Jump to content


  • Content Count

  • Joined

  • Last visited

About TylerDurdin

  • Rank
  1. Thanks for your advise siliconman, it took me forever to get that diagnostic done for some reason my firefox browser would not let me connect, so I actually had to make IE7 my home page just to get it done. For the first time after all this crap I hope my machine has more viruses than a, well you know. Once again thanx and I'll keep you posted whether your interested or not. thanx alot BTW error loading C:\PpogramFiles\CommonFiles\Paretologic\UUS2\UUS.dll
  2. Yes, my only concern is that a day ago I ran SAS it said I was clean, than malwarebytes found a whole bunch of smitfraud fix tool stuff that I believed to be history,it is only because of the fact that my wife does online banking a bill paying that I am even concerned. I also have to question why SAS did not find these, dont get me wrong I do believe this program is everything it claims to be. My machine was a day away from being completely re-installed, I ran this program and my pc ran as good as the day I got it. the malwarebytes scan in my first post is after SAS said I had 0 infections, I am just puzzled. BTW just started getting some paretologic rundll eror, I use crap cleaner for my registry it aways seemed to be fine, could this be virus related? all scans by all tools come back clean now. Avast, ad-aware,malwarebytes and SAS.
  3. Ran a scan in safe mode SAS found 0 infections.
  4. Actually A friend thought he could help me out when my computer first became infected a couple of months ago, I also thought he had the real guy after the attempt I realized he did more of a dis-service than anything, my 4 year old son could have helped me mess it more if that was my intention, but shame on me. As for the fix tool files or anything else I thought they were all gone until today. No other scans by anything found this many issues except for the first time I ran SAS. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 03/06/2009 at 00:51 AM Application Version : 4.25.1014 Core Rules Database Version : 3786 Trace Rules Database Version: 1743 Scan type : Complete Scan Total Scan Time : 00:38:02 Memory items scanned : 215 Memory threats detected : 2 Registry items scanned : 5944 Registry threats detected : 60 File items scanned : 11273 File threats detected : 20 Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\JOASUQ.DLL C:\WINDOWS\SYSTEM32\JOASUQ.DLL C:\WINDOWS\SYSTEM32\GZICEP.DLL C:\WINDOWS\SYSTEM32\GZICEP.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\OPNMJDVP.DLL HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Rootkit.Agent/Gen-DP_PROT HKLM\system\controlset001\services\iarrwigr C:\WINDOWS\SYSTEM32\DRIVERS\LURUVCXJ.SYS HKLM\system\controlset002\services\iarrwigr Adware.Tracking Cookie C:\Documents and Settings\Wilkins\Cookies\wilkins@clickbank[1].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKLM\SOFTWARE\Microsoft\MS Juan HKLM\SOFTWARE\Microsoft\MS Juan#RID HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#LU HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#CT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#LT HKLM\SOFTWARE\Microsoft\MS Juan\me HKLM\SOFTWARE\Microsoft\MS Juan\me#LTM HKLM\SOFTWARE\Microsoft\MS Juan\me#CDY HKLM\SOFTWARE\Microsoft\MS Juan\me#CNT HKLM\SOFTWARE\Microsoft\MS Juan\me#LBL HKLM\SOFTWARE\Microsoft\MS Juan\me#MN HKLM\SOFTWARE\Microsoft\MS Juan\mm HKLM\SOFTWARE\Microsoft\MS Juan\mm#LTM HKLM\SOFTWARE\Microsoft\MS Juan\mm#CDY HKLM\SOFTWARE\Microsoft\MS Juan\mm#CNT HKLM\SOFTWARE\Microsoft\MS Juan\s4 HKLM\SOFTWARE\Microsoft\MS Juan\s4#LTM HKLM\SOFTWARE\Microsoft\MS Juan\s4#CDY HKLM\SOFTWARE\Microsoft\MS Juan\s4#CNT HKLM\SOFTWARE\Microsoft\MS Juan\se HKLM\SOFTWARE\Microsoft\MS Juan\se#LTM HKLM\SOFTWARE\Microsoft\MS Juan\se#CDY HKLM\SOFTWARE\Microsoft\MS Juan\se#CNT HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid HKLM\SOFTWARE\Microsoft\MS Track System#Shows HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKLM\Software\Microsoft\E4EA95E5 HKLM\Software\Microsoft\E4EA95E5#e4ea95e5 HKLM\Software\Microsoft\E4EA95E5#Version HKLM\Software\Microsoft\E4EA95E5#e4ea3865 HKLM\Software\Microsoft\E4EA95E5#e4ea5180 HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\CS41275 HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\FIAS4052N Trojan.Agent/Gen-Simple C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090217-223403-718.DLL C:\WINDOWS\SYSTEM32\IEIUWUUL.DLL C:\WINDOWS\SYSTEM32\LNNBZS.DLL Adware.Vundo Variant C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090217-223403-932.DLL Adware.Vundo/Variant-AdobeFake C:\WINDOWS\SYSTEM32\GNEWCYMG.DLL C:\WINDOWS\SYSTEM32\NXFVSBQO.DLL C:\WINDOWS\SYSTEM32\OOFUSK.DLL C:\WINDOWS\SYSTEM32\QRUDCRUU.DLL C:\WINDOWS\SYSTEM32\QYJHCGGN.DLL C:\WINDOWS\SYSTEM32\UKUROOUL.DLL Adware.Prun-A C:\WINDOWS\SYSTEM32\PRUNNET.EXE Trojan.Vundo-Variant/Packed-GEN C:\WINDOWS\SYSTEM32\RQRKASQQ.DLL Trace.Known Threat Sources C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\NHO4N2WQ\l.s.bg1z[1].gif C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\NHO4N2WQ\l.s.bg2z[1].gif C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\A9BMGKKY\favicon[1].ico
  5. Ran my SAS pro came back clean. scanned again with avast found 1 infection a win32 trojan spy, scanned later with ad-aware found 4 win32 monder iu's, just for the hell of it I ran malwarebytes found Malwarebytes' Anti-Malware 1.34 Database version: 1830 Windows 5.1.2600 Service Pack 2 3/10/2009 12:40:28 AM mbam-log-2009-03-10 (00-40-28).txt Scan type: Full Scan (C:\|) Objects scanned: 107613 Time elapsed: 22 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Settings (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\rs.dat (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 01_47_58 PM_515.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 01_54_06 PM_781.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 12_31_27 PM_312.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 12_42_37 PM_062.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 11 - 06_59_33 PM_000.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 17 - 08_24_50 PM_670.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Settings\ScanResults.pie (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. Why were these not found before?
  6. I dont even know why, but this time it is gone. just scanned this morning and nothing. I also run the ad-aware anniversary free edition but that seems to miss some things. although not bad for a secondary anti-virus. Would still like to know if this adaware.myweb thing is a serious threat just due to the fact that this thing seems to be everywhere.
  7. Was there ever a final solution to this Adware.mywebsearch/funwebproducts deal. Is this even a serious threat? comes up in my scans too. As long as it not a keylogger or some kind of hi-jacker I dont care, it does not seem to affect my machine. Would appreciate a heads up on how to get it out though. Constantly scan, check, and reboot, still there.
  • Create New...