Sign in with
Sign up | Sign in
Your question

Random generated urls attacking my poor pc

Last response: in Windows 7
March 9, 2011 1:56:52 AM

started when i downloaded some shady looking software off of a shady website :ange:  , got some bsod n my comp was randomly bsod-ing :heink:  , norton keeps on popping up messages saying they blocked recent attempts to get into my system coming from what are obviously random generated urls (i went to one n norton got all :gun:  at me) , but these are coming through my web browser, so i deleted all my browser files xept my important bookmarks n stuff and reinstalled google chrome, but while reinstalling firefox comp bsod'd halfway through sooooo im not gonna install that :non:  . google chrome wouldnt load up but i found some hack-ish thing to get it to load although i dont trust these login stuff on this website :??:  tried some iforgetwhatitscalled command prompt input to fix corrupted files n tht may have stifled the bsod problem a bit, BUT i did a freaking full system scan with malwarebytes anti malware (cuz i dont trust norton cuz norton says this virus is trying to attack norton) and it found NOTHING AUGHHHHHHHH :cry:  . AND I HAVE HOMEWORK, well i guess i can do hw in safe mode, basically this is a problem tht comes n goes, i hate come n go problems, right now its gone but it may show up again when i click this submit button :fou: 

well help would be appreciated n i think there was stuff i left out but PUHLEEEZE help me there beith priceless data on meh hard drive n i dont have to buy an external hard drive n wipe windows n all tht stuff :cry: 
a b 8 Security
a b $ Windows 7
March 9, 2011 2:53:13 AM

did you run Malwarebytes in save mode?
Related resources
March 9, 2011 3:10:47 AM

yeah i ran malwarebytes on safe mode, but didnt find anything, HOWEVER i found a program called superantispyware which found a TON of stuff but after like 50 minutes comp crashes AUGHHH so didnt delete anything
March 9, 2011 7:23:07 PM

ran a registry cleanup tool n it fixed about 3000 errors but i still get random bsods, tried making a startup log n i dunno if those problems are fixed, ill try it again, currently using an alternate comp cuz mine crashes (with a bsod) even in safe mode. if i know the website i got the virus from can that help anything, i still get norton popups saying that a random url coming through my current browser is trying to infect the comp, could it have something to do with my browser files or something xept now even my moms ultra stable perfect account is crashing (with a bsod) HELP MEEEEEE
a b $ Windows 7
March 9, 2011 11:18:44 PM

Forget the registry cleanup tool they always find thousands of errors. Have you considered that your blue screens are not caused by a virus but by a fault on your computer? Try running a memory test program such as memtest86 to check if it is the computer or not.
March 9, 2011 11:57:31 PM

i know it isnt a hardware problem because i downloaded the file n it crashed my comp n i have problems, HOWEVER i have isolated the problem somewhat :)  , every time i run an in depth virus scan the comp will crash, HOWEVER i googled this n forums said of a "hijack this" program to help manually delete the malware.

so imma post a long log post n if theres a malware expert or whatever who can see what looks suspicious(cuz i really cant) then that would be GREATLY appreciated :D 


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:33 PM, on 3/9/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-737723724-408377909-3030849850-1001\..\Run: [Google Update] "C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Mom')
O4 - HKUS\S-1-5-21-737723724-408377909-3030849850-1005\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent (User 'Chris')
O4 - S-1-5-21-737723724-408377909-3030849850-1001 Startup: PSPdisp.lnk = C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe (User 'Mom')
O4 - S-1-5-21-737723724-408377909-3030849850-1001 User Startup: PSPdisp.lnk = C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe (User 'Mom')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD FusionUtility Service - Unknown owner - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe (file missing)
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: S3D Service (Win32) (S3DSvc32) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: S3D Service (Win64) (S3DSvc64) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 13034 bytes

gotta try n finish homework now :cry: 
March 10, 2011 3:37:37 AM

in addition, firefox doesnt work now and chrome only works with the -no-sandbox thing, so the only stable browser i currently have is internet explorer, AND for some reason norton internet security isnt showing up, i thought my subscription was over but last i checked they said 70 days left, taskmanager still has scvchost.exe norton files running in the background though

Best solution

a b 8 Security
a b $ Windows 7
March 10, 2011 12:58:44 PM
March 11, 2011 12:41:52 AM

thanks Emerald ill try these out, other than the fact that my browsers wont work im not getting any problems on my comp after i ran a full system scan with superantispyware last night, INFACT my computer is actually running like when i bought it and loads to my desktop like instantly so i am quite happy.

but the problem may still be out there n chrome n firefox dont work so if anyone has any info tht would b greatly appreciated :D 
March 11, 2011 8:13:05 PM

well cwshedder didn't do anything but i unplugged my internet n ran malwarebytes full system scann, tdsskiller, superantispyware full system scan, and free windows registry repair full registry scan while in safe mode n now and OMIGOSH I AM SO HAPPY MY COMPUTER IS BACK TO NORMAL NOW YAY!!!!!!!!!! i dunno which program fixed it but ill just select urs emerald cuz i ran urs n then it was fixed YAY MY LIFE IS COMPLETE NOW
March 11, 2011 8:13:15 PM

Best answer selected by bojo600.
March 11, 2011 8:42:14 PM

Just in case someone reads this - registery cleaners are not usually recomended and they can cause more problems then you started with - easily.
a b $ Windows 7
March 11, 2011 10:13:59 PM

I agree with the above post registry cleaners often cause more problems than they solve.