Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default Invaded: cannot get online to do scans on that computer

    As stated- got invaded: slow/weird startup, strange things in the system tray, 100% CPU useage, cannot get online.

    This all happened after a weird message informing me that my "firewall was disabled" and asking did I want to enable it. I clicked "yes" and it went downhill from there.

    Then I started to get a message that: "m7oc.exe" could not start as I tried to reboot my way back to normalcy. No go.

    This "m7oc.exe" was living in my system32 folder and I deleted it as well as m7oc-exe-ifbb5357.pf in my prefetch folder (hastily?) due to these being created in my system at exactly the time everything started going wrong and finding absolutely NO information on them on the web.

    HELP!!!

    :shock: :? :cry:
    Your time is a terrible thing to waste.

  2. #2
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default

    Machine is an IBM x-40 with wireless internet. Whenever I try and get online with it, I get a "cannot locate server" msg. despite the fact that the wireless icon is active and when I go into network settings it says that I'm connected to my network.

    Then, when I ctrl-alt-del I see that my cpu useage is 100%. Is my machine actually online, as in a drone/robot/slave and that is why performance is suddenly total crap and I can't get online (because whatever's doing this isn't letting my because my comp. is actually online doing someone's bidding?)

    Big drag. Use this computer seriously for work!

    I have little usb thumb drives if that would help for me to get some info out of that computer and into here.

    Let me know.

    Why oh why do I keep using IE? Nevermore. I'm all over mozilla/firefox when/if I get this cleaned up.

    peace.
    Your time is a terrible thing to waste.

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Down load these to your thumb drive and then take the thumb drive to problem PC. Run them and post their logs:

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    Next........

    Download ...

    HiJackThis log - Trend Micro HijackThis 2.0.2
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.

    DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required
    by your Operating System, a spyware fighter will guide you.

    BG

  4. #4
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default

    Thanks for the reply. I'm getting on the superantispyware and the HJT stuff, but I have a question as to how to "update the deffinitions" of the superantispyware program if I can't get online with the machine in question.

    Could you tell me how to get the updated deffinitions onto my thumb drive and then into the copy of superantispyware on the machine that's in trouble?

    If that last question seems a little tech disabled, then that's probably because I'm asking it. Sorry! :? :wink:
    Your time is a terrible thing to waste.

  5. #5
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default

    More specifically, reagarding the superantispyware updates: I downloaded the zipped files to my thumbdrive and then put them in a folder on the desktop of my ailing machine. The question is, how to get these zipped updates into my installed version of superantispyware?

    I ran the superantispyware program anyway, but would like to do it again with the updates. Could you walk me through how to do this?
    Your time is a terrible thing to waste.

  6. #6
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I don't think Superantispyware programs care if it is saved to a thumb drive or the desktop.

    Post what you got.

    BG

  7. #7
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default

    Here are the logs. Remember though, the superantispyware was likely run without the updated deffinitions.

    HJT:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:15:18 PM, on 1/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\tp4serv.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
    C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {CEF7449E-ADA9-45B3-AFA0-AE8092E9D7A5} - c:\windows\system32\ccfgntb.dll
    O2 - BHO: (no name) - {EBA237D0-FC37-47C2-91A9-AF7DEF969BDB} - C:\WINDOWS\system32\ds32gtl.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [m7oc] C:\WINDOWS\system32\m7oc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [m7oc] C:\WINDOWS\system32\m7oc.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - S-1-5-18 Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
    O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161780822004
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161780932303
    O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
    O20 - Winlogon Notify: halfaayb - C:\WINDOWS\SYSTEM32\ccfgntb.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

    --
    End of file - 10476 bytes

    And the SUPERANTISPYWARE

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/29/2008 at 05:15 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 02:39:17

    Memory items scanned : 517
    Memory threats detected : 0
    Registry items scanned : 4679
    Registry threats detected : 0
    File items scanned : 61624
    File threats detected : 8

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@homestore.122.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
    Your time is a terrible thing to waste.

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Maybe I am missing it.........Where is your active Anti Virus program??

    BG

  9. #9
    Member dvon157's Avatar
    Join Date
    Dec 2006
    Location
    Lake Worth Florida
    Posts
    17
    Points
    0

    Default

    I bought this computer from a colleague at work. Being that he is somewhat of a basementgeek himself, and due to the fact that when I began using the computer, it instantly began to flawlessly block popups, my (obviously unsavy) assumption was that it had protection installed. It also had that mcaffee "shield" icon down in the system tray.

    Let me guess, now I'm paying for those assumptions in a sick 'puter that can't get online.

    What now?
    Your time is a terrible thing to waste.

  10. #10
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    The free AVG can be also loaded on the thumb drive and then transferred to the PC. Run a A/V scan:

    http://free.grisoft.com/doc/2/

    Next..........

    Read and try this.

    http://www.help2go.com/Tutorials/Int...th_LSPFix.html

    Let us know.

    BG

    P.S. Don't worry about the m7oc.exe entry, we will get rid of it using the HJT program

Page 1 of 2 12 LastLast