|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Please Help Me i am about to go crazy!!
Hi everybody here is my situation:
My pc was working as usual and nothing out of the ordinary had happened before for some reason it got messed up. By messed up I mean that when I turn on the pc it will appear the log on screen and after clicking on the username it will take a loooooooonggg time to load (about 30 min) and just the day before it used to take around 5 min. Also the pc kinda freezes because the watch remains on the same hour until if "unfreezes". There are also some messages that appeared on the screen. One of them says that the virtual memory is too low and the other one says that "the application failed to initialize properly (0xc000012d). I started thinking about how was i going to fixed my compu and trust me i have done many things. Scan for virus with mcaffe (which i haven't upgraded that much) scan with spyware doctor, scan with spybot, scan with ad-aware and finally defragment the pc. The only "possitve" results were that thet messages (above) doesn't appear anymore but it STILL takes the same amount of time to start up. I have gone in save mode and it worked but once i got there I didn't know what to do so i jsut shut down my pc..hehehe.Finally here is a coppy of log that was made with hijackthis: Logfile of HijackThis v1.98.2 Scan saved at 8:00:51 PM, on 1/24/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\AIM95\aim.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\qsacc\x1exec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\mdm.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Fernando\Local Settings\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/r...&c=1c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\CpqFeatures\Content\DT\USEN\about.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:7900 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.un td.com;127.0.0.1;localhost;*windowsupdate.microsof t.com;*windowsupdate.com;*wustat.windows.com;*.pog o.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveup date.symantec.com;service1.symantec.com;*.nai.com; *.networkassociates.com;<local> R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [mvrkfzqu] C:\WINDOWS\System32\mvrkfzqu.exe O4 - HKLM\..\Run: [MMTray] C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.c...es/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab33902.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1DEC378-F634-45DF-A067-A00A8E0F9C14}: NameServer = 64.136.28.120 64.136.20.120 |
#2
|
|||
|
|||
This is the only file I can see that need to come out.The rest look ok.
O4 - HKLM\..\Run: [mvrkfzqu] C:\WINDOWS\System32\mvrkfzqu.exe |
#3
|
||||
|
||||
Howdy:
I would also suggest upgrading to SP1 or SP2.. Microsoft will begin stopping any XP system from getting updates, fixes, patches that do not have a minimum SP1 installed.. Murray |
#4
|
|||
|
|||
thanks
i'll try |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Xp going crazy on me.............. | Specops70 | Malware Removal | 9 | June 20th, 2008 02:27 AM |
Am I crazy? | dduc | The Anything Else Board | 4 | October 17th, 2007 09:44 PM |
Am I Crazy? | tastebites | Malware Removal | 2 | October 19th, 2006 07:19 PM |
PC's gone crazy | jessiemc12 | Applications | 0 | September 27th, 2004 03:32 PM |
Pop ups like crazy! | TraGreg | Internet / Browsers | 9 | June 23rd, 2003 11:34 PM |
All times are GMT +1. The time now is 04:16 PM.