Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I got the Dr Watson Post Mortem Debugger


  • Please log in to reply

#1
CestLaVie

CestLaVie

    Member

  • Member
  • PipPip
  • 86 posts
My Computer wont let me click on control panel and acess windows explorer to even do what you advise me to do on those "please read through the intructions before you start". I havent installed anything accept i already have Ad-Ware SE Personal. I read through the instructions like i was told and checked everything to be ok before i started and i noticed that i cant even go to my computer to acess windows explorer so that where i'm stuck. and my next problem is where can i find this thing that you can run " Hijack " with. Thank you for listening and i hope you could really help me cause i really dont know what im doing.
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Josh and welcome,
Please see this Topic
You can find HJT in that topic,
Post back a log to this thread please,
  • 0

#3
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hi i really dont know where to start like about how to submit a highjack this log can you please help me on guiding me through this it would really healp alot thank you I will be awating your reply.
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Once you have scaned your computer with HJT, click save log, Should be saved to the same folder HJT is downloaded in,
It should open in notebook right click inside the log, click copy, Then come back here click Add Reply> Right click inside it and click paste, Next Click Add Reply,
Should be as easy at that,
  • 0

#5
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
:tazz: Just before i start do you think i should do all this because my Viris Protection thingy reads things to me like it just found blah blah blah and then it said its been erased. but i also am infected with alot of virises like backdoor-BDD and a whole bunch more do you think i should just restart my whole computer like reinstall my whole computer? please tell me what to do thank you.
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please post your HJT log so we can get a look at it, Hartd to determine what action to take without seeing it,

Thanks
Don

Edited by don77, 30 March 2005 - 05:27 AM.

  • 0

#7
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ahhh i see thanks and here is your Hijack this log
Thank you for telling me



Logfile of HijackThis v1.99.1
Scan saved at 9:38:08 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


I hope this will help



Thanks agian,
Josh
  • 0

#8
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Oh and one more thing i forgot to tell you i Cant go into my computer or my documents or windows explorer. and i did the whole scanning thing from ad-ware all the way to spyware search and destroy. I did all of them except for Step Three: Windows update i dont know what it is and i think i have what its asking cause i got a windows XP home edition with a reinstalling disk and i read something like SP1 so i dont know about that subject and then theres step two virises: that i installed the TDS-3.... quick scanned and got one trojan but i didnt know what to do with it so i just exed out of the program and then i moved onto rebooting and then i posted this Hijack Log which i dont think all the virises are gone. Well just wanted to tell you just in case.

Thanks alot
  • 0

#9
jjblyn33

jjblyn33

    New Member

  • Member
  • Pip
  • 5 posts
i need help i got da same problem i cant go to my pictures my documents and control panel when i click to it it says dr watson debugger. i need help please someome please help me. thank you
  • 0

#10
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

To avoid confusion, do not post your question in someone else's topic.

jjblyn33 please do not hijack other peoples threads, it's very confusing, and since you've done it mulitiple times -- rude. Please stick to your original post and wait for a reply.
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi again Josh,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll <-- Delete Folder
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm <-- Delete Folder
C:\Program Files\AWS\WeatherBug\Weather.exe <-- Delete Folder

Restart your computer,

Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log.
  • 0

#12
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hey Don


I have encountered a problem

Hi again Josh,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

;) AND HERE IS THE PROBLEM :tazz:

i did go to reboot in safe mode and in the hidden folders but when i went to go search out theses things i didnt find them just maybe a folder of them but just not the same adress of the files below. so i didnt touch it and came to ask you what to do i mean it looks like the Hijack thingy deleted them already. Well thanks for your help and i will wait for your call


Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll <-- Delete Folder
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm <-- Delete Folder
C:\Program Files\AWS\WeatherBug\Weather.exe <-- Delete Folder

Restart your computer,

Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log.
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
If you find a folder by the name of the following
WildTangent
Ebates_MoeMoneyMaker
WeatherBug

Please delete them,
Next
Please run the 2 online virus scans and post back what they find please
  • 0

#14
CestLaVie

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Alright

And here are the reports ................


From House Call's scan


Results:
We have detected 5 infected file(s) with 5 virus(es) on your computer.

Detected File Associated Virus Name
C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\perfectnavUninstall.exe TROJ_KEENVALUE.B
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP142\A0322652.exe TROJ_DLOADER.DH
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP148\A0323178.dll TROJ_AGENT.JS
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP153\A0325000.exe TROJ_AGENT.AE
C:\WINDOWS\farmmext.exe.bak TROJ_DLOADER.DH



What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. Results:
We have detected 74 spyware(s) on your computer.

