Posts by kylethedarkn Page 12

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: WUCRTUPD.EXE - A friend or villain ?

Allow them both they are both critical for security also i found a couple nasties.
Run HJT and check the following
C:\WINDOWS\SYSTEM\KERNEL32.DLL

Also delete kernel32.dll from the windows system folder by using my computer

now upload the file C:\WINDOWS\scanregw.exe file to Jotti's and tell me the results.

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: spyware problems

First of all move HJT to its own folder such as C:/HJT
Then run HJT and check the following
C:\WINDOWS\System32\users32.exe
C:\WINDOWS\System32\adobepnl.dll
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
R3 - Default URLSearchHook is missing
Also check the items that say BHO (no name)....(no file)

Close all other windows except HJT and click the fix checked button

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFixfolder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Ok now we need to delete some files. Plz delete the following

C:\WINDOWS\System32\susp.exe
C:\WINDOWS\System32\runsrv32.exe
C:\WINDOWS\System32\users32.exe

If you cant manually do this download pocket killbox from here
once you have it up and running select the box where it says Delete on reboot then click where it says all files. Now click on the folder icon and select those files. Click the kill button and the program should automatically restart your …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: I think I quite infected

Plz download HJT from here and put it in its own folder such as C:/HJT.
Run it and when its done save the the log and copy and paste the contents in your next post it makes it easier for us to see what's wrong.

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Possibly infected?

Ok I want you to do two things
First go to Jotti's and upload service.exe from C:\Program Files\xampp\ and see whether or not its infected. If it is remember that for the next step.

run HJT check the following
C:\Program Files\Common Files\Mdn.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe(Only check this one if service.exe was infected)
After checking those close all other windows besides HJT and click fix checked if a message pops up click yes.

Post back with the problems that are remaining

Also you might want to switch to the mozilla firefox browser, it has better security you can download it here.

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Possibly infected?

Go to the start menu and go to run.
Type "ccleaner.exe"(without the quotes) in and click run if this does not work then let me know

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: PC justr keeping on rebooting

Im not sure how to fix this. Try posting another thread cant start up computer or something similar and see if you get any replies if you dont have anything important on the computer you should consider a complete system restore. (See below)

Do a complete system restore. Find the Disk your computer came with it should be labeled system restore. Turn off your computer put the disk in and turn it back on it willl run through some steps and reboot or ask you to insert the second disk if you have two. once its done your computer will be back to the way it was when you first bought it. WARNING--doing this will cause you to lose all programs added since you bought the computer.

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Possibly infected?

Ok First download Ewido from here
Then download Ccleaner from here

Install ewido anti-malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Open up Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot.

…

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: PC justr keeping on rebooting

Can you start up the computer or does it immediately shut back down after you start it up. If you can, Download HJT from here and extract the file to it own folder such as C:/HJT. Run the program and do a system scan. When its finished click on save log. It will open a notpad file, copy and paste the contents into you next post. Thank you.

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Help My Friend

here's his HJT log he cant use the internet its so bad but i can get him any programs he needs thx for the help

Logfile of HijackThis v1.99.1
Scan saved at 10:18:33 PM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Forbes\ForbesAlerts.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\RGF2aWQgUHJvdHo\command.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\AOL\1128546654\ee\aolsoftware.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Virtual Memory

thx

Microsoft Windows windows-nt-2000-xp

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Please Help Me!

post this in the viriuses and other nasties forum not this one
also put Hi-jack this in its own folder such as C:\HJT or something similar

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Help"Task Manager"

its malware that doing it most likely download Hi-jack This and post the log under viriuses and other nasties forum

Microsoft Windows windows-nt-2000-xp

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Virtual Memory

Does anybody know where i can edit virtual memory setting because i want to change it to a slave drive

Microsoft Windows windows-nt-2000-xp

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: I THINK I'VE BEEN HIJACKED!! HijackThis Log included :)

im 75% sure that these 2 are malware and key processes for the pop-ups

C:\WINDOWS\SmFzb24\command.exe
C:\Program Files\Network Monitor\netmon.exe

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: i think im clean, but just in case

well when i shutdown or restart the computer it says that explorer.exe is not closing and ask me if i want to end now or wait for it to end itself and it says explorer.exe is being used by the connections tray. I recently changed from wireless to DSL so it might just be that if thats nothing ill mark as solved. thx

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: i think im clean, but just in case

a language pack tried to install itself but i chose to cancel it i dont know if that is malware related or not but heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:43:39 PM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O8 …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Check my HJT file plz

Yeah you do have quite a few nasties there, but im no expert i can definetely tell your IE settings are wacked but thats about it

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: i think im clean, but just in case

That dll doesn't exist on my computer
heres the new hjt log

Logfile of HijackThis v1.99.1
Scan saved at 10:47:09 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: i think im clean, but just in case

both files were clean, but i randomly get the pop-ups that are just windows with phrases like Join Party Poker Today, w/ yes or no buttons and the ones that take control of the desktop heres my most recent hjt log

Logfile of HijackThis v1.99.1
Scan saved at 3:32:04 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Internet Connectivity online for 10 minutes...

well dialup and aol are the worst combos for internet acess get dsl they have good deals like 15 bucks a month

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

i think im clean, but just in case

heres my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 4:01:40 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Iwas wondering

if i did a system restore would that only reset the settings of system folders or also folders like my documents

