duhast04

Members
 View Profile  See their activity

  • Content Count

    20

  • Joined

  • Last visited

About duhast04

  • Rank
    Member
  1. duhast04
    Yep, I haven't had it since I moved those files to the Vault. Does it look like there is anything suspicious in my HJT log? Around the time this all started I began experiencing really long log-in times. After typing in the password and hitting OK it has taken up to a minute or more to reach the desktop. Sometimes less, 20-30 seconds. I turned off some programs using msconfig, but that hasn't seemed to have done anything.
  2. duhast04
    File/Folder C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP146\A0021381.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10092008_200211 HijackThis C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\W
  3. duhast04
    Just received a threat message from AVG File name: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP146\A0021381.exe Threat name: Trojan horse Downloader.Zlob_r.CM Detected on open. I selected Move to Vault Edit (7:15pm) - Another threat detected by AVG File name: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP147\A0021383.exe Threat name: Trojan horse Agent.ADFJ Detected on open. Again selected Move to Vault
  4. duhast04
    Hello sarahw I updated Java, ran ATF, and scanned with Kaspersky. Kaspersky didn't find anything and didn't give me a log file to copy/paste, even ran the scan twice to be sure and it didn't give a log either time.
  5. duhast04
    One of those fake anti-spyware programs installed itself on a PC and I want to make sure I got it all. I ran Malwarebytes Anti-Malware and it picked up the following: Malwarebytes' Anti-Malware 1.28 Database version: 1205 Windows 5.1.2600 Service Pack 3 9/25/2008 7:12:16 PM mbam-log-2008-09-25 (19-12-16).txt Scan type: Full Scan (C:\|) Objects scanned: 175625 Time elapsed: 52 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 7 Memory Processes
  6. duhast04
    Awesome! Thanks for all your help these last couple weeks, Monster!
  7. duhast04
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:55 AM, on 7/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Comm
  8. duhast04
    I ran the Fix as requested for Hijackthis, but the scan I did after running Kaspersky still shows those (file missing) entries. All the hits that Kaspersky found are items we have locked up in quarantine. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, July 25, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, July 25, 2008 17:18:29 Records in database: 1008024 -------------------------------------
  9. duhast04
    I just ran OTMoveIt again, but this time I added perfs.exe to the move list. Below is a new OTMoveIt log and a new Hijackthis log Explorer killed successfully C:\WINDOWS\system32\afinding.exe moved successfully. File/Folder C:\WINDOWS\system32\atpsck.exe not found. File/Folder C:\WINDOWS\system32\axtpsck.exe not found. File/Folder C:\WINDOWS\system32\cerwxfst.sys not found. C:\WINDOWS\system32\cexwxfst.sys moved successfully. File/Folder C:\WINDOWS\system32\mtsycod.sys not found. File/Folder C:\WINDOWS\system32\nftscpd.sys not found. File/Folder C:\WINDOWS\system32\Nobicyt.exe not found. File
  10. duhast04
    Update - This morning Nobicyt.exe tried to reinstall itself. AVG caught it and moved it to the vault. I checked his Task Manager and wserving.exe, afinding.exe, and routing.exe have reinstalled themselves. His AVG has also caught these programs trying to run: A0003611.exe A0003612.exe A0003613.exe Edit - The three A000361* programs have tried again to run themselves after the steps I took below.
  11. duhast04
    Since running the last program he has been unable to access many web pages. He can get to some, like his favorite football team, but Yahoo, Myspace, BestTechie, Google, ect, give error messages. "Page cannot be displayed" or "Invalid syntax error". Did one of these nasties screw with his browser before getting nailed by OTMoveIt? He uses the net as part of his job duties, so he's kind of stuck without full access Edit - We got it fixed. Ran 'regsvr32 urlmon.dll' and it fixed everything. Must have gotten pointed in the wrong direction after the move this morning?
  12. duhast04
    Cool, I thought I was doing something wrong with that program. Here is the OTMoveIt log and a new Hijackthis log. Unless I'm overlooking something, it appears that perfs.exe is the only one left of the original baddies. Explorer killed successfully C:\WINDOWS\system32\afinding.exe moved successfully. File/Folder C:\WINDOWS\system32\atpsck.exe not found. C:\WINDOWS\system32\axtpsck.exe moved successfully. C:\WINDOWS\system32\cerwxfst.sys moved successfully. C:\WINDOWS\system32\cexwxfst.sys moved successfully. File/Folder C:\WINDOWS\system32\mtsycod.sys not found. C:\WINDOWS\system32\nftscpd.sy
  13. duhast04
    I'm not sure this worked right. When I ran the program it said "File Not Found" three times, rebooted, then said "File Not Found" again. Program didn't put a folder on the desktop or anywhere else that I could find. Searched for fix.bat, but it didn't appear on the computer. Tried it several times with the same results. WIN32DELFKIL LOGFILE - by Marckie version 3.131 Mon 07/21/2008 12:28:12.18 running from: "C:\Documents and Settings\smiller\Desktop" --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskScheduler key --
  14. duhast04
    Second Kaspersky scan -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, July 18, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, July 18, 2008 18:38:45 Records in database: 969432 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\
  15. duhast04
    After 5pm EST today I won't be able to work on his computer until Monday. So I took the libery of running some extra scans to try and kill these things. First I tried Spyware Doctor, it claimed to have cleaned out some items, but after I ran another Kaspersky there appears to be much left on the system. I also ran Superantispyware, but it found nothing. Spyware Doctor PC Tools Spyware Doctor Date Status 7/18/2008 1:27:33 PM:440 Service Started Spyware Doctor Service Application started 7/18/2008 1:27:34 PM:128 OnGuard Detection Quarantined Threat Name - Trojan-Downloader.Delf.DDI Type