OMG Wtf BBQ

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 14th January 2010, 1:39 pm

Please download [You must be registered and logged in to see this link.] to your desktop.


Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.


Then, go to [You must be registered and logged in to see this link.], and upload the picture for me please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 17th January 2010, 12:53 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]
I think you wanted this.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 17th January 2010, 2:38 am

Oh I see.

Most system problems are caused because the user is running as an administrator of the machine. Microsoft explicitly urged all users running Vista or 7 to run a Limited Account not an Administrator Account.

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Let me know how the computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 17th January 2010, 2:42 am

I'm currently scanning, but I have a quick question as it scans. Is this going to fix the pop up problem, and the "... .exe has stopped responding" when I try to run almost everything?

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 17th January 2010, 3:12 am

It said it found some corrupted files but couldn't fix some.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 17th January 2010, 3:24 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then try the scan and fix again, It should repair them in Safe Mode.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 17th January 2010, 3:57 am

I got the same thing.
I made a standard account also like you said.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 17th January 2010, 4:20 am

And you for sure do not have the Vista disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 17th January 2010, 4:26 am

100% sure.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 26th January 2010, 9:02 am

Anything else we can do?

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 26th January 2010, 3:56 pm

Delete this if you have it.

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 27th January 2010, 5:51 am

It says "ComboFix.exe" is not working.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 27th January 2010, 11:44 am

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 29th January 2010, 5:25 am

1/28/2010 7:48:06 PM Task started
1/28/2010 8:30:48 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:30:49 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:30:49 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 8:32:05 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:32:05 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:33:30 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 8:33:30 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class Postponed
1/28/2010 8:35:29 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:35:29 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:37:52 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:37:52 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:37:53 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 9:03:55 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 9:04:19 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 9:04:19 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 9:04:26 PM Deleted: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 9:04:26 PM Task completed


There was no button that said save log. So I just copied it this stuff.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 29th January 2010, 11:19 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 3rd February 2010, 12:44 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0c49d8cdf12ded4f855dd327aa192ece
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-03 12:38:34
# local_time=2010-02-03 04:38:34 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 828521 828521 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1866887 101804393 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=137435
# found=1
# cleaned=0
# scan_time=3848
${Memory} a variant of Win32/Kryptik.BXQ trojan 00000000000000000000000000000000 I

Sorry it took so long to reply.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 3rd February 2010, 4:00 pm

Delete any copies you have.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 4th February 2010, 7:32 am

For some reason my browser is blocking Bleeping Computer.

Edit: I transferred ComboFix from my desktop to his laptop. I ran it as a regular user on the limited account, I double click it, the hour glass comes up for like 3 seconds and then goes away. I let it sit there just in case, and nothing. I ran as an admin on a limited user, still nothing. I ran on the admin account, and I get the message "ComboFix.exe has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 4th February 2010, 7:54 am

I got HJT to run!
I thought we hit a dead end, I love you DMJ!

Here is the log, maybe we can get somewhere now.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:53:14 PM, on 2/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 9990 bytes

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 4th February 2010, 4:14 pm

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):


  • Ask Toolbar


Please re-open HijackThis and click Do a System Scan only. Check the boxes to the left of all the entries listed below.

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Ask.com


Please reboot your computer again, and post a new HijackThis log here in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 4th February 2010, 9:37 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:36:00 PM, on 2/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 9749 bytes


Everytime I start up my computer, I get a "... has stopped working"
Like windows defender, and stuff like that. I also got a MSASCui.exe failed to initialize

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 5th February 2010, 12:52 am

Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 5th February 2010, 5:02 am

That also comes up as "SmitfraudFix.exe has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 5th February 2010, 5:53 pm

Haha...

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 6th February 2010, 7:54 am

DAMN!
I forgot to save file before I rebooted!
I know it deleted around 15 things, and I can now run stuff and don't get the "... has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 6th February 2010, 7:17 pm

Please run [You must be registered and logged in to see this link.] online scan.

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 8th February 2010, 3:14 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-02-07 19:13:52
PROTECTIONS: 1
MALWARE: 34
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@[You must be registered and logged in to see this link.]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@zedo[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@ads.addynamix[1].txt
00954094 Rootkit/Bagle.UV Virus/Worm Yes 2 Yes No c:\windows\system32\drivers\uti5otu4.sys
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@enhance[1].txt
01692698 Generic Malware Virus/Trojan No 0 Yes No c:\users\student\appdata\locallow\macromedia\shockwave player\xtras\download\thegroovealliance\3dgroovextrav181\groove.x32
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtmybfmwddov.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtvidlhmeeot.dll.vir
05886270 Adware/SystemGuard2009 Adware No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtxwisbtqvxc.dll.vir
05898765 Trj/Nabload.DPS Virus/Trojan No 0 Yes No c:\combofix\catchme.tmp
05898765 Trj/Nabload.DPS Virus/Trojan No 0 Yes No c:\combofix\catchme.cfxxe
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\alex\desktop\cf.rar[cf\combofix.exe][32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\alex\desktop\cf\combofix.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\$recycle.bin\s-1-5-21-2477132465-1982460745-463720481-1000\$r7z6h5a.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\student\desktop\cf.rar[cf\combofix.exe][32788r22fwjfw\catchme.cfxxe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\corel\dvd moviefactory for toshiba\dvd moviefactory\sqplus.dll
No c:\users\student\doctorweb\quarantine\$rwtnjz0.exe
No c:\users\student\doctorweb\quarantine\63329bdcd00
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 8th February 2010, 3:31 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on 8th February 2010, 4:00 am

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
PC Tools Firewall Plus 6.0
WMIC entry does not exist for antivirus; attempting automatic update.
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on 8th February 2010, 3:19 pm

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=======

All clean. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum