| Page 1 of 1 |
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
|
| Back to top |
|
 |
|
|
 Posted: Sun, 30th Aug 2009 22:46 Post subject: |
|
|
|
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
| Posted: Sun, 30th Aug 2009 23:25 Post subject: |
|
|
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)
asus z170-A || core i5-6600K || geforce gtx 970 4gb || 16gb ddr4 ram || win10 || 1080p led samsung 27"
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
| Posted: Sun, 30th Aug 2009 23:30 Post subject: |
|
|
^^ is that last one the problem?
asus z170-A || core i5-6600K || geforce gtx 970 4gb || 16gb ddr4 ram || win10 || 1080p led samsung 27"
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 30th Aug 2009 23:40 Post subject: |
|
|
I don't see anything really bad, but Google Toolbar complicates things, maybe you should rid yourself of that plague, even if it doesn't solve the main issue.
Go here and copy paste your log to get some line-to-line info :
http://www.computerhope.com/cgi-bin/process.pl
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
| Posted: Mon, 31st Aug 2009 08:20 Post subject: |
|
|
so yeah, I'm basically an idiot. downloaded this movie, WMP wanted a codec, turned out to be a rootkit. the tool that's supposed to clean it doesn't work in win7 either it seems :/
asus z170-A || core i5-6600K || geforce gtx 970 4gb || 16gb ddr4 ram || win10 || 1080p led samsung 27"
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 31st Aug 2009 08:27 Post subject: |
|
|
Better use km player or vlc next time 
Some of the files in your log seemed to be suspicious but I don't have vista/win 7 so I wasn't sure if they belong to the system or not. Best of luck and don't forget to change your passwords after a clean clean clean install.
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
| Posted: Mon, 31st Aug 2009 08:33 Post subject: |
|
|
fucking WMP .. only opened it with that because it was the default for .wmv files :/
yeah, basically I'll just assume I'm fuxxored and start over :/ even any kind of any rootkit/malware refuses to run, and those that do give me a BSOD when scanning.
if I create a new partition on the same drive to store stuff, that should be OK right?
asus z170-A || core i5-6600K || geforce gtx 970 4gb || 16gb ddr4 ram || win10 || 1080p led samsung 27"
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
| Posted: Mon, 31st Aug 2009 08:40 Post subject: |
|
|
and what about other computers on the network?
asus z170-A || core i5-6600K || geforce gtx 970 4gb || 16gb ddr4 ram || win10 || 1080p led samsung 27"
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 31st Aug 2009 08:56 Post subject: |
|
|
Other computers might be secure, based on their firewalls.
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 31st Aug 2009 13:31 Post subject: |
|
|
you should get one of those linux antivirus boot-cds
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
i've only used the f-secure one myself, but i would figure kaspersky being ok aswell
once it boots, hit update first and then do a full scan
nice thing about being on a cd, and linux, is that it can't get infected when you're not executing code off your HD at all, and even if you do, it's a CD, so it won't get written
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 31st Aug 2009 16:35 Post subject: |
|
|
Well, if you're gonna reinstall the OS, you should install an aggressive antivirus like Kaspersky or NOD and try to clean yourself up.
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
|
| Back to top |
|
|
Cohen
Posts: 7155
Location: Rapture
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
The long links don't appear in the status bar at first but only when I click on a search result.
