ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

View previous topic View next topic Go down

ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 7:14 pm

I have a large vocabulary of words that i would like to use against winblue right now. Can someone help me out? BTW I have just a very very basic knowledge of computers and need lamens terms. Thank-you for your time!

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 8:44 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 9:28 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:45 PM, on 5/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Neal Chance\Desktop\HiJackThis.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdb_device - - C:\Windows\system32\lxdbcoms.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3659 bytes

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 9:30 pm

Hello.
There should be a lot more to that log. Make sure you copy/paste it ALL.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 9:33 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:34 PM, on 5/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\Neal Chance\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXDBCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2571A735-F8D4-41B4-9AB0-DDA67326CD2F}: NameServer = 85.255.112.153,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C0065E0-2CFA-4EE9-BFC9-3BA3755D2B95}: NameServer = 85.255.112.153,85.255.112.92
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92
O17 - HKLM\System\CS1\Services\Tcpip\..\{2571A735-F8D4-41B4-9AB0-DDA67326CD2F}: NameServer = 85.255.112.153,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdb_device - - C:\Windows\system32\lxdbcoms.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11184 bytes

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 9:36 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2571A735-F8D4-41B4-9AB0-DDA67326CD2F}: NameServer = 85.255.112.153,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C0065E0-2CFA-4EE9-BFC9-3BA3755D2B95}: NameServer = 85.255.112.153,85.255.112.92
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2571A735-F8D4-41B4-9AB0-DDA67326CD2F}: NameServer = 85.255.112.153,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 9:48 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxccbtgeupqsivoxtcsvxsmnqmdruvkcohv.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 9:56 pm

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gxvxcserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gxvxccbtgeupqsivoxtcsvxsmnqmdruvkcohv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 10:03 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gxvxcserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gxvxccbtgeupqsivoxtcsvxsmnqmdruvkcohv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 10:09 pm

Hello.
Next step,

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 10:10 pm

it wont open up the browser page, says interenet cannot display the webpage

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 10:32 pm

See if you can download from one of these mirrors.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 13th May 2009, 10:59 pm

Sorry had to step out for a few minutes. I tried several of the mirros and they all did the same thing that i described before.

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 13th May 2009, 11:14 pm

Lets try this.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 14th May 2009, 12:40 am

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/13 20:03
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8B709000 Size: 815104 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAC5CE000 Size: 45056 File Visible: No
Status: -

Name: yyzint.sys
Image Path: C:\Windows\system32\drivers\yyzint.sys
Address: 0x805AF000 Size: 61440 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1B832~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2a4ebc5e-2600-11de-9bcd-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9c87cfd1-1c02-11de-a46b-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ae22fbd7-1fa3-11de-9c85-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b4541c32-1555-11de-86fb-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b4541c4f-1555-11de-86fb-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b4541c7d-1555-11de-86fb-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b4541c9c-1555-11de-86fb-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b7a097c6-27e3-11de-b978-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cc039fd4-22c6-11de-8dc9-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d1b00833-222e-11de-85aa-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e19c43cb-1e46-11de-9b21-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e369bcfc-1b51-11de-94ee-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ef544557-18eb-11de-a047-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f73b2d56-1ccf-11de-9e6a-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2a4ebc84-2600-11de-9bcd-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2a4ebc8c-2600-11de-9bcd-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2c189cd1-2732-11de-8bfe-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a12fcf3-1e67-11de-9f82-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a12fd13-1e67-11de-9f82-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{73471566-195e-11de-9f56-001d094c0daa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\WindowsUpdate.log
Status: Allocation size mismatch (API: 1318912, Raw: 1310720)

Path: C:\Windows\PLA\System\SYSTEM~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\SYSTEM~1.XML:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\SYSTEM~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh
Status: Invisible to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Users\Neal Chance\AppData\Local\Temp\Low\jar_cache39222.tmp
Status: Allocation size mismatch (API: 196608, Raw: 0)

Path: C:\Users\Neal Chance\AppData\Local\Temp\Low\jar_cache39223.tmp
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Users\Neal Chance\AppData\Roaming\Microsoft\Windows\Cookies\Low\neal_chance@game3.pogo[2].txt
Status: Invisible to the Windows API!

Path: C:\Users\Neal Chance\AppData\Roaming\Microsoft\Windows\Cookies\Low\neal_chance@game3.pogo[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Neal Chance\AppData\Local\SupportSoft\DellSupportCenter\Neal Chance\state\logs\sprtcmd.log
Status: Allocation size mismatch (API: 1441792, Raw: 1310720)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!

SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "" at address 0x89f28000

#: 072 Function Name: NtCreateProcess
Status: Hooked by "" at address 0x89f27240

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "" at address 0x89f27500

#: 078 Function Name: NtCreateThread
Status: Hooked by "" at address 0x89f28e60

#: 123 Function Name: NtDeleteKey
Status: Hooked by "" at address 0x89f28580

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0x89f28840

#: 165 Function Name: NtLoadDriver
Status: Hooked by "" at address 0x89f291a0

#: 194 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x89f27a80

#: 324 Function Name: NtSetValueKey
Status: Hooked by "" at address 0x89f282c0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x89f27d40

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0x89f28cc0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "" at address 0x89f29000

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "" at address 0x89f277c0

Stealth Objects
-------------------
Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1104) Address: 0x02330000 Size: 323584

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1104) Address: 0x02c50000 Size: 323584

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1104) Address: 0x6fec0000 Size: 8192

Object: Hidden Module [Name: tquery.dll]
Process: svchost.exe (PID: 1104) Address: 0x71770000 Size: 1589248

Object: Hidden Module [Name: profsvc.dll]
Process: svchost.exe (PID: 1104) Address: 0x74290000 Size: 163840

Object: Hidden Module [Name: MpEvMsg.dll]
Process: svchost.exe (PID: 1104) Address: 0x743b0000 Size: 57344

Object: Hidden Module [Name: wevtapi.dll]
Process: svchost.exe (PID: 1104) Address: 0x75640000 Size: 258048

Object: Hidden Module [Name: bcmwlrmt.dll]
Process: bcmwltry.exe (PID: 1680) Address: 0x01b20000 Size: 77824

Object: Hidden Module [Name: msvcm80.dll]
Process: bcmwltry.exe (PID: 1680) Address: 0x03e70000 Size: 507904

Object: Hidden Module [Name: WLTRAY.EXE]
Process: bcmwltry.exe (PID: 1680) Address: 0x05a70000 Size: 3821568

Object: Hidden Module [Name: msvcm80.dll]
Process: WLTRAY.EXE (PID: 2768) Address: 0x04560000 Size: 507904

Object: Hidden Module [Name: bcmwlrmt.dll]
Process: WLTRAY.EXE (PID: 2768) Address: 0x04d00000 Size: 77824

Object: Hidden Module [Name: sprtmessage.dll]
Process: sprtcmd.exe (PID: 4112) Address: 0x01620000 Size: 77824

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.SupportMessage.dll]
Process: sprtcmd.exe (PID: 4112) Address: 0x01ae0000 Size: 45056

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.dll]
Process: sprtcmd.exe (PID: 4112) Address: 0x01b00000 Size: 28672

Object: Hidden Module [Name: UfSeAgnt.exe.mui]
Process: UfSeAgnt.exe (PID: 4896) Address: 0x10000000 Size: 114688

Object: Hidden Code [ETHREAD: 0x848b7d78]
Process: System Address: 0x8c064fe0 Size: -

Object: Hidden Code [ETHREAD: 0x848fad78]
Process: System Address: 0x848faf6c Size: -

Object: Hidden Code [ETHREAD: 0x848faad0]
Process: System Address: 0x93d12d98 Size: -

Object: Hidden Code [ETHREAD: 0x848fa828]
Process: System Address: 0x848faa1c Size: -

Object: Hidden Code [ETHREAD: 0x848fa580]
Process: System Address: 0x848fa774 Size: -

Object: Hidden Code [ETHREAD: 0x848fa2d8]
Process: System Address: 0x974456e0 Size: -

Object: Hidden Code [ETHREAD: 0x848fb020]
Process: System Address: 0x848fb214 Size: -

Object: Hidden Code [ETHREAD: 0x848fbd78]
Process: System Address: 0x977bd688 Size: -

Object: Hidden Code [ETHREAD: 0x89c98d78]
Process: System Address: 0x975ecba0 Size: -

Object: Hidden Code [ETHREAD: 0x89f23020]
Process: System Address: 0x977debc0 Size: -

Object: Hidden Code [ETHREAD: 0x89f1ad78]
Process: System Address: 0xa876a898 Size: -

Object: Hidden Code [ETHREAD: 0x89f2a458]
Process: System Address: 0x9747d0f0 Size: -

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 14th May 2009, 12:54 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 14th May 2009, 3:22 am

