spyware/adware/viruses help? 2 |
 Jun 6 2005, 03:49 PM
Post
#1
|
|
 I'll never be who I was again..  Group: Member Posts: 2,886 Joined: Jan 2005 Member No: 77,981  |
Umm..Made a new topic as dispn0ygonekrazy requested... For more information check http://www.createblog.com/forums/index.php...=0#entry1343361 |
|
|
|
 |
Replies
|
Jun 11 2005, 12:23 AM
Post
#2
|
|
|
*Influential Guitarist & Inspiring Writer* Group: Official Member Posts: 1,217 Joined: Sep 2004 Member No: 51,134 |
Yes sir i can definitely help you let me make a fix for you individually as well also alright please be patient ill get to you
Alright gotnoheart sorry it took so long to get to you, im on vacation and currently still but i have time to help you =]. Please follow the instructions thoroughly and making sure you do them in order. MooSoft <------ Download the program and run a scan for trojans. You have a trojan detected in your harddrive. Run this online virus scan: ActiveScan - Save the results from the scan! 1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program. 2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop. To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart) Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. 3.) Download, install. CleanUp! You have a CoolWebSearch infection. Download CWShredder here to its own folder. Update CWShredder * Open CWShredder and click I AGREE * Click Check For Update * Close CWShredder Open HJT, Scan then put a check on the following files below. R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s O2 - BHO: ohb Class - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - C:\WINDOWS\System32\winsrm32.dll (file missing) O2 - BHO: (no name) - {10AA115E-9874-17AF-147C-C424D9FA21F0} - C:\WINDOWS\ipin32.dll (file missing) O2 - BHO: (no name) - {A6504E6D-DF84-8F54-841C-8C1D866319B2} - C:\WINDOWS\System32\zpvupmgh.dll O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - C:\WINDOWS\System32\winsrm32.dll (file missing) O4 - HKLM\..\RunServices: [MSN Update] dllcon.exe O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - http://www.thesearchmall.com/toolbar/winsrm32.cab O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows. Post a new HiJackThis log along with the results from ActiveScan. |
|
|
|
| *mona lisa* |
Jun 12 2005, 04:44 PM
Post
#3
|
|
Guest |
Latest Hijack This log:
QUOTE Logfile of HijackThis v1.99.1 Scan saved at 6:14:15 PM, on 6/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Free History Eraser\HistoryEraser.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijack This\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://world.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Messenger\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106867032968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4F027A-E0DC-49DE-AC21-C6FC196AAE80}: Domain = sympatico.ca O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4F027A-E0DC-49DE-AC21-C6FC196AAE80}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{768B6603-931C-427F-883D-43198EDEF9FE}: NameServer = 209.226.175.15 207.236.176.28 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ActiveScan log: QUOTE Incident Status Location
Adware:Adware/PurityScan No disinfected C:\WINDOWS\System32\zpvupmgh.dll Virus:Trj/Agent.DD Disinfected Operating system Adware:Adware/SaveNow No disinfected Windows Registry Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\in10b6s.dll Adware:Adware/PortalScan No disinfected Windows Registry Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\inneradinstall.log Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvm*.dll Adware:Adware/DelFinMedia No disinfected C:\keys.ini Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin Adware:Adware/IEDriver No disinfected Windows Registry Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.in? Adware:Adware/SideFind No disinfected Windows Registry Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\localNRD.inf Adware:Adware/ExactSearch No disinfected Windows Registry Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe Adware:Adware/P2PNetworking No disinfected Windows Registry Virus:Bck/Dumador.O Disinfected Operating system Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Owner\Application Data\wtta.exe Adware:Adware/DelFinMedia No disinfected C:\keys.ini Adware:Adware/MultiMPP No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp\NavHelper\v2.0.4c\v2.0.4c.c.cab Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp\NavHelper\v2.0.4c\v2.0.4c.c.cab[NHelper.dll] Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp\NavHelper\v2.0.4c\v2.0.4c.c.cab[NHUninstaller.exe] Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp\NavHelper\v2.0.4c\v2.0.4c.c.cab[NHUpdater.exe] Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp\v2.0.4c.c.cab Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp\v2.0.4c.c.cab[NHelper.dll] Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp\v2.0.4c.c.cab[NHUninstaller.exe] Adware:Adware/NavHelper No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp\v2.0.4c.c.cab[NHUpdater.exe] Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\localNrd.inf Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf Adware:Adware/eZula No disinfected C:\WINDOWS\mmttil.exe Virus:Trj/Banker.BP Disinfected C:\WINDOWS\msxmidi.exe Adware:Adware/SAHAgent No disinfected C:\WINDOWS\sahagent-mediamotor1002.exe Adware:Adware/SAHAgent No disinfected C:\WINDOWS\sahagent-mediamotor1003.exe Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_17253.exe Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_17304.exe Adware:Adware/StatBlaster No disinfected C:\WINDOWS\standard.exe Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho Adware:Adware/nCase No disinfected C:\WINDOWS\system32\in10b6s.dll Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\INNERADINSTALL.LOG Adware:Adware/I-search.us No disinfected C:\WINDOWS\system32\isearch2.dll Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\lsp.to_be_deleted Virus:Trj/Downloader.OA Disinfected C:\WINDOWS\system32\O.BAT Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\setup_incred_4.exe Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\WAUBOO~1.EXE Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\zpvupmgh.dll |
|
|
|
Posts in this topic
yukichan spyware/adware/viruses help? 2 Jun 6 2005, 03:49 PM
dispn0ygonekrazy all right nekochan ill will help you as soon as my... Jun 6 2005, 04:04 PM ryanoman Let me list some of your infections:
Vbouncer
Web... Jun 6 2005, 04:40 PM dispn0ygonekrazy Hi Nekochan1018,
Im Mike I'll help you clean ... Jun 7 2005, 03:29 PM yukichan thanks for the help!
I'm starting it now, ... Jun 8 2005, 06:39 PM mona lisa Umm...mind if I use this as well?
I have a few vi... Jun 10 2005, 08:06 PM dispn0ygonekrazy Hi gotnoheart we still have a few problems to solv... Jun 12 2005, 05:33 PM mona lisa Hi there. =)
Thanks for all your help last time.
... Jun 15 2005, 09:20 PM dispn0ygonekrazy Aiight buddy we almost done here ok,
Open HJT and... Jun 15 2005, 10:14 PM
mona lisa QUOTE(dispn0ygonekrazy @ Jun 15 2005, 11:14 P... Jun 16 2005, 03:35 PM Paradox of Life What is up with you and fixing computers? Jun 15 2005, 10:34 PM dispn0ygonekrazy becuzzz its my hobby =] i like helping people XD Jun 15 2005, 10:41 PM ryanoman Do you know what OmniPass is?
O20 - Winlogon Noti... Jun 16 2005, 04:20 PM mona lisa QUOTE(ryanoman @ Jun 16 2005, 5:20 PM)Do you ... Jun 16 2005, 05:31 PM ryanoman Yeah... it's for password management. Nevermin... Jun 16 2005, 07:42 PM dispn0ygonekrazy lol yeah ryanamo thats why i didnt include it =] u... Jun 16 2005, 09:42 PM mona lisa Yay, thankyouuu.
I have most of those programs a... Jun 17 2005, 04:41 PM dispn0ygonekrazy Alright lets try this, Download Ewido Security Sui... Jun 17 2005, 05:54 PM |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: