Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by TylerDurdin

  1. Thanks for your advise siliconman, it took me forever to get that diagnostic done for some reason my firefox browser would not let me connect, so I actually had to make IE7 my home page just to get it done. For the first time after all this crap I hope my machine has more viruses than a, well you know. Once again thanx and I'll keep you posted whether your interested or not. thanx alot BTW error loading C:\PpogramFiles\CommonFiles\Paretologic\UUS2\UUS.dll
  2. Yes, my only concern is that a day ago I ran SAS it said I was clean, than malwarebytes found a whole bunch of smitfraud fix tool stuff that I believed to be history,it is only because of the fact that my wife does online banking a bill paying that I am even concerned. I also have to question why SAS did not find these, dont get me wrong I do believe this program is everything it claims to be. My machine was a day away from being completely re-installed, I ran this program and my pc ran as good as the day I got it. the malwarebytes scan in my first post is after SAS said I had 0 infections, I am just puzzled. BTW just started getting some paretologic rundll eror, I use crap cleaner for my registry it aways seemed to be fine, could this be virus related? all scans by all tools come back clean now. Avast, ad-aware,malwarebytes and SAS.
  3. Ran a scan in safe mode SAS found 0 infections.
  4. Actually A friend thought he could help me out when my computer first became infected a couple of months ago, I also thought he had the real guy after the attempt I realized he did more of a dis-service than anything, my 4 year old son could have helped me mess it more if that was my intention, but shame on me. As for the fix tool files or anything else I thought they were all gone until today. No other scans by anything found this many issues except for the first time I ran SAS. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 03/06/2009 at 00:51 AM Application Version : 4.25.1014 Core Rules Database Version : 3786 Trace Rules Database Version: 1743 Scan type : Complete Scan Total Scan Time : 00:38:02 Memory items scanned : 215 Memory threats detected : 2 Registry items scanned : 5944 Registry threats detected : 60 File items scanned : 11273 File threats detected : 20 Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\JOASUQ.DLL C:\WINDOWS\SYSTEM32\JOASUQ.DLL C:\WINDOWS\SYSTEM32\GZICEP.DLL C:\WINDOWS\SYSTEM32\GZICEP.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\OPNMJDVP.DLL HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Rootkit.Agent/Gen-DP_PROT HKLM\system\controlset001\services\iarrwigr C:\WINDOWS\SYSTEM32\DRIVERS\LURUVCXJ.SYS HKLM\system\controlset002\services\iarrwigr Adware.Tracking Cookie C:\Documents and Settings\Wilkins\Cookies\wilkins@clickbank[1].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKLM\SOFTWARE\Microsoft\MS Juan HKLM\SOFTWARE\Microsoft\MS Juan#RID HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#LU HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#CT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hotmail#LT HKLM\SOFTWARE\Microsoft\MS Juan\me HKLM\SOFTWARE\Microsoft\MS Juan\me#LTM HKLM\SOFTWARE\Microsoft\MS Juan\me#CDY HKLM\SOFTWARE\Microsoft\MS Juan\me#CNT HKLM\SOFTWARE\Microsoft\MS Juan\me#LBL HKLM\SOFTWARE\Microsoft\MS Juan\me#MN HKLM\SOFTWARE\Microsoft\MS Juan\mm HKLM\SOFTWARE\Microsoft\MS Juan\mm#LTM HKLM\SOFTWARE\Microsoft\MS Juan\mm#CDY HKLM\SOFTWARE\Microsoft\MS Juan\mm#CNT HKLM\SOFTWARE\Microsoft\MS Juan\s4 HKLM\SOFTWARE\Microsoft\MS Juan\s4#LTM HKLM\SOFTWARE\Microsoft\MS Juan\s4#CDY HKLM\SOFTWARE\Microsoft\MS Juan\s4#CNT HKLM\SOFTWARE\Microsoft\MS Juan\se HKLM\SOFTWARE\Microsoft\MS Juan\se#LTM HKLM\SOFTWARE\Microsoft\MS Juan\se#CDY HKLM\SOFTWARE\Microsoft\MS Juan\se#CNT HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid HKLM\SOFTWARE\Microsoft\MS Track System#Shows HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKLM\Software\Microsoft\E4EA95E5 HKLM\Software\Microsoft\E4EA95E5#e4ea95e5 HKLM\Software\Microsoft\E4EA95E5#Version HKLM\Software\Microsoft\E4EA95E5#e4ea3865 HKLM\Software\Microsoft\E4EA95E5#e4ea5180 HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\CS41275 HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\FIAS4052N Trojan.Agent/Gen-Simple C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090217-223403-718.DLL C:\WINDOWS\SYSTEM32\IEIUWUUL.DLL C:\WINDOWS\SYSTEM32\LNNBZS.DLL Adware.Vundo Variant C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090217-223403-932.DLL Adware.Vundo/Variant-AdobeFake C:\WINDOWS\SYSTEM32\GNEWCYMG.DLL C:\WINDOWS\SYSTEM32\NXFVSBQO.DLL C:\WINDOWS\SYSTEM32\OOFUSK.DLL C:\WINDOWS\SYSTEM32\QRUDCRUU.DLL C:\WINDOWS\SYSTEM32\QYJHCGGN.DLL C:\WINDOWS\SYSTEM32\UKUROOUL.DLL Adware.Prun-A C:\WINDOWS\SYSTEM32\PRUNNET.EXE Trojan.Vundo-Variant/Packed-GEN C:\WINDOWS\SYSTEM32\RQRKASQQ.DLL Trace.Known Threat Sources C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\NHO4N2WQ\l.s.bg1z[1].gif C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\NHO4N2WQ\l.s.bg2z[1].gif C:\Documents and Settings\Wilkins\Local Settings\Temporary Internet Files\Content.IE5\A9BMGKKY\favicon[1].ico
  5. Ran my SAS pro came back clean. scanned again with avast found 1 infection a win32 trojan spy, scanned later with ad-aware found 4 win32 monder iu's, just for the hell of it I ran malwarebytes found Malwarebytes' Anti-Malware 1.34 Database version: 1830 Windows 5.1.2600 Service Pack 2 3/10/2009 12:40:28 AM mbam-log-2009-03-10 (00-40-28).txt Scan type: Full Scan (C:\|) Objects scanned: 107613 Time elapsed: 22 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Settings (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\rs.dat (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 01_47_58 PM_515.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 01_54_06 PM_781.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 12_31_27 PM_312.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 10 - 12_42_37 PM_062.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 11 - 06_59_33 PM_000.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Log\2009 Feb 17 - 08_24_50 PM_670.log (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilkins\Application Data\SmitFraudFixTool\Settings\ScanResults.pie (Rogue.SmitFraudFixTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. Why were these not found before?
  6. I dont even know why, but this time it is gone. just scanned this morning and nothing. I also run the ad-aware anniversary free edition but that seems to miss some things. although not bad for a secondary anti-virus. Would still like to know if this adaware.myweb thing is a serious threat just due to the fact that this thing seems to be everywhere.
  7. Was there ever a final solution to this Adware.mywebsearch/funwebproducts deal. Is this even a serious threat? comes up in my scans too. As long as it not a keylogger or some kind of hi-jacker I dont care, it does not seem to affect my machine. Would appreciate a heads up on how to get it out though. Constantly scan, check, and reboot, still there.
  • Create New...