Spyware Name Spyware Type
ADW_MIWAY.A Adware
ADW_SECTHOUGHT.A Adware
COOKIE_45 Cookie
COOKIE_169 Cookie
COOKIE_193 Cookie
COOKIE_211 Cookie
COOKIE_222 Cookie
COOKIE_252 Cookie
COOKIE_346 Cookie
COOKIE_407 Cookie
COOKIE_408 Cookie
COOKIE_442 Cookie
COOKIE_478 Cookie
COOKIE_534 Cookie
COOKIE_650 Cookie
COOKIE_741 Cookie
COOKIE_756 Cookie
COOKIE_809 Cookie
COOKIE_968 Cookie
COOKIE_1144 Cookie
COOKIE_1236 Cookie
COOKIE_1255 Cookie
COOKIE_1314 Cookie
COOKIE_1346 Cookie
COOKIE_1362 Cookie
COOKIE_1375 Cookie
COOKIE_1504 Cookie
COOKIE_1543 Cookie
COOKIE_1570 Cookie
COOKIE_1661 Cookie
COOKIE_1678 Cookie
COOKIE_1698 Cookie
COOKIE_1701 Cookie
COOKIE_1738 Cookie
COOKIE_2077 Cookie
COOKIE_2081 Cookie
COOKIE_2089 Cookie
COOKIE_2100 Cookie
COOKIE_2157 Cookie
COOKIE_2216 Cookie
COOKIE_2275 Cookie
COOKIE_2376 Cookie
COOKIE_2411 Cookie
COOKIE_2513 Cookie
COOKIE_2631 Cookie
COOKIE_2639 Cookie
COOKIE_2676 Cookie
COOKIE_2842 Cookie
COOKIE_2921 Cookie
COOKIE_2991 Cookie
COOKIE_2996 Cookie
COOKIE_3004 Cookie
COOKIE_3018 Cookie
COOKIE_3036 Cookie
COOKIE_3081 Cookie
COOKIE_3117 Cookie
SPYW_PPNETWORK.A Spyware
COOKIE_3182 Cookie
COOKIE_3183 Cookie
COOKIE_3184 Cookie
COOKIE_3185 Cookie
COOKIE_3186 Cookie
COOKIE_3188 Cookie
COOKIE_3196 Cookie
COOKIE_3201 Cookie
SPYW_PPNETWORK.B Spyware
COOKIE_6853 Cookie
COOKIE_6855 Cookie
COOKIE_3235 Cookie
COOKIE_3237 Cookie
COOKIE_3238 Cookie
ADW_TREBATES Adware
ADW_MYSPEED.A Adware
SPYW_PYNIX.A Spyware

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. Results:
We have detected 1 vulnerability/vulnerabilities on your computer.

Risk Level Issue How to Fix
Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected.





FROM Activescan i got ............

Incident Status Location

Adware:Adware/Gator No disinfected C:\DOCUME~1\JOSHNG~1\LOCALS~1\Temp\bundle.inf
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNRD.dll
Spyware:Spyware/LocalNRD No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNrd.inf
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\p2psetup.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\pynix.cab[Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\Pynix.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Paul Nguyen\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\I386\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\I386\localNrd.inf
Adware:Adware/Twain-Tech No disinfected C:\I386\twaintec.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe.bak
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\dlmax.inf
Virus:Trj/Downloader.GK Disinfected C:\WINDOWS\INF\polall1r.inf
Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl



Hope this will help
Thank you
Josh
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Josh,
Go Here download and install Cleanup!
Open the program click on Cleanup and let it do it's thingwhen asked to rebnoot do so,

Next reboot to safe mode again please now I need you to search for and delete the following files highlighted in Bold or folders highlighted in Red

Adware:Adware/Gator No disinfected C:\DOCUME~1\JOSHNG~1\LOCALS~1\Temp\bundle.inf
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys

Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNRD.dll
Spyware:Spyware/LocalNRD No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\localNrd.inf
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\p2psetup.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\pynix.cab[Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\Pynix.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Paul Nguyen\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\I386\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\I386\localNrd.inf
Adware:Adware/Twain-Tech No disinfected C:\I386\twaintec.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe.bak
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\dlmax.inf
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl


Restart your computer,
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Run a scan with Ad-aware Restart your computer,

Run another scan with TrendMicro and Active scan

Post back how you make out please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP