|
| ||
| First post, need help, so frustrated Right, I have McAfee Anytivirus and Antispyware, and put simply, it sucks, I also have Spybot Search & Destroy and Ad-aware but I cant detect and delete whatever virus/spyware i have on my comp at this giving moment. Its eating my bandwith I use Firefox and I get popups from a program known as "Aurora" which I have no clue what it is, and I get popups in microsoft internet explorer also. Furthermore whever I open Counter-Strike: Source I get a popup every time a map loads, just randomly, and I my ping goes through the roof and back down again (as if I was perminantly getting pinged)... How the fawk can I stop all this crfap, my antiviruses and antispywares detect nout, or they'll detect something and say its removed but trhen you scan again and its still there... Thanks in Advance X) |
| ||
| Re: First post, need help, so frustrated Hi Daradus, First of all- welcome to the site. :) 1. The standard fix for the Aurora infection can be found here. 2. In terms of general detection and cleaning, have a read through the suggestions in this thread. 3. If you need specific help from us after following the suggestions in the above links, please do the following: Download the (free) HijackThis utility: http://www.stevewolfonline.com/Downl...HijackThis.exe Once downloaded, follow these instructions to install and run the program: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do. Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there. |
| ||
| Re: First post, need help, so frustrated Ok thanks, Im going through the Aurora part now, but it seems my computer does not have a "System Startup Service" or "SvcProc" Service... Ill reply once I do the rest though... |
| ||
| Re: First post, need help, so frustrated Ok here we go for the hijackthis stuff, I believe you may have your work cut out for you if its as bad as I suspect with my sister downloading anything that the internet asks her aslong as she's able to get pictures of Matt from busted saved into a folder afterwards -sigh- Logfile of HijackThis v1.99.1 Scan saved at 10:54:50, on 29/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\essspk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Paul\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ifiromvskazyzjkrybtzrectw...CsYoxO3Icj.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qozyzgduukqjsupvrvyu.com/...cF7WWAuXCg.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.locall.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34966F4A-8C59-99EF-8A41-8631924AB270} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6F559AEC-1187-9DB7-DC78-9DD7569F2ABC} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe O2 - BHO: (no name) - {A42EFAF3-EA3F-AA26-A497-CBFB3599E295} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Drivesettingsmultibait] C:\Documents and Settings\All Users\Application Data\funk army drive settings\LIVE CAST.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Messantibaitcamp] C:\Documents and Settings\All Users\Application Data\Dogbibmessanti\stupid meet.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [Each Clock] C:\DOCUME~1\Paul\APPLIC~1\JOYCOM~1\Does grey.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.locall.net O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O20 - Winlogon Notify: crazydemona - crazydemona.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe Edit this was takin before i scanned with edwido so I prolly got rid of some of it with edwido and the crazydemona thing is a keylogger lying dormant which I cant fnd the duplicate files of, it got downloaded uhm, 2 years ago if I remember correctly |
| ||
| Re: First post, need help, so frustrated Please close any open browser windows, scan with HijackThis, and post a new log; AND post the results from your Ewido scan :) |
| ||
| Re: First post, need help, so frustrated Right ok, so no explorer/firefox open this time, i closed most active programs anyways, such as Steam/MSN/AOL Oh and for the record, everytime I restart my comp I have a new homepage which is complete jibberish and never loads, such as www.gjsgnbsdnvaevjerjghsrhnbsrg.com And After using Edwido I got a lil trigger happy and deleted all the infections it found first go, how can I get a log of that/ I probably havent evn looked hard enough but yeah at the moment im ill and cant be bothered dealing with such things... Logfile of HijackThis v1.99.1 Scan saved at 07:36:46, on 30/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\intern~1\iexplore.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Paul\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ifiromvskazyzjkrybtzrectw...CsYoxO3Icj.