« previous next »
Pages: [1]   Go Down

Author Topic: memory loss..  (Read 3650 times)

0 Members and 1 Guest are viewing this topic.

lazycomet

  • Guest
memory loss..
« on: July 08, 2004, 11:42:54 PM »
Hi, been having some troubles lately which i'm not able to fix myself.
at the moment i can just have one program running at a time, like for instance explorer or a mediaplayer, or else it just shut the new program i'm trying to open down due to little memory. also i can't seem to change my starting page in explorer it's always blank and showinga page called "Search for..."
after doing all sorts of scanning downloading both anti-trojans, online scans  and what not. it found like maybe 20 of a trojan called repov.b and some others. i though i cleaned them out but  the problem still remains...
below is a hijack this log. hope anyone out here have any suggestions how to fix this, as i'm all out of ideas...

thanks.


Logfile of HijackThis v1.97.7
Scan saved at 23:30:58, on 2004-07-08
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tiscali SE\Tiscali ADSL Bredband\fts.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fhgfhfghgfh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FHGFHF~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.skunk.nu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -   ¦C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {542CA9A1-8EFA-43B9-9D16-4003614255AF} - C:\WINDOWS\System32\ckmap.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - (no file)
O4 - HKLM\..\Run: [Tiscali SE fts] "C:\Program Files\Tiscali SE\Tiscali ADSL Bredband\fts.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\fhgfhfghgfh\Desktop\FreeRAM XP Pro 1.40.exe" -win
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Logged

lazycomet

  • Guest
Re:memory loss..
« Reply #1 on: July 08, 2004, 11:48:04 PM »
and oh yeah, these are the trojans i found during scans...

C:\WINDOWS\pup.exe - TrojanDownloader:Win32/VB.CA -> Infected
C:\WINDOWS\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINDOWS\alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\bdl84126.exe - Trojan:Win32/Revop.C -> Infected
C:\WINDOWS\actulice.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\3dimd.exe - TrojanDownloader:Win32/VB.CA -> Infected
C:\WINDOWS\system32\jooijf.dll - Trojan:Win32/StartPage.IX -> Infected
C:\WINDOWS\system32\sproxyk.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\erffiltp.exe - TrojanDownloader:Win32/VB.CA -> Infected
C:\WINDOWS\system32\329170Q.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\erialuis.exe - TrojanDownloader:Win32/VB.CA -> Infected
C:\WINDOWS\system32\asr.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\vidx.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\oisen.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\tildllu.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\etidn.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\cfgnt5i.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\3drmd.exe - Trojan:Win32/Revop.B -> Infected
C:\WINDOWS\system32\raunhoferAudioF.exe - Trojan:Win32/Revop.B -> Infected
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:memory loss..
« Reply #2 on: July 09, 2004, 12:01:55 AM »
Visit the link in my signature if you like. I has a link to a tutirial/explanation on th ehijackthis log file and also a Hijackthis log file analyzer.

I hope this will help you to solve it, or at least get closer to the solution
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:memory loss..
« Reply #3 on: July 09, 2004, 08:24:30 AM »
BTW Hijackthis analysing: If you understand (a bit) german, you sahould try this one:
www.hijackthis.de :)
It uses several databases. Specialy from systeminfo.org.
Logged
MfG Ralf
Pages: [1]   Go Up
« previous next »