DDS (Ver_09-05-14.01) - NTFSx86
Run by Neal Chance at 23:15:36.31 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2321 [GMT -4:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wscript.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Neal Chance\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BearFlix] "c:\program files\bearflix\BearFlix.exe" /pause
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LXDBCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDBtime.dll,_RunDLLEntry@16
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinBlueSoft] c:\program files\winbluesoft software\winbluesoft\WinBlueSoft.exe -min
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
TCP: NameServer = 85.255.112.153,85.255.112.92
TCP: {2571A735-F8D4-41B4-9AB0-DDA67326CD2F} = 85.255.112.153,85.255.112.92
TCP: {2C0065E0-2CFA-4EE9-BFC9-3BA3755D2B95} = 85.255.112.153,85.255.112.92
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 14th May 2009, 3:23 am

=============== Created Last 30 ================

2009-05-13 20:02 0 a------- c:\windows\system32\settings.dat
2009-05-13 16:27 172,032 a------- c:\windows\system32\igfxres.dll
2009-05-13 15:16 13,154 a------- c:\windows\system32\12f495z193.dll
2009-05-13 14:24 --d----- c:\programdata\Trend Micro
2009-05-13 14:24 --d----- c:\progra~2\Trend Micro
2009-05-13 14:23 --d----- c:\program files\Trend Micro
2009-05-13 14:14 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-05-13 14:14 256,528 a------- c:\windows\system32\drivers\tmwfp.sys
2009-05-13 14:14 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-05-13 14:14 150,032 a------- c:\windows\system32\drivers\tmcomm.sys
2009-05-13 14:14 145,424 a------- c:\windows\system32\drivers\tmlwf.sys
2009-05-13 14:14 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-05-13 14:14 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-05-13 14:14 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-05-13 14:14 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-05-13 01:33 15,886 a------- c:\windows\5d1fthief499z.exe
2009-05-12 17:43 8,731 a------- c:\windows\system32\6zd1spyware9545.ocx
2009-05-12 15:59 15,982 a------- c:\windows\235caddwzr91071.dll
2009-05-11 20:13 4,535 a------- c:\windows\9975zroj620.dll
2009-05-10 02:05 2,859 a------- c:\windows\21052wor566z9.dll
2009-05-09 06:49 17,100 a------- c:\windows\2554szeal11959.cpl
2009-05-09 03:19 4,144 a------- c:\windows\3fa3backdoo51294z.exe
2009-05-05 02:23 16,119 a------- c:\windows\5416downl9adzr364.cpl
2009-05-03 11:56 3,089 a------- c:\windows\1533addzare999.bin
2009-05-03 02:08 11,177 a------- c:\windows\90575hzcktool42.bin
2009-05-02 03:42 5,644 a------- c:\windows\26965hackt9ol45z.bin
2009-05-02 01:37 18,356 a------- c:\windows\system32\22z16hack59ol5e1.cpl
2009-05-01 17:16 18,203 a------- c:\windows\system32\zb51backdo9r3193.cpl
2009-05-01 16:18 17,618 a------- c:\windows\30cdz9ywa5e2215.bin
2009-05-01 11:50 5,603 a------- c:\windows\21933hack5ozl7a89.exe
2009-05-01 05:51 3,186 a------- c:\windows\system32\49559hief215z.dll
2009-04-28 18:33 6,161 a------- c:\windows\4926zpy5ec.ocx
2009-04-27 22:12 12,273 a------- c:\windows\20wor594bz.cpl
2009-04-27 12:46 6,878 a------- c:\windows\system32\153z7v9rus5d.exe
2009-04-25 00:22 17,929 a------- c:\windows\43a4vi529z9.exe
2009-04-21 12:54 3,916 a------- c:\windows\system32\9668wormz58.ocx
2009-04-20 00:24 12,875 a------- c:\windows\system32\1991tro5701z.ocx
2009-04-19 20:37 18,219 a------- c:\windows\system32\7za4b5ck9oor275.ocx
2009-04-19 18:52 11,541 a------- c:\windows\2db2do5nzoader9539.bin
2009-04-16 05:37 11,199 a------- c:\windows\2269szywa9e5816.exe
2009-04-16 04:28 10,544 a------- c:\windows\system32\1605threat32z99.cpl
2009-04-15 12:57 17,232 a------- c:\windows\system32\139519pazbot184.cpl
2009-04-15 03:29 12,516 a------- c:\windows\2c3e5irz8229.dll
2009-04-15 02:38 13,824 a------- c:\windows\system32\gxvxclbpoqerypfnibutjxumoatmttnmxcswr.dll
2009-04-15 02:38 4 a------- c:\windows\system32\gxvxccounter
2009-04-15 02:37 --d----- c:\program files\QuickyPlaeyr

