Jump to content

wheels351972

Members
  • Content Count

    4
  • Joined

  • Last visited

About wheels351972

  • Rank
    Newbie
  1. I have run cure-it and it got rid of a few files I rebooted it was still there. I ran autoruns and removed it by deleting the option it was still there on reboot. I went into safe mood and used autoruns and removed it and rebooted it was back again. I went into regedit and removed c:\windows\mswinlogon.exe and c:\winlogon.exe and it deleted all but one entry in the registry. I rebooted it come back. Im doing a scan now with Kapersky. Im at my wits end with this thing. Everythign I have looked it up says it's spyware or a trojan. Any more ideas?
  2. Thats what I meant to say was winlogon.exe. But yeah thats the only traces I could find is system32 I cant find it in Windows either. ANY help in getting rid of this damn thing would be greatly appreciated thanks. My virus scanner is NOT picking it up.
  3. kdtzh.exe is not even in the msconfig anymore I still however am getting that mswinlogon.exe popup issue. Should mswinlogon.exe ALWAYS be in system or system32 or can it reside in Root directory of Windows, or is that considered to be a virus or what not? Also mswinlogon.exe is in the msconfig as c:\windows\mswinlogon.exe
  4. To whom it may concern: I have been infected with SOMETHING im just not sure what. I cleaned up a few things on my own but I still have something going on. I have run 3 scans with SAS and come up with 3 different results Computer is running: XP Pro SP3 Mcafee Virus Scan Online Webroot Spyweeper SAS Free I have a popup "Windows cannot find 'C:\WINDOWS\winlogon.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search. I CANT get rid of that file and in my msconfig under startup I keep seeing kdtzh.exe. I have tried scanning in real mode it sees it but it WONT remove it. I have tried scanning in safe mode with the same results. I googled it and it's telling me it's spyware or a virus im not sure which. I just CANT get rid of it. ANY HELP would be GREATLY appreciated. Also I have 3 logs for you folks: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/21/2008 at 12:35 PM Application Version : 4.22.1014 Core Rules Database Version : 3555 Trace Rules Database Version: 1543 Scan type : Complete Scan Total Scan Time : 01:08:55 Memory items scanned : 585 Memory threats detected : 0 Registry items scanned : 6457 Registry threats detected : 4 File items scanned : 71724 File threats detected : 3 Adware.MyWebSearch HKU\S-1-5-21-1292428093-789336058-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{673587BB-1E19-416A-BD73-38D714B64176}#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{673587BB-1E19-416A-BD73-38D714B64176}#NAMESERVER Trojan.Unclassified/K-Series HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SYSTEM C:\WINDOWS\SYSTEM32\KDTZH.EXE Log 2: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/22/2008 at 07:08 PM Application Version : 4.22.1014 Core Rules Database Version : 3555 Trace Rules Database Version: 1543 Scan type : Complete Scan Total Scan Time : 01:20:15 Memory items scanned : 598 Memory threats detected : 0 Registry items scanned : 6458 Registry threats detected : 4 File items scanned : 71557 File threats detected : 3 Adware.MyWebSearch HKU\S-1-5-21-1292428093-789336058-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{673587BB-1E19-416A-BD73-38D714B64176}#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{673587BB-1E19-416A-BD73-38D714B64176}#NAMESERVER Trojan.Unclassified/K-Series HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SYSTEM C:\WINDOWS\SYSTEM32\KDTZH.EXE Log 3: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/22/2008 at 11:04 PM Application Version : 4.22.1014 Core Rules Database Version : 3648 Trace Rules Database Version: 1631 Scan type : Complete Scan Total Scan Time : 01:21:17 Memory items scanned : 569 Memory threats detected : 0 Registry items scanned : 6470 Registry threats detected : 80 File items scanned : 72002 File threats detected : 20 Rootkit.NDisProt/Fake HKLM\System\ControlSet001\Services\Ndisprot C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_Ndisprot HKLM\System\ControlSet002\Services\Ndisprot HKLM\System\ControlSet002\Enum\Root\LEGACY_Ndisprot HKLM\System\CurrentControlSet\Services\Ndisprot HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Ndisprot Adware.MyWebSearch/FunWebProducts HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#Maximized HKLM\SOFTWARE\MyWebSearch\bar#Visible HKLM\SOFTWARE\MyWebSearch\bar#UseFWB HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#UninstallString HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#un HKLM\SOFTWARE\MyWebSearch\MWSOEMON HKLM\SOFTWARE\MyWebSearch\MWSOEPLG HKLM\SOFTWARE\MyWebSearch\OEHosts HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName HKLM\Software\FocusInteractive\Outlook HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\1.bin C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\2.bin C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch\SrchAstt\1.bin C:\Program Files\MyWebSearch\SrchAstt\2.bin C:\Program Files\MyWebSearch\SrchAstt C:\Program Files\MyWebSearch C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts Trojan.DNSChanger-Codec HKCR\homeview HKCR\homeview\CLSID Rogue.Component/Trace HKLM\Software\RHC5WGJ0E94J Trojan.Unknown Origin D:\HACKERS PACK\MISSING FILES\COMPCONTROLS.OCX Adware.MyWebSearch-Installer D:\KAELEES GAMES\CURSORMANIASETUP2.2.60.11-2.ZCFOX000.EXE D:\KAELEES GAMES\ZWINKYSETUP2.2.60.11-2.ZJFOX000.EXE D:\KAELEES GAMES\ZWINKYSETUP2.3.50.17.ZJFOX000.EXE D:\KAELEES GAMES\ZWINKYSETUP2.3.50.22.ZJFOX000.EXE I STILL have that cannot find winlogon popup AND still have kdtzh.exe in my startup. Willie *UPDATE* Scan log #4 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/23/2008 at 01:14 AM Application Version : 4.22.1014 Core Rules Database Version : 3648 Trace Rules Database Version: 1631 Scan type : Complete Scan Total Scan Time : 01:24:51 Memory items scanned : 566 Memory threats detected : 0 Registry items scanned : 6462 Registry threats detected : 0 File items scanned : 71860 File threats detected : 0 Willie
×
×
  • Create New...