Well I am new so I'll try my best to explain my problem. Recently my computer has trouble loading up its screen when I log on and takes unusually long. After my computer does load up all the things (like mozilla, my computer, recycle bin) I get a message from Port Magic saying that there was a fatal error and it said something that should have never failed has failed. Also several things won't work now. My avast anti virus gets an error, my internet does not work from it and I cannot turn on my fire wall because of the problem. So I need help and I have a hijackthis log if it helps.
Some problems on mu computer
- Thread starter Jklol
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Download the WinsockXPfix from HERE. Run the programme and click fix.
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Download the WinsockXPfix from HERE. Run the programme and click fix.
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Ok thanks here are all the logs. I have more log I will be posting next.
Ok but, I still have this problem though. I sometimes have this weird delay on my computer when I type or play any games. I click on my screen and suddenly my computer makes beeping noises. I been having this problem for a while and I still don't know how to get rid of my problem.
Ok but, I still have this problem though. I sometimes have this weird delay on my computer when I type or play any games. I click on my screen and suddenly my computer makes beeping noises. I been having this problem for a while and I still don't know how to get rid of my problem.
howard_hopkinso
Posts: 21,238 +17
Thanks for being so thorough, you`ve done everything correctly, except you haven`t renamed HijackThis.exe properly, nor have you given me the results of the AVG Antirootkit scan.
This is taken from your HJT log.
C:\Program Files\hijackThis\Analyze.exe\HijackThis.exe As you can see, you`re still running HijackThis.exe and not Analyze.exe.
We still have quite a lot of work to do in order to get your system clean.
Rename HJT and post a fresh log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This is taken from your HJT log.
C:\Program Files\hijackThis\Analyze.exe\HijackThis.exe As you can see, you`re still running HijackThis.exe and not Analyze.exe.
We still have quite a lot of work to do in order to get your system clean.
Rename HJT and post a fresh log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That`s ok, I just wanted the results of the AVG Antirootkit scan. Since it didn`t find anything, that`s great.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Acceleration Software
Anti-Virus
LegacyGamers
SEASID~1
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
XRayWatcher.exe
SS1HEL~1.EXE
stopsignav.exe
MSCheck.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {4501EA47-7D98-444A-89A0-062C2FE42150} - C:\WINDOWS\system32\wodskejs.dll
O3 - Toolbar: X-Ray - {B0B20872-A3FD-4DB9-9107-4930091FD0BF} - C:\WINDOWS\XRay.dll (file missing)
O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
O4 - HKLM\..\Run: [X-Ray Keyword Service] C:\WINDOWS\XRayWatcher.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [MSCheck] C:\Program Files\LegacyGamers\MAIET\GunZ\LegacyGamers And MAIET Entertainment\MSCheck.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\pahtaabe.dll",setvm
O4 - Global Startup: Ulead Photo Express ??? ???.lnk
O16 - DPF: {0AFA0CB7-E592-4A87-8C74-C655AADCA579} - http://www.doogle.co.kr/xray/DownCtrl.ocx
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\LegacyGamers<Delete the entire folder.
C:\Program Files\Acceleration Software<Delete the entire folder.
C:\WINDOWS\XRayWatcher.exe
C:\PROGRA~1\SEASID~1<Delete the entire folder.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
These are the filepaths you need to enter into killbox.
C:\WINDOWS\system32\pahtaabe.dll
C:\WINDOWS\system32\wodskejs.dll
Once your system has rebooted, rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Acceleration Software
Anti-Virus
LegacyGamers
SEASID~1
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
XRayWatcher.exe
SS1HEL~1.EXE
stopsignav.exe
MSCheck.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {4501EA47-7D98-444A-89A0-062C2FE42150} - C:\WINDOWS\system32\wodskejs.dll
O3 - Toolbar: X-Ray - {B0B20872-A3FD-4DB9-9107-4930091FD0BF} - C:\WINDOWS\XRay.dll (file missing)
O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
O4 - HKLM\..\Run: [X-Ray Keyword Service] C:\WINDOWS\XRayWatcher.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [MSCheck] C:\Program Files\LegacyGamers\MAIET\GunZ\LegacyGamers And MAIET Entertainment\MSCheck.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\pahtaabe.dll",setvm
O4 - Global Startup: Ulead Photo Express ??? ???.lnk
O16 - DPF: {0AFA0CB7-E592-4A87-8C74-C655AADCA579} - http://www.doogle.co.kr/xray/DownCtrl.ocx
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\LegacyGamers<Delete the entire folder.
