Page 6 of 12 FirstFirst ...
4
5
6
7
8
... LastLast
  1. #101
    Would like some help ;

    Every once in a while when I usually open up a new page in Firefox, I will get a new tab that will take me to a "registry fix" website and I close it immediately. I'm thinking this is some kind of browser thing but for the life of me I cant find the problem of it. I've done quick scans with Avast /System Mechanic /Malwarebytes and full scans with each, and none of them show anything. If anyone can help that would be great
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  2. #102
    Yep, that definitely sounds like a browser hijack. You should focus on fixing those from the first post.
    Never going to log into this garbage forum again as long as calling obvious troll obvious troll is the easiest way to get banned.
    Trolling should be.

  3. #103
    Quote Originally Posted by Kyonni View Post
    Would like some help ;

    Every once in a while when I usually open up a new page in Firefox, I will get a new tab that will take me to a "registry fix" website and I close it immediately. I'm thinking this is some kind of browser thing but for the life of me I cant find the problem of it. I've done quick scans with Avast /System Mechanic /Malwarebytes and full scans with each, and none of them show anything. If anyone can help that would be great
    Once you've followed the entire guide, post an Hijackthis logfile
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  4. #104
    This is kinda big so heh I guess ; /
    Yeah I have both Kapersky and Malwarebytes running on for the sake of the scan
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:31:34 AM, on 10/25/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Josh\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
    C:\Program Files (x86)\n52te\razerhid.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    C:\Program Files (x86)\Razer\Lycosa\razertra.exe
    C:\Program Files (x86)\n52te\razertra.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
    O4 - HKLM\..\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Josh\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 9758 bytes
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  5. #105
    Have you rebooted after running MBAM? If not, do so before continueing.

    Have you still got Iolo antivirus? please remove it and keep Kaspersky if you do.
    Same counts for Authenticum Antivirus.

    What OS are you running? Vista or Win. 7? Do you know if it's 32-bit (x86) or 64-bit?
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  6. #106
    Quote Originally Posted by Kyonni View Post
    This is kinda big so heh I guess ; /
    Crapton of stuff there, but nothing is obviously wrong. I guess it takes around 5 minutes to boot your computer, having clean Windows install could be handy sometime soon

    Anyway, another possibility of web hijacks is the hosts file.

    Load c:\windows\system32/drivers/etc/hosts into notepad and copy&paste contents here. Note that the file has no extension, so you need to pick "all files" in notepad as the filetype to open.
    Never going to log into this garbage forum again as long as calling obvious troll obvious troll is the easiest way to get banned.
    Trolling should be.

  7. #107
    Question, how Can I load those files into notepad exactly?

    And Ive done a few more scans with only Kapersky, and its showing a file that could be a threat, I try to delete it /neutralize it and it doesnt really do anything
    Last edited by Kyonni; 2010-10-25 at 06:09 PM.
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  8. #108
    Quote Originally Posted by Magekíd View Post
    Have you rebooted after running MBAM? If not, do so before continueing.

    Have you still got Iolo antivirus? please remove it and keep Kaspersky if you do.
    Same counts for Authenticum Antivirus.

    What OS are you running? Vista or Win. 7? Do you know if it's 32-bit (x86) or 64-bit?
    Could you answer these questions/follow this advice?

    Also, it helps if you name the file it finds

    For the opening you just double click the hosts file, select the bottom options (choose a list of programs etc...) --> click on notepad --> open
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  9. #109
    I rebooted after running Malwarebytes

    Im running Windows 7 64 bit / Uninstalled Iolo and Authenticum (even tho I have no idea what this is)

    Also I opened the hosts file in notepad, and it showed some TCP/IP settings thing. Is this what Im looking for before I post it again?
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  10. #110
    Can you post the contents of the hosts file?
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  11. #111
    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  12. #112
    I believe the # shouldn't be there at 127.0.0.1 and ::1, however that shouldn't be the cause of your problems.

    Could you download and save this --> run it as administrator? it'll reset your hosts file back to default/normal.

    As for your other problem, can you check in the logfiles from MBAM what the name of the infection was?

    Secondly, could you download & Save this file on your desktop, and then run it as administrator as well? Please delete/quarantine any infections found. Also name the infections (or post the logfile) from SUPERAntiSpyware.

    - Logicaly
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  13. #113
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4342

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/27/2010 11:48:33 AM
    mbam-log-2010-10-27 (11-48-33).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 271594
    Time elapsed: 47 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Josh\AppData\Local\Temp\tmbyo.exe (Virus.Agent) -> Quarantined and deleted successfully.

    ---------- Post added 2010-10-27 at 12:06 PM ----------

    I also ran the Windows Fix it, and Im installing the other anti spyware right now
    Basically, my last guild leader was a wheel-chair bound Mexican who wanted to be Black, posted pictures of his dad claiming it was him, had the hots for his sister, created a fantasy in which his sister was his wife and that they had twin daughters together, and thought he was an FBI agent.

  14. #114
    Moderator Cilraaz's Avatar
    Join Date
    Feb 2009
    Location
    PA, USA
    Posts
    9,062
    Quote Originally Posted by Magekíd View Post
    I believe the # shouldn't be there at 127.0.0.1 and ::1, however that shouldn't be the cause of your problems.
    Actually, what was posted was a default hosts file.

  15. #115
    Quote Originally Posted by Cilraaz View Post
    Actually, what was posted was a default hosts file.
    You're correct, my bad. In <Win 7 it used to be like this:
    Code:
    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
    
    127.0.0.1       localhost
    ::1             localhost
    (http://support.microsoft.com/kb/972034 --> Let me fix it myself)


    Edit: @Kyonni, could you also PM me (or post here as hxxp://<site> instead of http:// so it's not clickable)) - best thing would be PM - the site you get redirected to?
    Last edited by Magekid; 2010-10-28 at 08:16 AM.
    Kami - Guild Wars 2 Elementalist - Desolation EU
    <Obey Gaming> - https://obeygaming.com/

  16. #116
    Moderator Cilraaz's Avatar
    Join Date
    Feb 2009
    Location
    PA, USA
    Posts
    9,062
    Quote Originally Posted by Hegrud View Post
    Test

    ---------- Post added 2010-10-29 at 09:15 PM ----------

    Test 2

    ---------- Post added 2010-10-29 at 09:16 PM ----------

    Test 2
    Umm, what exactly are we testing?

  17. #117
    Probably just testing how to build up his posts

  18. #118
    Dreadlord Kyocere's Avatar
    Join Date
    Oct 2009
    Location
    New Jersey
    Posts
    756
    Quote Originally Posted by Cilraaz View Post
    Umm, what exactly are we testing?
    He is testing your patience obviously.

  19. #119
    Moderator Cilraaz's Avatar
    Join Date
    Feb 2009
    Location
    PA, USA
    Posts
    9,062
    Quote Originally Posted by Kyocere View Post
    He is testing your patience obviously.
    Actually, I believe he was trying to spam to the link threshold, as 8 minutes after that, he tried posting a link in another thread.

  20. #120
    Field Marshal Vetronix's Avatar
    Join Date
    Dec 2010
    Location
    X Location
    Posts
    54
    guys , seriousily , ppls are looking for ; How To Clean Your PC of keyloggers because of th hackers , if its about wow than ffs get an autohenticator and u done [ idd it can be hacked too but very hard and you must be tricked to let them enter ur account while u have an autohenticator atached

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •