Jump to content

weslantz1977

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks a ton you have been an amazing help for me, no way I could have done all this by myself.
  2. Still running great, what do you think am I clean now?
  3. Ok I ran the DrWeb Cure it, the express scan picked up nothing, but the complete scan took about 6-7 hours and detected about 6 things, 1 was a trojan that deleted the rest were all a part of the Destop Doctor file, when I went to save the log file I got the ble screen of death for Bad_Pool_Header, so instead of running it for another 7 hours I just posted here in case you wanted me to change something, I did however run you another Hijack this log and am posting it for you. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:14:31 PM, on 7/11/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe C:\Windows\System32\DingolVLR.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [skDaemond] C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe O4 - HKLM\..\Run: [DingolVLR] C:\Windows\system32\DingolVLR.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4221 bytes
  4. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=0239e4fe23e76e47ba378a01cdd8ac5a # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-07-10 01:13:55 # local_time=2010-07-09 09:13:55 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776637 100 100 0 115328171 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=126841 # found=5 # cleaned=5 # scan_time=3792 C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe Win32/Adware.DriverRobot application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Wesley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67e9c391-6c5aa271 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Wesley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\76cf8efa-4ac41b80 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Wesley\Desktop\CheatEngine55.exe Win32/HackTool.CheatEngine application (deleted - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=0239e4fe23e76e47ba378a01cdd8ac5a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-07-10 03:35:31 # local_time=2010-07-09 11:35:31 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776637 100 100 0 115332064 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=253138 # found=19 # cleaned=19 # scan_time=8394 C:\Windows.old\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Program Files\IEToolbar\Bullseye Tool Bar\lwpopper.html Win32/Adware.Toolbar.Bullseye application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Program Files\runit\runit_32.exe.vir Win32/VB.OAI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VR76W1R\20090616011856[1].exe Win32/VB.OAI trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VR76W1R\20090915083624[1].exe probably a variant of Win32/Injector.ZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N957J1OE\20090616011608[1].exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N957J1OE\20090814091151[1].exe a variant of Win32/Injector.ZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Temp\Temp1_FRAPS 2.9.5. registered crack keygen.zip\Setup.exe a variant of Win32/TrojanDownloader.VB.OEQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\AppData\Local\Temp\Temp2_FRAPS 2.9.5. registered crack keygen.zip\Setup.exe a variant of Win32/TrojanDownloader.VB.OEQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\Desktop\DriverRobot_Setup.exe Win32/Adware.DriverRobot application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Users\Wesley\Documents\LimeWire\Saved\dont wake me im dreaming CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\bffe0705.exe Win32/VB.OAI trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\cprxe75372.exe a variant of Win32/Injector.ZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\jsqdn1023.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\lcggg0805.exe Win32/VB.OAI trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\mjsqd01023.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\pegn13183.exe a variant of Win32/Injector.ZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\tsuhk13366.exe probably a variant of Win32/Injector.ZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Windows\System32\xyhpt.exe probably a variant of Win32/Injector.ZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. Well my computer is definatly running faster, much faster, but the problem for the most part surfaced when I was playing online games, whoever was hacking me at first was doing it from their own computer, when I stopped that they seemed to be able to log into my computer send e mails from my IP address and read and move my emails, its not very frequent as I do not play online games anymore because of this. I am guessing I am clean as my computer seems to run much smoother now, thank you very much for your time and help, its very much appreciated, I will be donating some money to your paypal shortly for your time, thanks again.
  6. I have ran both programs however JavaRa said it was making logs but they were never created I ran the program multiple times to no avail. Please let me know what you would like me to do about this. In the meantime here is the Combo Fix log, I tried putting it as an attachment but it looked a little tough to deciper so I am just going to cut and paste it for you. ComboFix 10-07-08.02 - Wesley 07/09/2010 16:40:18.1.2 - x86 Microsoft
  7. Here is the Combo-Fix Log, the JavaRa said it was making the logs but it never did, I ran it multiple times and checked my harddrive thoroughly and it had not been made, please let me know what you would like me to do about this. In the meantime here is my ComboFix log. Combo_Fix.txt
  8. It seems my 2nd post with all the information was removed so I will add it all again to this post. DDS (Ver_10-03-17.01) - NTFSx86 Run by Wesley at 14:32:32.73 on Wed 07/07/2010 Internet Explorer: 8.0.6001.18882 Microsoft ark.zip Attach.zip
  9. OK thank you for your help, i have as directed followed all the instuctions per that link, and as it said made a new post with all the info requested. Thanks again.
  10. DDS (Ver_10-03-17.01) - NTFSx86 Run by Wesley at 14:32:32.73 on Wed 07/07/2010 Internet Explorer: 8.0.6001.18882 Microsoft ark.zip Attach.zip
  11. DDS (Ver_10-03-17.01) - NTFSx86 Run by Wesley at 14:32:32.73 on Wed 07/07/2010 Internet Explorer: 8.0.6001.18882 Microsoft
  12. For some time now ive noticed that Ive had e mail that I have not read or that are normally on my safe list that have been marked as read and/or moved to my junk folder, after changing my password multiple times I think I must have some kind of trojan or virus, Ive downloaded Hijackthis! program and am going to post my log, however even though I am the only user and on a admin account I am not being able to run the program as an administrator (when I right click the icon there is no option for it as there is with every other program on my computer) and it says I am not allowed access to the Hosts File. So with all that being said here is the log I recieved from my scan, any help is much appreciated I am at my wits end trying to fix this, Spybot seach and Destroy and Windows Defender both have detected nothing. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:46:16 AM, on 7/6/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe C:\Windows\System32\DingolVLR.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.