someone help me with this hyjackthis log

Discussion in 'Malware Help (A Specialist Will Reply)' started by rudeboymcc, Oct 7, 2006.

  1. rudeboymcc

    rudeboymcc Private E-2

    Hi. I've gone through all the Read & Run me first thing (at least tried, the panda online scanner didn't; work as the site said "error on page" and wouldn't let me select anything to scan).

    Problem is i got an msn converstaion saying " is this you in the photo" and someone went to the photo and it installed loads of crap. now about every 30 seconds a pop-up comes up and it's annoying.

    I've attached my hyjackthis log. any help is appreciated! thanks.
     

    Attached Files:

    rudeboymcc, Oct 7, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read the sticky again and complete all the steps requested. There are other logs that you did not attach:
    - Bitdefender
    - GetRunKey
    - ShowNew

    You also have Spybot's Teatimer running which we specifically requested that you not do.

    But even before getting the rest of the logs I need to advise you of the below!

    I want you give you an important heads up so that you can tell your friend. This is very important if the PC was being used for anything financial related (internet banking, purchasing online, credit card stuff etc).
     
    chaslang, Oct 8, 2006
    #2
  3. rudeboymcc

    rudeboymcc Private E-2

    k I've done it all again, this time keeping all the logs.

    i;ve attached them and the runkeys and newfiles txt files just like it says.

    Problems are nearly all gone there's just a couple of anoying ones.

    When I try and go to the windows firewall setting in control panel it says "due to an unidentified problem, windows cannot display windows firewall settings". i'm using sunbelt's keri ofirewall at the moment but clearly there's still something wrog with the comptuer adn i want to fix it.

    also, the drop shadows on my desktop icons don't work anymore. whenever i try changing the visual effects (system>advanced>performance settings) it doesn't make them work and changing wallpaper does nothing.

    and last thign which is the worst, windows secutiry center can't find a working antivirus program although i have Mcafee viruscan eneterprise up and running. it always found it before.

    any help is appreciated, thanks.
     

    Attached Files:

    rudeboymcc, Oct 8, 2006
    #3
  4. rudeboymcc

    rudeboymcc Private E-2

    and hte runkeys and newfiles txt files:
     

    Attached Files:

    rudeboymcc, Oct 8, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below old versions of software:
    J2SE Development Kit 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 6

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    And if you still need the J2SE Development Kit, get the current version from here: http://java.sun.com/javase/downloads/index.jsp

    Is the below ProxyServer setting something you configured and require?
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = v3.cache.bris.ac.uk:8080

    Let's continue by downloading a tools we will need- Pocket KillBox

    Extract it to its own folder somewhere that you will be able to locate it later.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
    O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
    O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
    After clicking Fix, exit HJT.

    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\ccreenfd.exe
    C:\ovvpecjh.exe
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.inf
    C:\WINDOWS\system32\c.exe
    C:\WINDOWS\system32\mny.exe
    C:\WINDOWS\system32\inistone.ini
    c:\windows\system32\stonedrv.exe
    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
    If Killbox does not reboot just reboot your PC yourself.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\michali\Local Settings\Temp
    Now attach a the below new logs and tell me how the above steps went.
    1. ShowNew
    2. HJT


    Make sure you tell me how things are working now!
    If you are still having problems with security center not recognizing McAfee then uninstall McAfee, reboot your PC, and then reinstall McAfee. Make sure you get all updates too.
     
    chaslang, Oct 9, 2006
    #5
  6. rudeboymcc

    rudeboymcc Private E-2

    K the problem is even worse now. It seems I can't start windows normally becuase it restarts as soon as it finishes loading. That means i can't uninstall the java stuff becuase installer doesn't work in safe mode. Another thing I noticed is that sometimes when i restart all the BIOS settings are gone and i have to reconfigure it to boot from the correct hard disk. could all this be caused by a dying battery on the motherboard? had it for about 2 years now.

    I did all the other stuff though and attached both log files. the proxy server is what i was using last year in university accommodation, i don't need it anymore though.

    nb there was no "PendingFileRenameOperations" prompt.

    thanks~!
     

    Attached Files:

    rudeboymcc, Oct 12, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What steps did you take while following my previous instructions and when did the problem begin? What I want to understand is in what order were the steps executed and exactly at what point did the problem begin. Based on your ShowNew log you never completed the first instruction my message!

    Yes it is possible the battery is too old but it seems to be a rather strange coincidence to just show up right now.

    Then have HJT fix those lines too.
     
    chaslang, Oct 13, 2006
    #7
  8. rudeboymcc

    rudeboymcc Private E-2

    The new problems (windows shutting down) started after i completed the sticky guide. I still haven't worked out what's causing it but i can load windows in boot mode. this means that i can't uninstall java becuase hte installer doesn't load in safe mode.

    I've fixed those lines in hJT about the proxy, didn't really expect it to do anything but did it anyway. still having problems.

    What i'm thinking of doing is finind the problem using msconfig. I can load iwndows if i do a selective startup and disabling all system services and startup services. then i 'll just reboot, enabled one every time until the problem occurs. there must be an easier way though!
     
    rudeboymcc, Oct 14, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you do all of the stuff in my previous message (even if done in safe mode)? Did you fix all the stufff with HJT and did you run Killbox and delete those files?

    If so, attach a new HJT log and a new log from ShowNew from safe boot mode.
     
    chaslang, Oct 15, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds