Jump to content

msmissy

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by msmissy

  1. well actually "manic" did because manic was the one who replied in that thread and under the advice for the rootrepeal, it said if i can not find the file to POST IN A NEW THREAD, like i said i was only following directions. If you are not 100% confident in identifying the CLB driver then feel free to use Rootrepeal to generate an output log** and post it to a new topic in our HJT help forums. http://www.malwarebytes.org/forums/index.php?showforum=7 as i can see i am getting no where here. hours upon hours have passed by and NO ONE has gotten a response time to go to a forum where there is actual activity.
  2. sorry new thread i am only doing as i was told in the post ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/07/09 02:00 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\windows\$ntservicepackuninstall$\ndis.sys Status: Size mismatch (API: 182656, Raw: 182912) Path: c:\windows\system32\dllcache\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: c:\windows\system32\drivers\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\Documents and Settings\IBM\Local Settings\Temporary Internet Files\Content.IE5\NCVKRS1F\menu_action_down-padded[1].gif Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) Path: C:\Documents and Settings\IBM\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) Path: c:\documents and settings\ibm\local settings\application data\microsoft\internet explorer\recovery\active\{d51236c2-6c4b-11de-a3f0-0003472f2468}.dat Status: Size mismatch (API: 3584, Raw: 4608) Path: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4DCF1360-6C43-11DE-A3EF-0003472F2468}.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4DCF1361-6C43-11DE-A3EF-0003472F2468}.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4DCF1362-6C43-11DE-A3EF-0003472F2468}.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{610B23E4-6C4E-11DE-A3F0-0003472F2468}.dat Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) ==EOF==
  3. or is this down time. should i even wait or just go to another forum? Just asking
  4. hi im back, i ran mbam and have that log. it was from yesterday right before i posted this thread. i just got back online and this is the first place i went. Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 5.1.2600 Service Pack 3 7/8/2009 7:51:36 AM mbam-log-2009-07-08 (07-51-36).txt Scan type: Full Scan (C:\|) Objects scanned: 118096 Time elapsed: 22 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
  5. i will come back later today, i have not slept yet!! please don't close this thread. TY
  6. my HJT log just done it! Logfile of HijackThis v1.99.1 Scan saved at 9:00:52 AM, on 7/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing) O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Update Service (gupdate1c9a497646e7fb0) (gupdate1c9a497646e7fb0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
  7. i got the bug, nasty lil thing. I ran malware but as you know it will not get rid of it just delete on reboot, any helpers?
  8. yes i got it! please help me get rid of this bugger!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.