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

18 Years Ago

Re: Random undeleteables

heres the new log after running both programs

Logfile of HijackThis v1.99.1
Scan saved at 4:03:21 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Random undeleteables

i recently found a number of temp files that i cant delete because they are being used by an outside program of which i have no idea what it could be they are mostly html files and pictures like you get from normal browsing but when i tried to delete these i didnt have any browsers open

heres my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 4:05:57 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Can some one look at my HijackThis report

have you tried running a good scanner such as ad-aware or ewido

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Need help

is there anyway to change novell settings if your not on the administrative account

Networking

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: My computer is being torn apart

heres the winpfind log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX!                 5/26/2006 3:42:46 PM        29251      C:\mc-110-12-0000228.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack               3/18/2005 6:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack               5/26/2005 4:34:52 PM        2297552    C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2                 3/31/2003 7:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 4/19/2006 3:09:20 PM        619156     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           4/19/2006 3:09:20 PM        619156     C:\WINDOWS\SYSTEM32\DivX.dll
PTech                4/10/2006 2:00:34 PM        555824     C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2           5/3/2006 11:26:22 PM        5818784    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               5/3/2006 11:26:22 PM        5818784    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 2:56:36 AM         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 2:56:44 AM         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              3/31/2003 7:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63         5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
209.66.67.134        5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
66.63.167.97         5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
66.63.167.77         5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
web-nex              5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
rec2_run             5/26/2006 3:42:24 PM        32256      C:\WINDOWS\SYSTEM32\__delete_on_reboot__dmonwv.dll
69.59.186.63         5/26/2006 3:42:26 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__plabfsm.dll
209.66.67.134        5/26/2006 3:42:26 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__plabfsm.dll
web-nex              5/26/2006 3:42:26 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__plabfsm.dll

Checking %System%\Drivers folder and sub-folders...
PTech                8/4/2004 12:41:38 AM        1309184    C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: My computer is being torn apart

heres the hjt log in its seperate folder

Logfile of HijackThis v1.99.1
Scan saved at 6:14:39 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yoqfo.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,kjxiypc.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue Registry Booster] E:\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: My computer is being torn apart

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:20:45 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yoqfo.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,kjxiypc.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue Registry Booster] E:\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

My computer is being torn apart

plz help

heres my log

Logfile of HijackThis v1.99.1
Scan saved at 11:25:37 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\qekzrgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\outlook\outlook.exe
C:\defender23.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\win32105-154171283.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\pldsregn.exe
C:\WINDOWS\system32\twinmqez.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Outlook Express\msoeres.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: My computers loaded w/ crap

Help Plz My Computer is being torn apart

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Help! Canâ€™t access gmail & yahoo pages after installing Anti-Spyware and Panda

Uninstall Panda if you can gmail and other email sites tend to stop working if you have an internet security program that screws up
that happened to me with norton

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

My computers loaded w/ crap

My computer has about every trojan/adware on it including vx2 winfixer and many other i used scanners to get rid of most of it but heres my HJT log. Plz help me find the other problems

PS-ive already downloaded lspfix ccleaner and ewido
here it is

Logfile of HijackThis v1.99.1
Scan saved at 10:38:10 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\qekzrgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\defender23.exe
C:\windows\system32\dwdsregt.exe
C:\WINDOWS\qekzrgrA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\win32105-154171283.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\twinmqez.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Movie Maker\wmmutil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: hjk log

it probably just overheated then
emachines areknown to have broken fans

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: hjk log

it restarted alll fo a sudden and i wanted to know if it overheated or if its spyware

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

hjk log

is there anything wrong w/ my comp here my log

Logfile of HijackThis v1.99.1
Scan saved at 4:27:15 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - …

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton Removal

nevermind i manually deleted the files i could and then ran it and now my computer is working better than ever

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

i did finally uninstall it and now everythings working great

btw how do i make this thread solved

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton Removal

it says that norton applications or similar programs were running but i dont know which processes belong to norton and which dont

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton Removal

im pretty sure i have the 2005 version because the .exe removal a total of like 4 files

i was wondering could you list the norton processes so i can end them and delete the dlls and exes

if i did this and ran ccleaner would it delete the leftover registry

and i have Mozilla and Ie doesnt work because of norton i cant use the other page

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton Removal

none of those worked and i dont want to pick through the registry w/ those directions

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Norton Removal

could somebody plz post a link to a program that will remove norton

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

i have three dll's and it said to keep all of them they were

mswsock.dll
winrnr.dll
rsvpsp.dll

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Something ive always wondered

wells sometimes if i select today and delete when i restart the browers all of the history comes back so i have to expand today and delete each one individually

Microsoft Windows web-browser

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Computer keeps restarting on it's own - HELP

i dont know if this is adware caused or not but sometimes the computer will randomly shut down on its own from an improperly working fan so you might want to check that

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

all of the same problems exist

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

finally i have it

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:58:06 PM, 5/2/2006
+ Report-Checksum: BF15A8D5

+ Scan result:

:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\avpgw1s6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\avpgw1s6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

::Report End

btw everything is still not working that wasnt working before

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Something ive always wondered

how come sometimes in IE you can select Today in the history and delete it but other time you have to delete each individual entry

Microsoft Windows web-browser

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

ok i ran the cleaner and it found alot of old .dll in the registry but thats about it im still waiting for the ewido scan to finish so far it only found a few cookies in the mozilla folders

Information Security windows-virus

kylethedarkn 23 A.K.A. The Laughing Man

19 Years Ago

Re: Norton internet security screw up

here ya go

Logfile of HijackThis v1.99.1
Scan saved at 8:02:17 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\aim\aim.exe
E:\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Information Security windows-virus