Wierd Error Messages and Symtoms

aianrnoens · Feb 5, 2006

Hi,

The problems I am having are complex and I do not have the knowledge to fix them. I am currently working with a microsoft technition with no success.

The following is a list of symtoms I get when I leave my computer idle for more then an hour.

1. My Internet Connection is Cut off and I am unable to restore it.
2. Control-Alt-Delete produces an error saying that the task manager terminated unexpectedly
3. My desktop Icons stop working
4. I cannot open MyComputer, Any Folders, Run, Msconfig, task manager.
5. Opera, Firefox, Netscape, Internet Explorer, Gecko all refuse to load.
6. My start menu links stop working all except the logoff button.
7. Right clicking on the start button does nothing.
8. My symantec antivirus's auto protect is disabled. and will not reinable nor will the antivirus window open.
9. When I logoff I cannot log on and I get the following error
The server authenticating you reported an error (0xC00000BB)

When I restart my computer everything is fine untill I leave it alone again. I have followed your instructions in the read and run this thing without any problems but the symptoms did not go away.

If anybody has any ideas please help.

Aaron

chaslang · Feb 5, 2006

Attach the two online scan logs from step 6 of the READ ME. These are required to continue.

Then make sure you follow the directions in step 7 to properly install HijackThis and then attach a HijackThis log.

aianrnoens · Feb 6, 2006

Here is the panda activescan log.
The bitdefender scanner kept freezing and would not finish.

I also am attatching a hijack this log.

chaslang · Feb 6, 2006

I repeat:

Then make sure you follow the directions in step 7 to properly install HijackThis and then attach a HijackThis log.
Click to expand...

You have not followed this instructions and as a result have HijackThis installed exactly where we ask that it not be installed.

C:\Documents and Settings\Test\Desktop\HijackThis.exe

After you have installed HijackThis properly, continue with the below.
Look in Add/Remove programs for RXToolbar and uninstall if found.

Make sure viewing of hidden files is enabled (per the tutorial).
Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\u64g9yj.dll
O4 - HKLM\..\Run: [Winrar Application] winrar301.exe
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Microsoft TermBSO] vecx.exe
O4 - HKLM\..\RunServices: [Winrar Application] winrar301.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKCU\..\Run: [RunOnceClearer] C:\WINDOWS\System32\Clearer.exe /k
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://localhost/tsweb/msrdp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0502f65ae624e1222403/netzip/RdxIE601.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\RXToolbar <-- the whole folder
C:\WINDOWS\system32\u64g9yj.dll
C:\WINDOWS\System32\winrar301.exe
C:\WINDOWS\System32\winzip81.exe
C:\WINDOWS\System32\vecx.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

aianrnoens · Feb 6, 2006

Hi,

Sorry about the hijack this thing. I had two copies and attatched the wrong one. I Have deleted the one on the desktop to avoid confusion. My new one is located in c:\program files\hijackthis

I deleted the entries in hijackthis that you recommended. I then restarted in safe mode and looked for those four files in my system32 directory. I could not find any of them

I ran system searches with the following queries without result.

win*.exe
winrar*.exe
winzip*.exe
vex*.exe
u64*.dll

I could not find any of the files.

I also did not find an uninstall entry for rxtoolbar nor was there a directory for it in program files.

I ran Ccleaner and then disabled system restore.
I then restarted in normal mode and reinabled system restore.

I am attatching a hijack this log.

I will evaluate and let you know the results.

chaslang · Feb 6, 2006

Okay! Your log is clean now! If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!

aianrnoens · Feb 6, 2006

Thanks For your help!!

Aaron

Log in or Sign up

Wierd Error Messages and Symtoms

aianrnoens Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

aianrnoens Private E-2

Attached Files:

Activescan.txt

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

aianrnoens Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

aianrnoens Private E-2