Jump to content

Reagan72

Honorary Members
  • Content Count

    88
  • Joined

  • Last visited

Everything posted by Reagan72

  1. thanks, I have. I will let you know how things went
  2. SOrry for not getting back at you sooner.(it wasnt possible) I've decided to come up with 5 more discs, run the recovery cd creator and try a full system recovery.
  3. I was actually thinking do a full restore-I was going to use the recovery cd creator,but I need 5 more discs. if we can try to continue to fix the problem I'd rather do that p.s. what you suggested in your 2nd to last post- I could'nt do it
  4. nvm I found it, i didnt think it'd be so dayum expensive though-this has been a somewhat depressing day
  5. what would i look for at newegg.com, I put in windows xp in the search and a whole bunch of other stuff came up?
  6. okay retail xp i guess-compaq presario s3000nx
  7. Sometimes not even 5 minutes, other times, maybe 20-30 minutes. Sometimes it wont come on for hours or not at all. No unfortunately i do not have the windows xp cd. Is that something I can obtain online? Oh, task manager still doesnt work and 2 new apps are still present in c:\ "8u1e5q9s9y8.exe" and "i4p5a1y7a7s7.exe"
  8. dayum computer keeps restarting-wont give me a chance to reply all in one post. It keeps restarting with that NT authority/system message. I took a pic so I now have the message in front of me. It reads: This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM Time before shutdown: (i think it starts at 59, when i took the picture I captured it at 15 seconds) Message The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code 0. The system will now shutdown
  9. Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 1 10/3/2008 5:27:40 PM mbam-log-2008-10-03 (17-27-40).txt Scan type: Quick Scan Objects scanned: 54525 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 11 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot.
  10. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "nvmini" found! DisplayName: NVIDIA Compatible Windows Miniport Driver ImagePath: system32\DRIVERS\nvmini.sys Start Type: 2 (Automatic) Rootkit scan completed. Error: file "c:\8b4l8r9h1v9.exe" not found! Deletion of file "c:\8b4l8r9h1v9.exe" failed! Status: 0xc0000
  11. My apologies AS and thank you for your patience. As you might have read in earlier posts, there was someone who wouldnt cooperate with staying off the machine while I was trying to fix it. Waiting for my probation to end seemed like my best bet-with what me wanting to express how I felt about the situation to that person(and that seeming to be the only solution to get cooperation). Serious consequences would've been handed down to me by the law had I not waited and violated probation. Probation was up Friday, did what I had to do-you can imagine I got into a little trouble. Anyways, sorry
  12. Thanks AS, [problem] In etc, I tried to delete the host file but it didnt look like I was successful. I right-clicked on it and clicked on delete then the message: the file 'hosts' is a system file. If you remove it, your computer, or one of your programs may no longer work correctly. Are you sure you want to move it to the recycling bin?" came up. I said yes and then the message disappeared but the hosts file never left. I did this again and went to the recycling bin to see what was there. Sure enough there were two identical copies of the hosts file so I deleted them from the bin. I cli
  13. Thanks Raid, my heart goes out to you and your family. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:35 PM, on 9/25/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\drivers\regvcs.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\wanmpsvc.exe C:\Prog
  14. I dont think so Raid... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:51:33 PM, on 9/22/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windo
  15. Here they go... MBAM: Malwarebytes' Anti-Malware 1.28 Database version: 1185 Windows 5.1.2600 Service Pack 1 9/21/2008 11:21:09 AM mbam-log-2008-09-21 (11-21-09).txt Scan type: Quick Scan Objects scanned: 49960 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 10 Registry Keys Infected: 15 Registry Values Infected: 18 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 30 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader)
  16. I'm sorry Raid. I need clarification... "I need a fresh hijackthislog After you ran mbam and reboot." -did you mean "run mbam and reboot" or "ran mbam and rebooted"? if you want me to run mbam again, let it reboot and then scan with hijackthis and provide the [new hijackthis] log with the log of mbam after i scanned and hit 'show results' but before I rebooted then sure, I will asap. But did you mean that you wanted the hijackthis log from the scan I did with hijackthis after the last time I ran mbam and let it reboot the computer, just like you told me to do in your second to last post, I
  17. I didnt think real people actually said blasted, I only heard that in movies... MBAM: Malwarebytes' Anti-Malware 1.28 Database version: 1182 Windows 5.1.2600 Service Pack 1 9/20/2008 6:57:06 PM mbam-log-2008-09-20 (18-57-06).txt Scan type: Quick Scan Objects scanned: 49586 Time elapsed: 5 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 7 Registry Keys Infected: 14 Registry Values Infected: 11 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 29 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Sett
  18. OTListIt Extras logfile created on: 9/20/2008 1:02:35 PM - Run Owner OTListIt by OldTimer - Version 1.0.4.0 Folder = C:\Documents and Settings\Owner\My Documents Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 223.48 Mb Total Physical Memory | 80.60 Mb Available Physical Memory | 36.06% Memory free 547.12 Mb Paging File | 417.17 Mb Available in Paging File | 76.25% Paging File free Paging file location(s): C:\pagefile.sys 336 672;
  19. OTListIt logfile created on: 9/20/2008 1:02:35 PM - Run 1 OTListIt by OldTimer - Version 1.0.4.0 Folder = C:\Documents and Settings\Owner\My Documents Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 223.48 Mb Total Physical Memory | 80.60 Mb Available Physical Memory | 36.06% Memory free 547.12 Mb Paging File | 417.17 Mb Available in Paging File | 76.25% Paging File free Paging file location(s): C:\pagefile.sys 336 672; %SystemDriv
  20. I come on today and run a scan for the hell of it and the log changed, thought I'd show you ***note*** [HBService32] System.exe & [HBService] explore.exe are both present again(Im guessing killing those .dll's(that are also back) will work now since they are both present again?) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:17 AM, on 9/20/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\s
  21. Hey Raid, I did what you said, but I zipped up the 3 .dll's first in normal mode but they were too big so I went to my email and sent them to marcin. I hope that was okay, but before I did that I successfully deleted those entries but only after I made copies to send to you. So when I verified they were gone by scanning again, I forgot i still had copies on the desktop to send to you(or actually marcin) and when I did that in normal mode and went back to safe mode, and scanned again, they were found again. So I deleted the copies and killed the entries successfully in hijackthis but others c
  22. Thanks, thats good to know. They wont be deleted.(when I try to delete them a message comes up that says "Cannot delete:"name of file": Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk." Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:18:56 PM, on 9/19/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\ls
  23. Thank God, MBAM Malwarebytes' Anti-Malware 1.28 Database version: 1166 Windows 5.1.2600 Service Pack 1 9/17/2008 8:03:00 PM mbam-log-2008-09-17 (20-03-00).txt Scan type: Quick Scan Objects scanned: 53917 Time elapsed: 9 minute(s), 23 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 6 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 30 Memory Processes Infected: C:\WINDOWS\system32\explore.exe (Backdoor.Bot) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\HBmhly.dll (Spyware
  24. It is running fine. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:42:30 PM, on 9/17/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VERITAS Soft
  25. ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-09-14 20:45:28 PROTECTIONS: 0 MALWARE: 10 SUSPECTS: 29 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;========================================================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.