Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - monkey410

Pages: [1]

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk

« on: May 16, 2005, 11:19:03 AM »

well i did everything u said, and got most of the problems but

i still can't get rid of this

O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

everytime i delete it with Hijackthis it comes right back

Logfile of HijackThis v1.99.1
Scan saved at 11:16:33 AM, on 5/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\program files\powerstrip\pstrip.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\AGRSMMSG.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\AIM95\aim.exe
F:\shen\games\sierra\steam.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Shen\Killhax\HJk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "f:\shen\games\sierra\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk

« on: May 11, 2005, 12:39:52 PM »

File E:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "XXXToolbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BlazeFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "MyBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Wind Updates Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "webrebates Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kazaa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kazaa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "pynix Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\NDNuninstall4_85.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\System32\k404SearchSetup_MS14.exe infected by "not-a-virus:AdWare.ToolBar.404Search.a" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\System32\MegasearchBarSetup.dll infected by "not-a-virus:AdWare.F1Organizer.n" Virus. Action Taken: No Action Taken.

this is what i got from running escan
this seems like alot of work, i'll definatly donate some $$
File E:\WINDOWS\System32\SHAgentNew.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\DrTemp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\THI8E4.tmp\pynix.cab infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File E:\DOCUME~1\SHENLI~1\LOCALS~1\Temp\THI8E4.tmp\Pynix.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\DrTemp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\THI8E4.tmp\pynix.cab infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File E:\Documents and Settings\Shen Liang\Local Settings\Temp\THI8E4.tmp\Pynix.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File E:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\Shen(more mp3s and CS1.5)\SIERRA15\half-life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File E:\WINDOWS\Downloaded Program Files\megasear.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.a" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\Downloaded Program Files\OTXMedia.dll infected by "not-a-virus:AdWare.OTX.a" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\LastGood\Pynix.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\NDNuninstall4_85.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\system32\k404SearchSetup_MS14.exe infected by "not-a-virus:AdWare.ToolBar.404Search.a" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\system32\MegasearchBarSetup.dll infected by "not-a-virus:AdWare.F1Organizer.n" Virus. Action Taken: No Action Taken.
File E:\WINDOWS\system32\SHAgentNew.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
File F:\Program Files\DivX\DivX Player 2.1\uninstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\Program Files\highjack\backup-20041022-055314-771.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.a" Virus. Action Taken: No Action Taken.
File F:\Program Files\Kazaa\My Shared Folder\Game Full Lemonade Tycoon.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\Shen\DCdl\Tools\Lemonade_EN_BRO_1.0.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\Shen\DCdl\Tools\pod25ins.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\Shen\DCdl\Tools\SysReset 2.53 with mIRC 6.12.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File F:\Shen\Games\SIERRA\half-life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File F:\sysreset\IRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk

« on: May 11, 2005, 10:33:10 AM »

basically i have a [censored] load of virus/trojans on my computer, i have been battling them for a long time and used alot of softwares/anti virus stuff. But it just happens that after i kill them they keep coming back, please help me out!!!

currently this is a fresh hijackthis log of my machine after i just cheaned the HD,Registry and startup of winjes and farmmext.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:20 AM, on 5/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\program files\powerstrip\pstrip.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\AIM95\aim.exe
F:\shen\games\sierra\steam.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Mozilla Firefox\firefox.exe
F:\Shen\HJk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - E:\WINDOWS\Pynix.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ViewMgr] E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "f:\shen\games\sierra\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://gozing.skilljam.com/ssp/SSP.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/w...OCX/FlashAX.cab
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - E:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - monkey410

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk

Tech Clinic / msdirectx.sys, farmmext, winjes, kkrjuk