C:\Program Files\Acceleration Software<Delete the entire folder.
C:\WINDOWS\XRayWatcher.exe
C:\PROGRA~1\SEASID~1<Delete the entire folder.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
These are the filepaths you need to enter into killbox.
C:\WINDOWS\system32\pahtaabe.dll
C:\WINDOWS\system32\wodskejs.dll
Once your system has rebooted, rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
However, it appears you`re not running any antivirus software. This is a huge security risk. It also appears you`re running two firewall programmes, Symantec and Zonealarm. This is not recommended and can cause serious conflicts.
Download one of the following free antivirus programmes.
AVG free or Avast.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Symantec Network Drivers Service
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
SNDSrvc.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\Symantec Shared<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Install which ever antivirus programme you chose and reboot your system. Run the antivirus updates.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
However, it appears you`re not running any antivirus software. This is a huge security risk. It also appears you`re running two firewall programmes, Symantec and Zonealarm. This is not recommended and can cause serious conflicts.
Download one of the following free antivirus programmes.
AVG free or Avast.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Symantec Network Drivers Service
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
SNDSrvc.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\Symantec Shared<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Install which ever antivirus programme you chose and reboot your system. Run the antivirus updates.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
It shows that your system is running AVG antivirus. Can you give me the exact message windows is giving you regarding your Antivirus?
However, your HJT log still shows the O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
entry is running. Did you fix it as per my instructions above?
If you did, please do the following.
Go HERE and follow the instructions for getting rid of Symantec/Norton.
Running Ccleaner is a good idea. However, under no circumstances should you run the Issues scan(registry repair). It has been known to cause serious problems, particularly if you`re not familiar with the registry. Instructions for running Ccleaner can be found in step9 of this thread HERE.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
It shows that your system is running AVG antivirus. Can you give me the exact message windows is giving you regarding your Antivirus?
However, your HJT log still shows the O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
entry is running. Did you fix it as per my instructions above?
If you did, please do the following.
Go HERE and follow the instructions for getting rid of Symantec/Norton.
Running Ccleaner is a good idea. However, under no circumstances should you run the Issues scan(registry repair). It has been known to cause serious problems, particularly if you`re not familiar with the registry. Instructions for running Ccleaner can be found in step9 of this thread HERE.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Well here is the message I get.
For the instructions I am sure I did follow the directions of removing it. I will check again now and remove it if it is still there.
Edit: I fixed the problem I guess with the no anti-virus I had to put a check on monitoring the anti-virus myself and I removed O23 - Service: Symantec Network Drivers Service I think I probably removed something under the same name last time. And on HJT should I delete the backup or leave it alone?
For the instructions I am sure I did follow the directions of removing it. I will check again now and remove it if it is still there.
Edit: I fixed the problem I guess with the no anti-virus I had to put a check on monitoring the anti-virus myself and I removed O23 - Service: Symantec Network Drivers Service I think I probably removed something under the same name last time. And on HJT should I delete the backup or leave it alone?
howard_hopkinso
Posts: 21,238 +17
Ah, I see what it is now and it`s nothing to worry about.
Open up the security center in the control panel
In the left pane click on "change the way windows warns me" and untick all options.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Open up the security center in the control panel
In the left pane click on "change the way windows warns me" and untick all options.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Well I checked again and looked in backups and it said I had 2 of the O23 - Service: Symantec Network Drivers Service and something is weird. My computer is running unusually slow now. It takes a minute to open mu program, they sometimes end up not responding and I scanned my computer. Avg found trojan horses in the HJT backup, VundoFix back up and several in C:\System Volume Infomation\_restore..... should I remove the trojan horses or are they to help run the programs?
kitty500cat
Posts: 1,391 +6
You don't need to delete the stuff in the HJT backup, as that is harmless. However, you should be able to delete the stuff in the VundoFix backup. There must be some malware living in your system restore points, so just disable system restore (instructions HERE). Then turn it on again. This will delete any bad stuff living in your old system restore points and create a new, clean restore point.
Regards
Regards
howard_hopkinso
Posts: 21,238 +17
Please post a fresh HJT log.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
