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 8:16 pm

It seems Windows Updates have caused this, maybe not by themself though.

If the updates were trying to install, the malware may have blocked them and technically, the malware manipulated the updates and has caused this damage.
There is a more detailed solution here:
[You must be registered and logged in to see this link.]

Do not rush it otherwise you may get it wrong. Smile
I'll be here if you have any questions.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 8:42 pm

This is the error message I get and I can not connect to the internet.

svchost.exe-Application Error The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read"

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 8:46 pm

Try this.
Reboot, start tapping F8 after the beep.
When the advanced boot menu opens, select "Last known good configuration"
Does the error continue to happen after last known good?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 9:03 pm

No luck..It's still there. :-(

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 9:05 pm

Darn it.
Did you try the solutions in the last link provided?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 9:13 pm

Yes and no.. There were a few directions that I didn't see, I didn't see the options I was given. As in #2 I didn't see this option in the box that opened. It was a blank box.
Also in #3.. I didn't see this either.
1. Click Start->Run, type "services.msc" (without quotation marks) in the open box and click OK.
2. Double click the service "Automatic Updates".
3. Click on the Log On tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 9:29 pm

You didn't get this?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by ryazmom on 8th February 2009, 9:34 pm

Ok, I found that.. Tried to double click on it and nothing happened.
It reads that the startup type is Disabled.

ryazmom
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-02-08
OS OS : xp
Points Points : 28620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Belahzur on 8th February 2009, 9:45 pm

Then right click > properties.
It does the same thing as double clicking it. Wink


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: *hijack this log*

Post by Doctor Inferno on 6th July 2009, 3:16 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum