cybertech
Last Activity:
Aug 27, 2015 at 5:03 PM
Joined:
Apr 16, 2002
Messages:
69,441
Likes Received:
0
Trophy Points:
46
Location:
USA
Occupation:
system administrator

cybertech

Moderator, from USA

Moderator
cybertech was last seen:
Aug 27, 2015 at 5:03 PM
    1. thehourglass2
      thehourglass2
      Hi cybertech, ive noticed you were successful in helping a few needy people on the forums and i recently got a malware im assuming on my laptop. I followed the advice of a few forums and downloaded hijackthis to view my log, here it is, any time or advice is greatly appreciated

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
      F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
      O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
      O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
      O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
      O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
      O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
      O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
      O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {45D85564-3924-420A-9DBC-677A9E4261A2} - C:\WINDOWS\system32\qoMdCurP.dll
      O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
      O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
      O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
      O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
      O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
      O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
      O2 - BHO: gooochi browser optimizer - {b244b8c8-8667-1e4e-32b5-3d70b0601cf9} - C:\WINDOWS\system32\{77162e6b-bc5a-3bf4-aaa0-83d42bc166cd}.dll
      O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
      O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
      O2 - BHO: {aa0535cd-d453-2b69-9b04-b4b55079cc3c} - {c3cc9705-5b4b-40b9-96b2-354ddc5350aa} - C:\WINDOWS\system32\jrhrftxw.dll
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
      O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
      O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
      O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
      O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
      O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
      O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
      O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O4 - HKLM\..\Run: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
      O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: C:\WINDOWS\system32\ctfmona.exe
      O4 - HKLM\..\Run: C:\windows\system32\rwwnw64d.exe DWram
      O4 - HKLM\..\Run: "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
      O4 - HKLM\..\Run: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77162e6b-bc5a-3bf4-aaa0-83d42bc166cd}.dll" DllInit
      O4 - HKLM\..\Run: C:\WINDOWS\system32\mcnttkdm.exe DWram
      O4 - HKLM\..\Run: C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
      O4 - HKCU\..\Run: "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
      O4 - HKCU\..\Run: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
      O4 - HKCU\..\Run: "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: "C:\PROGRA~1\PPPATC~1\tracert.exe" -vt yazb
      O4 - HKCU\..\Run: C:\WINDOWS\?icrosoft.NET\n?lookup.exe
      O4 - HKCU\..\Run: "C:\Program Files\QdrModule\QdrModule16.exe"
      O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcnttkdm.exe
      O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: efcDWqOH - C:\WINDOWS\SYSTEM32\efcDWqOH.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe

      --
      End of file - 12638 bytes
    2. GGMarquez100
      GGMarquez100
      Hey. I hope I didn't screw up anything by trying to figure HJT logs while you were trying to help me. Will you still take a minute to reply to my last post? Thanks.
    3. bw1355
      bw1355
      Hello,
      I posted a help request a couple of days ago: Trojan.2nd-thought_com/TrojanDownloader.xs

      While waiting on assistance it seems as though the problem is getting worse. The frequency of the numerous popups has increased. Although I disabled IE in hopes that that specific problem would cease until this is resolved, the virus keeps enabling it and yesterday it opened over 50 windows in IE at once (I was browsing my bookmarks at the time.) Since that has happened I am now getting not only the bogus security warning website but now it is opening porn and credit card websites in IE while I am using Firefox. It seems to be phishing for my personal data in hopes that I will give it to them in exchange for their "fix". I would be most grateful if you could check into this for me and perhaps assist me in restoring peace and normalcy. Thank you.
    4. money2120
      money2120
      You really helped me last time and I need your help again with my desktop..I just made a post today. I have these bugs crawling on my screen as like a screen saver...its crazy.
    5. vash1987
      vash1987
      Hey buddy, I wanted to say TY for looking at my thread and explaining what to do, I went ahead and put the logs on, Wanted to say Ty.
    6. alugardo
      alugardo
      Hey Cybertech I have seen some things off of google that show to me that you are pretty knowledgeable on repairing virus issues. I have AVG and its been about 3 days that its been bugging me with some Trojan horse Generic 10UDV and VQB. I read somewhere about using Malwarebytes to run a scan from you and I did that. It found Vundo on the computer. Earlier today I read something about Vundo and amvo so now. heres the log I recieved after I ran Malware and it removed the issues. Please Contact me here or preferrably at [email protected] oh yea I have windows vista, to me knowing that makes a big difference because of the different op systems.

      Malwarebytes' Anti-Malware 1.12
      Database version: 738

      Scan type: Quick Scan
      Objects scanned: 31568
      Time elapsed: 2 minute(s), 42 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 4
      Registry Values Infected: 4
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 3

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3ab16c84 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM39825f18 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\Users\Lugardo\AppData\Local\Temp\ljJCrPHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\Lugardo\AppData\Local\Temp\inssivqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\Lugardo\AppData\Local\Temp\rhggtxgx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    7. con0627
      con0627
      hello
      sorry it took so long to get back to ya the kid of mine, got himself a nasty bug that won't go away.....
      could you give me a hand in gettin rid of it...
      i did what i know but was not enough...

      thanks in advance for any help you can give!!!
    8. JConner
      JConner
      We are having SOO many problems that we ended up restoring the system to a month ago. I am going to have a professional come in and fix this silly thing! What do you think?
    9. JConner
      JConner
      Thanks for your help. I am a dummy at this! I REALLY appreciate it! Now I have another problem- Windows Defender! Any suggestions?
  • Loading...
  • Loading...
  • About

    Location:
    USA
    Occupation:
    system administrator