Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Resolved] weird problems

[Fixed] Hijackthis! Logs - [Resolved] weird problems posted in the Security & Safety forums; OK, I have some weird problems and idk if theyre connected.... My IE doesnt work, when i boot up i get a message saying "invalid BOOT.INI file Booting from C:\windows\" ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 12-21-2006
Yuscu2's Avatar
Silver Member
My PC
 
Join Date: Sep 2005
Location: Louisiana
Posts: 117
Yuscu2 - See this Members User comments on their Profile page
Exclamation [Resolved] weird problems
OK, I have some weird problems and idk if theyre connected....
My IE doesnt work,
when i boot up i get a message saying "invalid BOOT.INI file Booting from C:\windows\"
My desktop takes forever to load up and seems to be frozen for 10 minutes or so, then my McAfee pops up and everything is fine

(i tryed to fix the error when i boot with "Fixboot" and it didnt work, then i tryed "fixmbr" which didnt work either)
  #2  
Old 12-21-2006
GaRHaR's Avatar
Tech Support Team
My PC
 
Join Date: Jul 2006
Location: Western Australia
Posts: 6,095
PC Experience: Elite PC Guru
GaRHaR - See this Members User comments on their Profile page GaRHaR - See this Members User comments on their Profile page GaRHaR - See this Members User comments on their Profile page GaRHaR - See this Members User comments on their Profile page GaRHaR - See this Members User comments on their Profile page GaRHaR - See this Members User comments on their Profile page
Send a message via ICQ to GaRHaR Send a message via MSN to GaRHaR Send a message via Yahoo to GaRHaR
Default
Heya Yuscu2

Invalidd boot.ini files should stop your whole computer from loading...strange that it's not.

Can you please follow the prework link in my signiture and post the resulting logs back here for the security team to have a look at for you?


__________________


"Study without desire spoils the memory, and it retains nothing that it takes in."
- Leonardo da Vinci

"I believe in Christianity as I believe that the sun has risen: not only because I see it, but because by it I see everything else."
- C. S. Lewis
  #3  
Old 12-21-2006
Yuscu2's Avatar
Silver Member
My PC
 
Join Date: Sep 2005
Location: Louisiana
Posts: 117
Yuscu2 - See this Members User comments on their Profile page
Default
Logfile of HijackThis v1.99.1
Scan saved at 4:06:20 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\DOCUME~1\Heberts\LOCALS~1\Temp\install.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\anwej.exe
C:\Documents and Settings\Heberts\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Heberts\LOCALS~1\Temp\2006122115184_mc appins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Heberts\LOCALS~1\Temp\20061221151758_m cinfo.exe /insfin
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\windows\anwej.exe
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 - HKLM\..\RunOnce: [DeleteDirYourSiteBar] cmd.exe /c RMDIR /Q "C:\Program Files\YourSiteBar\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/sg/client/SkillGround.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153429784171
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)


by the way, im pretty sure i got some kinda new stuff..b.c my computer says "Your computer is infected!" and then when i click it some spysherrif thing pops up, and im getting ads... i didnt have this before i restrarted my comp. and also my computer is laggy...
  #4  
Old 12-21-2006
Yuscu2's Avatar
Silver Member
My PC
 
Join Date: Sep 2005
Location: Louisiana
Posts: 117
Yuscu2 - See this Members User comments on their Profile page
Default
and, i am now in safe mode with networking, i had to resort to it... i have tons of spy/ad ware after i took off McAfee... most of my problems started after i installed McAfee and uninstalled Norton

ok im back in normal mode, i deleted numerous trojans and im scanning with the free avg at the moment... i did find something verry suspicious: "NewDotNet" which contains "newdotnet6_38.dll" that i cant delete, i think it has masked itself as another program...


Last edited by Yuscu2; 12-21-2006 at 11:50 PM.
  #5  
Old 12-22-2006
Yuscu2's Avatar
Silver Member
My PC
 
Join Date: Sep 2005
Location: Louisiana
Posts: 117
Yuscu2 - See this Members User comments on their Profile page
Default
this is my new log...



Logfile of HijackThis v1.99.1
Scan saved at 8:06:24 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\windows\system32\msasvc.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Heberts\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/sg/client/SkillGround.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\windows\system32\msasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
  #6  
Old 12-22-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,523
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Your new log is much better now, after all the work you've done. Good job!

Please run HijackThis and place a checkmark by the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\windows\system32\msasvc.exe
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Show all hidden files/folders by following the instructions here:
Help: How to Show System Files


Then Navigate to and delete the following file:
C:\windows\system32\msasvc.exe


Reboot again.


Lastly run Panda ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report, along with a new HijackThis log.

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

« [Fixed] Internet Slow | [Resolved] Malware »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 07:11 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top