|
|
||
01-13-2008, 09:32 PM
|
#11 (permalink) |
|
Bronze Member
 Join Date: Jan 2008
Posts: 25
|
2nd scan of spyware was:
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/13/2008 at 12:18 PM Application Version : 3.9.1008 Core Rules Database Version : 3379 Trace Rules Database Version: 1373 Scan type : Complete Scan Total Scan Time : 01:11:15 Memory items scanned : 283 Memory threats detected : 0 Registry items scanned : 5052 Registry threats detected : 0 File items scanned : 67040 File threats detected : 0 Last edited by AkinaGod; 01-13-2008 at 09:36 PM. |
|
|
|
01-13-2008, 09:33 PM
|
#12 (permalink) |
|
Bronze Member
Join Date: Jan 2008
Posts: 25
|
and the most recent hijack after the two spyware scans is:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:29:41 PM, on 1/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://mail.yahoo.com/diskless/bin/tgctlcm.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1194201304156 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1194197676764 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 4538 bytes |
|
|
|
01-13-2008, 09:46 PM
|
#14 (permalink) |
|
Bronze Member
Join Date: Jan 2008
Posts: 25
|
Ok so it looks like my computer is cleaned up. I guess my problem kept coming from a P2P file shairing program I had. I thought I cleaned the program up but I guess not. So I was wondering if anyone can recommend me a really good P2P file sharing program that is free and is able to download Japanese vids, American vids, music, etc. I used to use limwire but it doesn't seem to download ANY movies at all and the music always seemed to get about 50% - 80% complete and then stop and I would have to start all over again because it never found the file later on. Could anyone assist? I will also start this in another forum index for the reason of topic.
|
|
|
|
01-13-2008, 09:51 PM
|
#15 (permalink) | |
|
Diamond Member
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,947
|
Same answer, hope you read on General Software. Not allowed to talk.
__________________
dznutz: Quote:
|
|
|
|
|
|
01-13-2008, 10:10 PM
|
#16 (permalink) | |
|
Silver Member
 
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 137
|
Quote:
The log is clean. Go to Start > Run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and /u Then hit Enter. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again --------- Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. Please download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- This is a good time to clear your infected system restore points and establish a new clean restore point:
---------- Apologies to webbenji. I didn't mean to hijack your instructions, I just thought I could help progress the fix. EF |
|
|
|
|
01-13-2008, 10:16 PM
|
#17 (permalink) | |
|
Diamond Member
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,947
|
Hey evil you still didn't tell me where did you get those canned speeches?
I mean you don't have to answer me, but I'd like to know...
__________________
dznutz: Quote:
|
|
|
|
|
01-13-2008, 10:24 PM
|
#18 (permalink) |
|
Silver Member
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 137
|
I remember, just forgot to answer.
The ones I use mainly are made by me. Although I have some that are posted throughout the web for people to use. Like the smitfraud and vundofix ones. I have found it easier to make new ones though. So many of the spyware scanners and online virus scanners are different then they were a year or two years ago so they are outdated. I have a Google documents account that I keep them all categorized in. I am always modifying or just remaking one here and there. P.S. There is a new Java version (Java 6 Update 4) so update your info on that. |
|
|
|
01-13-2008, 10:30 PM
|
#19 (permalink) | ||
|
Diamond Member
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,947
|
Hey thanks!
Quote:
Because, my source of canned speeches isn't bad, but really is full of outdated speeches. It's always nice to have correct speeches 5 seconds of navigating+posting... Anyway don't want to bother too much so just...asnwer that one please.
__________________
dznutz: Quote:
|
||
|
|
|
01-14-2008, 04:45 PM
|
#20 (permalink) |
|
Bronze Member
Join Date: Jan 2008
Location: NY, NY
Posts: 93
|
I too am infected with TWO Trojan Horses! PLEASE HELP!
I have been infected with TratBHO and Smitfraud. I ahve downloaded numerous fixes but nothing is working!! I'm trying to avoid reinstalling my op system. I have Avast, Smitfraudfix, Hijack This, Norton 2004, Ad-Aware 2007, AVG and...I have tried numerous times to clean them out!
I am sooo frustrated! I can't delete no how, no way the core.cache.dsk file in my drivers section (which I know is the Smitfraud bastard!) Tratbho had come come up in one of my searches and I checked the boxes with BHO files and they were deleted but I still am getting pop ups and warnings. I've also been in safe mode. Didn't do anything. Please help me! I'm losing my mind! here's the latest result fof Smitfraudfix: SmitFraudFix v2.274 Scan done at 10:26:46.14, Mon 01/14/2008 Run from C:\Documents and Settings\Eve\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4\Alwil Software\aswUpdSv.exe C:\Program Files\Avast4\Alwil Software\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iDumpPro\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avast4\Alwil Software\ashMaiSv.exe C:\Program Files\Avast4\Alwil Software\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Avast4\Alwil Software\ashSimpl.exe C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\rundll32.exe D:\NU\NDD32.EXE C:\WINDOWS\system32\rundll32.exe D:\NSWSETUP.EXE C:\WINDOWS\system32\msiexec.exe D:\Support\Prescan\Prescan.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 legal-at-spybot.info 127.0.0.1 www.legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eve »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eve\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Eve\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/Eve/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg" "SubscribedURL"="file:///C:/DOCUME~1/Eve/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{92C041E2-1F38-4238-A3E1-E960C8134B5E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{92C041E2-1F38-4238-A3E1-E960C8134B5E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{92C041E2-1F38-4238-A3E1-E960C8134B5E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End thanks 
|
|
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
