|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-19-2007, 01:25 AM
|
#1 (permalink) | ||
|
Registered User
Join Date: May 2005
Posts: 20
OS: XP
|
Having lots of problems lately (iexplore.exe, random reboots, etc)
Lately I've been having a lot of problems with my computer. iexplorer.exe comes up a lot in my task manager, but the one that hogs all the resources. I also get a lot of popups with both Internet Explorer and Firefox. Lastly, I'm not sure if it's part of the same issue, but my computer has been randomly rebooting on me quite a bit lately. Any help is greatly appreciated.
Quote:
Panda log: Quote:
|
||
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-19-2007, 12:57 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe
2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Question - what have you done for the community today? |
|
|
|
|
07-19-2007, 02:23 PM
|
#3 (permalink) | ||
|
Registered User
Join Date: May 2005
Posts: 20
OS: XP
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Combofix Log:
Quote:
Here's the Deckard/Hijack Log: Quote:
|
||
|
|
|
|
07-19-2007, 02:51 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Do a HijackThis scan & place a check next to these items and select "Fix checked":
O2 - BHO: (no name) - {DC735BBD-FB35-48B7-996F-ED309CFADB59} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {FBD168C7-E432-4D22-9DDE-536885B37F40} - C:\WINDOWS\system32\jkklm.dll (file missing) O4 - HKCU\..\Run: [Aulw] "C:\Documents and Settings\Glen\Application Data\?asks\??xplore.exe" O15 - Trusted Zone: *.adxgate.net O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.snipenet.net O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O15 - Trusted Zone: *.adxgate.net (HKLM) O15 - Trusted Zone: *.errorprotector.com (HKLM) O15 - Trusted Zone: *.errorsafe.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.snipenet.net (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O15 - Trusted Zone: *.winfixer.com (HKLM) O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing) O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing) --------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/168451-having-lots-problems-lately-iexplore-exe-random-reboots-etc.html
Collect::
C:\WINDOWS\system32\ewshxjwp.exe
File::
C:\WINDOWS\system32\sfsync02.dll
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.bak1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC735BBD-FB35-48B7-996F-ED309CFADB59}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBD168C7-E432-4D22-9DDE-536885B37F40}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aulw"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklm]
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file to: http://www.bleepingcomputer.com/subm....php?channel=4 The file must be uploaded before proceeding to the next step. --------------- Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component.
* If you're downloading torrents in the background, please disconnect all of them. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------- In your next post, please include fresh logs from:
__________________
Question - what have you done for the community today? |
|
|
|
|
07-19-2007, 06:30 PM
|
#5 (permalink) | |
|
Registered User
Join Date: May 2005
Posts: 20
OS: XP
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Combofix log:
Quote:
Uploaded the file, not sure if I need to give you a link or anything, let me know if you do. As for problems and how the computer is doing, it rebooted during the Hijack cleanup once, and also, during the installing of the files for the Online Scan, it came up with a "send" "Don't send" error. I reopened IE and it finished installing and scanning. AVG just popped up with ewxjauuh.exe as a Trojan, forucdcw.dll, kmwnbdcx.dll, nwhrbyvv.exe, oxqeusbj.dll, umorpyqu.dll all as well. |
|
|
|
|
|
07-19-2007, 11:40 PM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Please post the report produced by the Kaspersky scan
__________________
Question - what have you done for the community today? |
|
|
|
|
07-20-2007, 09:23 AM
|
#7 (permalink) | |
|
Registered User
Join Date: May 2005
Posts: 20
OS: XP
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
I'm sorry, I just had everything sitting and ready for when the scan was done, it seems to have posted itself early. I tried to post the Kaspersky Scan log, but the forum says: 1. The text that you have entered is too long (466370 characters). Please shorten it to 100000 characters long. Did you want it posted in multiple posts?
Here's the fresh Deckard/HJT Log: Quote:
Last edited by KainOcelot; 07-20-2007 at 09:24 AM. |
|
|
|
|
|
07-20-2007, 09:25 AM
|
#8 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Zip the Kaspersky report & place it as an attachment with next post
__________________
Question - what have you done for the community today? |
|
|
|
|
07-20-2007, 09:38 AM
|
#10 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Open notepad and copy/paste the text in the quotebox below into it:
Code:
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\Glen\.jpi_cache\file\1.0\game.class-13a2db49-5ea80393.class" "C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\jdliu1uj.default\Cache\33194E0Ed01" "C:\Documents and Settings\Glen\Incomplete\T-311774-_working_ put em up rachelle 33.wma" "C:\WINDOWS\system32\b1t2khdd.ini" "C:\WINDOWS\system32\madCHook.dll" ) do ( del /a/f %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) for %%g in ( C:\Deckard "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" %systemdrive%\Qoobox ) do ( rd /s/q %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! nircmd wait 7000 del %0 It should look like this:  Make sure FireFox isn't running when you do this. Double click on fix.bat & allow it to run Post back to tell me what it says
__________________
Question - what have you done for the community today? |
|
|
|
|
07-20-2007, 09:46 AM
|
#12 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,475
OS: N/A
|
Re: Having lots of problems lately (iexplore.exe, random reboots, etc)
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Question - what have you done for the community today? |
|
|
|
| Thread Tools | |
|
|
09 0 d-------- C:\Program Files\mpegjoin
