qwerty77

try going to Black Viper's Services to reduce the number of svhost.exe process =)

defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:11 on 27/11/2010 (manolito gonzales) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read ndis.sys Unable to read oomiwngz.sys Unable to read vkgtatlu.sys -=E.O.F=- Deffoger log

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5195 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 11/27/2010 11:53:20 AM mbam-log-2010-11-27 (11-53-20).txt Scan type: Quick scan Objects scanned: 132417 Time elapsed: 12 minute(s), 10 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 6 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> No action taken. Memory Modules Infected: C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> No action taken. HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> No action taken. HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\etaglsea (Trojan.FakeAlert.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\apps (Trojan.Agent) -> No action taken. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Malware.Trace) -> No action taken. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Malware.Trace) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\etaglsea.exe (Trojan.FakeAlert.H) -> No action taken. C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\manolito gonzales\Desktop\HijackThis.exe (PWS.Fignotok) -> No action taken. C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> No action taken. C:\Documents and Settings\manolito gonzales\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. here a MBAM logs others to follow..please help..

anyone?

Well im using team viewer client to help her remotely so..but i cant seem to get trid of the infection so here are her logs..please help.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:24:34 AM, on 11/27/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\Bandoo\Bandoo.exe C:\WINDOWS\TEMP\c53z.exe C:\WINDOWS\TEMP\c53z.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe c:\program files\teamviewer\version5\TeamViewer_Desktop.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Documents and Settings\manolito gonzales\Desktop\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\manolito gonzales\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O2 - BHO: (no name) - {FC8562DA-62DA-FC85-DA62-85FCDA6285FC} - c:\windows\system32\alk6.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Policies\Explorer\Run: [8f0ge3w] C:\WINDOWS\TEMP\c53z.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - {efca9c7c-6b96-429b-a0b6-3537cf6b7168} - (no file) O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing) O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing) O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 7357 bytes i'll be back later afternoon cause it's already 12:42 am here..thanks guys..

ok i tried to shutdown my security app then i was able to access the website..now i dont know what to configure to be able to access that website without having to shutdown my security suite.

um where can i find it? im using ZoneAlarm Internet security suite 8.0 and my os is Vista Starter.

sorry for the double post..btw this is only happening in my laptop my desktop can access it.

literally i can access friendster.com but when i try to login the website says "The network link was interrupted while negotiating a connection. Please try again." im using firefox 3.0.10 with only few add ons..other social sites like facebook are working though

thanks for confirming it B)

Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 5.1.2600 Service Pack 2 3/5/2009 9:19:53 PM mbam-log-2009-03-05 (21-19-53).txt Scan type: Quick Scan Objects scanned: 18504 Time elapsed: 4 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. mine is getting one too..

any news?

ok thanks for the help...oh and btw way im using a desktop pc not a laptop..

sorry it took so long..here's the one you were asking for.. gmer.zip gmer.zip

i cant run the setup..it is showing that the program needs to be close then show an error message..