i kinda fixed my computer by using last known good configuration but once in a while my programs are not responding. which is what caused my computer to stop working. what is this stupid thing? did anyone figure out to remove this thing for good?
meishjennie 0 Newbie Poster
ok. i tried rebooting my computer in "Last Known Good Configuration" and it worked. Right now, I'm scanning my computer. But is this enough? Do I need a specific program?
meishjennie 0 Newbie Poster
Everytime I start my computer this comes up:
Lsass.exe - Application Error
The instruction at "0x00401082" referenced memory at "0x00000000." The memory could not be "written".
Click on OK to terminate the program.
Click on CANCEL to debug the program.
I tried both and for each option, the screen goes blank. I can't do anything. What can I do to fix this? Is this a virus or is something wrong with my computer? Thanks so much!
meishjennie 0 Newbie Poster
Control Panal >> Add or Remove Programs
I deleted spybot because some files that spybot deleted were necessary for some programs. everytime i turned on the comp messages like, "error. cannot run because some files seem to be missing"
meishjennie 0 Newbie Poster
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:34 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - …
meishjennie 0 Newbie Poster
i have a question, i removed spybot from my computer but when i turn it on, the spybot icon shows in the icon tray. is there anyway to remove that?
anyways.. here are the logs. :)
combofix log
ComboFix 08-09-16.05 - HP_Owner 2008-09-17 15:47:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2.tmp
C:\Documents and Settings\HP_Owner\Application Data\TSKS~1
C:\Documents and Settings\HP_Owner\Application Data\TSKS~1\T?sks\
C:\Documents and Settings\HP_Owner\Application Data\TSKS~1\taskmgr.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\inst.exe
C:\WINDOWS\system32\adpqqvob.ini
C:\WINDOWS\system32\IPssvyay.ini
C:\WINDOWS\system32\IPssvyay.ini2
C:\WINDOWS\system32\lkemnrwh.ini
C:\WINDOWS\system32\ttjyieqn.ini
C:\WINDOWS\system32\UEeMVvut.ini
C:\WINDOWS\system32\UEeMVvut.ini2
C:\WINDOWS\tsks~1
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
2008-09-16 16:35 . 2008-09-16 16:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-15 22:23 . 2008-09-16 14:11 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-15 21:22 . 2008-09-15 22:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 21:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 21:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 20:09 . 2008-09-15 20:09 116,224 --a------ C:\WINDOWS\system32\sxucpuba.exe
2008-09-14 21:38 . 2008-09-16 14:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-14 21:38 . 2008-09-16 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-13 13:07 . 2008-09-13 13:07 40,368 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-12 18:01 . 2008-09-12 18:09 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-09-12 18:01 . 2008-09-12 …
meishjennie 0 Newbie Poster
i uninstalled spybot s&d from my comp.
but when i search up spybot files/programs in my comp spybot search and destory files and spybot s&d installer comes up. so technically, spybot teatimer is off.. right?
so sorry for the stupid questions. yet again, thanks for taking your time to help me!
meishjennie 0 Newbie Poster
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:41 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 …
meishjennie 0 Newbie Poster
ESET ONLINE SCANNER LOG
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3446 (20080916)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ae870b78f83c4b4482d9ff6003fe76a0
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-16 08:23:46
# local_time=2008-09-16 04:23:46 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=453197
# found=1
# scan_time=4006
C:\Documents and Settings\HP_Owner\Application Data\T?sks\taskmgr.exe probably a variant of Win32/Genetik trojan 8CE14E770005F347F93A95741A4569DB
meishjennie 0 Newbie Poster
hi! thanks for responding.. i ran malwarebytes anti malware twice because i forgot i deleted some files with spybot search and destory. so i undid the changes spybot made and ran malware again. sorry for making it more confusing. >.<
the log for Malwarebytes' Anti-Malware (9/15/08)
Malwarebytes' Anti-Malware 1.28
Database version: 1159
Windows 5.1.2600 Service Pack 2
9/15/2008 10:14:47 PM
mbam-log-2008-09-15 (22-14-47).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124942
Time elapsed: 48 minute(s), 33 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 8
Registry Keys Infected: 29
Registry Values Infected: 9
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 59
Memory Processes Infected:
C:\Program Files\GetModule\GetModule23.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\ctslinjk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\egouotya.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyyxwtu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fegigvlc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\acksgk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfFYSlm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ikqlcexq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ckibah.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98afece9-5bff-41b6-91bf-3cd20a16a7d9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{98afece9-5bff-41b6-91bf-3cd20a16a7d9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7336d32-62f7-43b5-8b8c-3963c72ca498} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffyslm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d7336d32-62f7-43b5-8b8c-3963c72ca498} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4f8e54f-a618-4224-b9be-3cb59a10fd7c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4f8e54f-a618-4224-b9be-3cb59a10fd7c} (Trojan.BHO.H) -> Quarantined …
meishjennie 0 Newbie Poster
Alright, first of all, thanks for clicking on my topic!
anyways, i need serious help. "Server Busy" popups are keep.. well, popping up. there're two buttons: "Switch" which redirects me to the start menu and "Retry" which causes "Server busy" to pop back up again.
also, random websites keep popping up. before i did "spybot-search and destory" i got pop ups from breastcancer.com / red0rit.com / hotcartoongames.com / and some other dating sites. now, i get popups that tell me to download some anti virius software. so im wondering if spybot made my compute worse?..
anyways, i tried superantispyware, atf-cleaner, and spybot (obviously) and they didnt get rid of the viriuses at all.
any help would be appreciated, thank you very much!!
*EDITT
okay, now im getting like sites with girls half naked and stuff. please help. T_T