Jump to content

mystoran

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. i already have vundo fix on my pc. i got it the other day along with counterspy but vundo isnt finding anything at all. rogue remover did not find anything at all. my pc is still running extremely slow and kicking up popups.
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:48 PM, on 11/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKCU\..\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193014453468 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe -- End of file - 6322 bytes
  3. Incident Status Location Dialer:Dialer.KUV Not disinfected C:\WINDOWS\system32\wineij32.dll Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\nsu189.tmp Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[bnnnnBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[VaannnaaBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[bnnnnn.class] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Laurence Gilbert Jr\Desktop\VirtumundoBeGone.exe Adware:Adware/WinAntiSpyware Not disinfected C:\WINDOWS\system32\drvnakr.dll Adware:Adware/VirusAlarma Not disinfected C:\WINDOWS\system32\drvteh.dll Adware:Adware/WinAntiSpyware Not disinfected C:\WINDOWS\system32\drvvogr.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggeeef.dll.vir Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khfcbyw.dll Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe Virus:Generic Malware Disinfected D:\downloads\alt.binaries.boneless\CuteFTP Pro\CuteFTP Pro\cuteftppro_setup.exe Potentially unwanted tool:Application/Processor Not disinfected D:\downloads\smitfraud\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected D:\downloads\smitfraud\SmitfraudFix\restart.exe Potentially unwanted tool:Application/ErrorSafe Not disinfected D:\downloads\wizard\Download Accelerator Plus\Crack\DAP.exe
  4. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:51:17 AM 11/25/2007 + Scan result: C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@enhance[2].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@search.live[2].txt -> TrackingCookie.Live : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@revsci[3].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@trafic[1].txt -> TrackingCookie.Trafic : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. D:\RECYCLER\S-1-5-21-725345543-152049171-2147133589-1003\Df3.rar/AdvancedUninstallerPRO_8.3\Orthodox no.0.exe -> Trojan.Small : Cleaned with backup (quarantined). D:\downloads\alt.binaries.boneless\Advanced System Optimizer AdvancedUninstallerPRO TweakNow PowerP By STeR\setup,s\AdvancedUninstallerPRO_8.3\Orthodox no.0.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end
  5. hey i finally got a download in thru download.com. heres a fresh log. hope it helps. Logfile of HijackThis v1.99.1 Scan saved at 5:32:53 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe D:\downloads\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe O4 - HKCU\..\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193014453468 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  6. hey all, i recently got a hold of some malware and it is making my computer worse and worse. it keeps kicking up all sorts of ads and popups, making my pc run real slow and sometimes freezing it up. i have tried to get rid of it with what i have on my pc. i have advanced system optimizer and ccleaner and panda antivirus with spyware protection. i have a folder in my program files called sec center and a windows\system32 folder called fibagbia that keep coming back. right now i cannot download anything at all. keeps kicking up this page everytime i try. http://dns4error.com/ i found a few different sites with manual deletions but most all of the fies they list arent here or the registry key im going out of my mind. lol im not for sure how to post the logs you guys want. please let know what to do and i will do it sorry to bother everyone on thanksgiving. thanks mystoran
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.