==================== Find3M ====================

2009-05-13 19:10 626 a------- c:\users\nealch~1\appdata\roaming\wklnhst.dat
2009-05-13 14:25 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-13 14:25 51,200 a------- c:\windows\inf\infpub.dat
2009-05-13 14:25 86,016 a------- c:\windows\inf\infstor.dat
2009-05-13 01:33 5,604 a------- c:\windows\system32\30737spy955z.bin
2009-05-13 01:32 1,097,728 a------- c:\windows\system32\setup2.exe
2009-04-11 20:54 10,181 a------- c:\windows\21185zcktool994.exe
2009-04-06 21:55 5,605 a------- c:\windows\609adow5loaderz88.exe
2009-04-06 14:16 2,959 a------- c:\windows\system32\19f95pzware2549.bin
2009-04-06 06:01 3,258 a------- c:\windows\system32\31312h5cktooz2e9.exe
2009-04-04 15:03 6,553 a------- c:\windows\53cdthrea55z799.exe
2009-04-01 23:18 13,926 a------- c:\windows\5587zspy759.bin
2009-03-27 14:31 16,377 a------- c:\windows\system32\42z2do5nload9r2302.dll
2009-03-24 21:30 5,188 a------- c:\windows\system32\6b9f5zeal395.exe
2009-03-18 22:10 16,941 a------- c:\windows\system32\c67ba9kdoo52795z.bin
2009-03-17 22:12 13,086 a------- c:\windows\820hzck5ool9c.exe
2009-03-16 02:48 3,081 a------- c:\windows\system32\71dd5dz9are2925.bin
2009-03-13 02:56 3,142 a------- c:\windows\system32\f385pywa9e143z.exe
2009-03-12 21:12 12,776 a------- c:\windows\20515t9ojz8d.exe
2009-03-12 11:49 15,359 a------- c:\windows\system32\6789t5rzat12003.dll
2009-03-12 10:30 9,111 a------- c:\windows\system32\3f93downloa5e92260z.bin
2009-03-11 23:54 6,095 a------- c:\windows\98366noz-a-virus1bb5.bin
2009-03-11 00:28 10,760 a------- c:\windows\system32\22292w9rz755.exe
2009-03-10 14:43 16,641 a------- c:\windows\system32\1580t9izf448.bin
2009-03-09 23:51 4,864 a------- c:\windows\system32\90255vizusd0.exe
2009-02-25 05:08 17,352 a------- c:\windows\system32\3685s9eal267z.bin
2009-02-24 18:48 17,151 a------- c:\windows\30856n9t-a-vzru51a.exe
2009-02-22 07:07 8,508 a------- c:\windows\297estzal30395.bin
2009-02-20 06:50 16,779 a------- c:\windows\system32\59056zpy45.exe
2009-02-16 06:55 10,555 a------- c:\windows\system32\24824w59z1a3.exe
2009-02-15 02:03 6,192 a------- c:\windows\system32\12z12not-a-9irus58b.dll
2009-02-14 23:15 10,037 a------- c:\windows\system32\9ad5zhief2500.exe
2009-02-14 13:14 8,454 a------- c:\windows\system32\51907vi9usz6f.dll
2009-02-13 21:38 11,998 a------- c:\windows\7f5t95zat9203.bin
2009-01-29 21:26 174 a--sh--- c:\program files\desktop.ini
2009-01-29 21:16 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-05-09 11:41 76 ---shr-- c:\windows\CT4CET.bin
2009-05-13 23:17 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\NTUSER.DAT
2008-05-08 23:18 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:18:29.33 ===============

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by osubuckeyefan1 on 14th May 2009, 3:24 am

Hey, hope this was everything you were looking for. Thank you so much for your help, will be checking back tomorrow afternoon for more instructions.

osubuckeyefan1
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-05-13
OS OS : vista
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ARRRRRRRRRRRRR winblue HELP, have looked around and need more asssistance

Post by Belahzur on 14th May 2009, 8:46 am

Hello.

Smitfraud Infection Detected
Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
[You must be registered and logged in to see this link.]

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #5 - Clean DNS by typing 5 and press "Enter" to delete the DNS hijack.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum