TechSpot

Some problems on mu computer

By Jklol
Mar 15, 2007
  1. Well I am new so I'll try my best to explain my problem. Recently my computer has trouble loading up its screen when I log on and takes unusually long. After my computer does load up all the things (like mozilla, my computer, recycle bin) I get a message from Port Magic saying that there was a fatal error and it said something that should have never failed has failed. Also several things won't work now. My avast anti virus gets an error, my internet does not work from it and I cannot turn on my fire wall because of the problem. So I need help and I have a hijackthis log if it helps.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Download the WinsockXPfix from HERE. Run the programme and click fix.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Ok thanks here are all the logs. I have more log I will be posting next.

    Ok but, I still have this problem though. I sometimes have this weird delay on my computer when I type or play any games. I click on my screen and suddenly my computer makes beeping noises. I been having this problem for a while and I still don't know how to get rid of my problem.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Thanks for being so thorough, you`ve done everything correctly, except you haven`t renamed HijackThis.exe properly, nor have you given me the results of the AVG Antirootkit scan.

    This is taken from your HJT log.

    C:\Program Files\hijackThis\Analyze.exe\HijackThis.exe As you can see, you`re still running HijackThis.exe and not Analyze.exe.

    We still have quite a lot of work to do in order to get your system clean.

    Rename HJT and post a fresh log.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Well I can't seem to get a root kit log since it finds nothing unless I was supposed to get one anyway. And here is my HJT
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s ok, I just wanted the results of the AVG Antirootkit scan. Since it didn`t find anything, that`s great.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Acceleration Software
    Anti-Virus
    LegacyGamers
    SEASID~1

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    XRayWatcher.exe
    SS1HEL~1.EXE
    stopsignav.exe
    MSCheck.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {4501EA47-7D98-444A-89A0-062C2FE42150} - C:\WINDOWS\system32\wodskejs.dll

    O3 - Toolbar: X-Ray - {B0B20872-A3FD-4DB9-9107-4930091FD0BF} - C:\WINDOWS\XRay.dll (file missing)

    O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1

    O4 - HKLM\..\Run: [X-Ray Keyword Service] C:\WINDOWS\XRayWatcher.exe

    O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k

    O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

    O4 - HKLM\..\Run: [MSCheck] C:\Program Files\LegacyGamers\MAIET\GunZ\LegacyGamers And MAIET Entertainment\MSCheck.exe

    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\pahtaabe.dll",setvm

    O4 - Global Startup: Ulead Photo Express ??? ???.lnk

    O16 - DPF: {0AFA0CB7-E592-4A87-8C74-C655AADCA579} - http://www.doogle.co.kr/xray/DownCtrl.ocx

    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB

    O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab

    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\LegacyGamers<Delete the entire folder.
    C:\Program Files\Acceleration Software<Delete the entire folder.
    C:\WINDOWS\XRayWatcher.exe
    C:\PROGRA~1\SEASID~1<Delete the entire folder.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\system32\pahtaabe.dll
    C:\WINDOWS\system32\wodskejs.dll

    Once your system has rebooted, rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Here is my log and so far my computer seems fine an I hope it says that way now.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, it appears you`re not running any antivirus software. This is a huge security risk. It also appears you`re running two firewall programmes, Symantec and Zonealarm. This is not recommended and can cause serious conflicts.

    Download one of the following free antivirus programmes.

    AVG free or Avast.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Symantec Network Drivers Service

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    SNDSrvc.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Common Files\Symantec Shared<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Install which ever antivirus programme you chose and reboot your system. Run the antivirus updates.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Ok here is my log and I did download AVG anti-virus, but windows is saying I still don't have an anti-virus on.
     
  10. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    When you're done with all of Howard's recommendations, download Crapcleaner. update it and run it (all sections). Run the cleaner, registry repair, etc.... then reboot.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    It shows that your system is running AVG antivirus. Can you give me the exact message windows is giving you regarding your Antivirus?

    However, your HJT log still shows the O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    entry is running. Did you fix it as per my instructions above?

    If you did, please do the following.

    Go HERE and follow the instructions for getting rid of Symantec/Norton.

    Running Ccleaner is a good idea. However, under no circumstances should you run the Issues scan(registry repair). It has been known to cause serious problems, particularly if you`re not familiar with the registry. Instructions for running Ccleaner can be found in step9 of this thread HERE.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Well here is the message I get.
    [​IMG]
    For the instructions I am sure I did follow the directions of removing it. I will check again now and remove it if it is still there.

    Edit: I fixed the problem I guess with the no anti-virus I had to put a check on monitoring the anti-virus myself and I removed O23 - Service: Symantec Network Drivers Service I think I probably removed something under the same name last time. And on HJT should I delete the backup or leave it alone?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ah, I see what it is now and it`s nothing to worry about.

    Open up the security center in the control panel
    In the left pane click on "change the way windows warns me" and untick all options.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Jklol

    Jklol TS Rookie Topic Starter Posts: 21

    Well I checked again and looked in backups and it said I had 2 of the O23 - Service: Symantec Network Drivers Service and something is weird. My computer is running unusually slow now. It takes a minute to open mu program, they sometimes end up not responding and I scanned my computer. Avg found trojan horses in the HJT backup, VundoFix back up and several in C:\System Volume Infomation\_restore..... should I remove the trojan horses or are they to help run the programs?
     
  15. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    You don't need to delete the stuff in the HJT backup, as that is harmless. However, you should be able to delete the stuff in the VundoFix backup. There must be some malware living in your system restore points, so just disable system restore (instructions HERE). Then turn it on again. This will delete any bad stuff living in your old system restore points and create a new, clean restore point.

    Regards :)
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Jklol only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...