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qozyzgduukqjsupvrvyu.com/...cF7WWAuXCg.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.locall.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34966F4A-8C59-99EF-8A41-8631924AB270} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6F559AEC-1187-9DB7-DC78-9DD7569F2ABC} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe (file missing) O2 - BHO: (no name) - {A42EFAF3-EA3F-AA26-A497-CBFB3599E295} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Drivesettingsmultibait] C:\Documents and Settings\All Users\Application Data\funk army drive settings\LIVE CAST.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Messantibaitcamp] C:\Documents and Settings\All Users\Application Data\Dogbibmessanti\stupid meet.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [Each Clock] C:\DOCUME~1\Paul\APPLIC~1\JOYCOM~1\Does grey.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.locall.net O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe |
| ||
| Re: First post, need help, so frustrated |
| ||
| Re: First post, need help, so frustrated Sorry for the delay in responding to this. Go to Add or Remove Programs in your Control Panel and remove (if present): HbTools Please right-click in an open area of your desktop and select New, Folder; give the new folder a name such as HJT or HijackThis, and then drag the hijackthis.exe icon that is on your desktop into this new folder. Reboot into Safe Mode and do a complete system scan with Ewido allowing it to fix whatever it finds. Note: you will be posting this log with your next reply. Now, still in Safe Mode, scan with HijackThis and have it fix the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ifiromvskazyzjkrybtzrect...tCsYoxO3Icj.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qozyzgduukqjsupvrvyu.com...YcF7WWAuXCg.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {34966F4A-8C59-99EF-8A41-8631924AB270} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe (file missing) O2 - BHO: (no name) - {6F559AEC-1187-9DB7-DC78-9DD7569F2ABC} - C:\DOCUME~1\Paul\APPLIC~1\ANTIBO~1\base ooze.exe (file missing) O2 - BHO: (no name) - {A42EFAF3-EA3F-AA26-A497-CBFB3599E295} - (no file) O4 - HKLM\..\Run: [Drivesettingsmultibait] C:\Documents and Settings\All Users\Application Data\funk army drive settings\LIVE CAST.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [Messantibaitcamp] C:\Documents and Settings\All Users\Application Data\Dogbibmessanti\stupid meet.exe O4 - HKCU\..\Run: [Each Clock] C:\DOCUME~1\Paul\APPLIC~1\JOYCOM~1\Does grey.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab Close any open windows, other then HijackThis, and hit Fix checked. Go to the following locations and delete the highlighted files and folders: C:\Documents and Settings\All Users\Application Data\funk army drive settings C:\Program Files\HbTools C:\Documents and Settings\All Users\Application Data\Dogbibmessanti Do a search for the following files and give us the complete folder name that they are in (if possible), and then delete the files. base ooze.exe Does grey.exe Empty your Recycle Bin and reboot normally. Have a look at this thread regarding LimeWire -- http://www.daniweb.com/techtalkforum...light=limewire Close any open browser windows, scan with HijackThis, and post a new log along with the Ewido log. |
| ||
| Re: First post, need help, so frustrated Right I havent got around to the limewire thing yet, but so far so good I believe, only thing is...some files werent found on the Hijak this scan which worried me; R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qozyzgduukqjsupvrvyu.com...YcF7WWAuXCg.htm O4 - HKLM\..\Run: [Drivesettingsmultibait] C:\Documents and Settings\All Users\Application Data\funk army drive settings\LIVE CAST.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [Messantibaitcamp] C:\Documents and Settings\All Users\Application Data\Dogbibmessanti\stupid meet.exe O4 - HKCU\..\Run: [Each Clock] C:\DOCUME~1\Paul\APPLIC~1\JOYCOM~1\Does grey.exe And when I searched, Hbtools wasnt in my programs, and base ooze.exe was not to be found either, the rest has all went bye bye though :p I found Does Grey.exe here C:\Documents and Settings\All Users\Application Data\Joy Comp Bend |
| ||
| Re: First post, need help, so frustrated Don't worry too much about the things you couldn't find or that were no longer there, Add/Remove Programs, Ewido, and the other fixes with HJT probably cleared them up already. Go to C:\Documents and Settings\All Users\Application Data and delete the Joy Comp Bend folder. Please post your new HijackThis and Ewido logs. |
| All times are GMT -4. The time now is 2:56 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC