nycste

its not much but just sharing more info. SUPERAntiSpyware Scan Log [L=http://www.superantispyware.com]http://www.superantispyware.com[/L] Generated 09/07/2007 at 01:59 AM Application Version : 3.9.1008 Core Rules Database Version : 3301 Trace Rules Database Version: 1307 Scan type : Custom Scan Total Scan Time : 00:59:18 Memory items scanned : 518 Memory threats detected : 0 Registry items scanned : 5311 Registry threats detected : 25 File items scanned : 31672 File threats detected : 1 Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance i checked out the location of file C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS and it was last modified 8/24 way before i believe any infection happened which was 1/3days ago from a keygen. according to the program it says this Detected Item Description and Information Listed below is basic information about the detected application/process. This application may not be safe to have on your system. Summary : Unclassified.Oreans32.Process Company : Unknown Description : Unclassified.Oreans32 may be used for legitimate applications, but also for spyware - if you have this on your system, and you have another spyware infection, this is likley bad. Threat Level (1-10) : 6 Processes : OREANS32.SYS soo idk if oreans32 is good or bad. but thats all that the scanners found. ran 3 new things and only this came up and fsecure online scan found something in my data folder not sure what it removed my firefox was messed up from that scan.

just updating this thread since no one here seems to care. Originally posted by: mechBgon Generally you'd start the program and then go to its Reports or Logs or whatever, and it would list them. visual example The info you gave there indicates Trojans, which is not very surprising. People might run a Trojan and infect their own computer (infected warez, music files or video files containing exploits, etc), and that's up to them to wise up and stop being gullible idiots. Exploits can also hit you with Trojans, and they are preventible/containable --> http://www.mechbgon.com/build/security2.html At this point, you have your options. Fight your way forward, System-Restore your way back, or burn it to the ground and start over. If you are patient and can follow instructions exactly, then the CastleCops.com HijackThis forum has experts who would get you cleaned up, but it can be a lengthy process and requires restraint and self-discipline on your part to NOT go willy-nilly doing stuff they didn't tell you. im glad your here and solving issues like this are really exciting for me. wow that sounded corny but yea its true. thanks for spending time trying to help you are helping and im learning about new sites and programs that help. 1. currently im running online fsecure test. 2. downloaded and installing -Comodo BOClean Anti-Malware_4.25.exe -AVG Anti-Spyware 7.5-7.5.1.43.exe -avast! Virus Cleaner - free virus removal tool v1.0.211, built on 11.5.2007.exe -SUPERAntiSpyware Version 3.9.1008 .exe 3. gonna install them all figure them out and run them. 4. im pretty sure im cleaned up but my issues remain soo maybe im not fully clean. thanks for you help. ill keep this thread updated. and am interested in castlecops site.

ok out of the listed programs i use regularly can anyone point me to the file or log im trying to find. i just went through everyfolder i could find unless they are system protected i only found that a2 log posted above which actually a2 found most of my issues i was proud of the free program. Antivir AVG Claimwin symantec corp av adaware se (used to use newest one but annoying processes made me go back) regscrubxp rogueremover spyware terminator wise disk cleaner wise registry cleaner a2 anti dialer a2 free a2 hijackfree spybot search and destroy free window registry repair crap cleaner where could i find the files i checked everything in windows, program files, all the user files, admin etc. unless they hidden or something lots of them were dat files or something no idea how to read those.

finnally found something usefull going through all my log files on entire computer. a-squared Free - Version 3.0 Last update: 6/12/2007 7:47:10 PM Scan settings: Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files Scan archives: On Heuristics: On ADS Scan: On Scan start: 9/5/2007 4:26:16 AM c:\windows\system32\syscfg32.exe detected: Trace.File.Sbot Value: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight Value: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight C:\WINDOWS\sysmngt\admin.exe detected: Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\install.exe detected: Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\nzm.exe detected: Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\preinstall.exe detected: Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\sysmngt.exe detected: Riskware.Server-FTP.Win32.Serv-U.6105 C:\WINDOWS\system32\syscfg32.exe detected: Trojan.Win32.Agent.awz C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.a Scanned Files: 32259 Traces: 135708 Cookies: 1 Processes: 15 Found Files: 7 Traces: 5 Cookies: 0 Processes: 0 Registry keys: 0 Scan end: 9/5/2007 5:02:27 AM Scan time: 12:36:11 AM C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Quarantined Riskware.AdTool.Win32.MyWebSearch.a C:\WINDOWS\sysmngt\sysmngt.exe Quarantined Riskware.Server-FTP.Win32.Serv-U.6105 C:\WINDOWS\sysmngt\admin.exe Quarantined Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\install.exe Quarantined Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\nzm.exe Quarantined Trojan.Win32.Agent.awz C:\WINDOWS\sysmngt\preinstall.exe Quarantined Trojan.Win32.Agent.awz C:\WINDOWS\system32\syscfg32.exe Quarantined Trojan.Win32.Agent.awz Value: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight Value: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight c:\windows\system32\syscfg32.exe Quarantined Trace.File.Sbot Quarantined Files: 7 Traces: 5 Cookies: 0

Originally posted by: mechBgon 1) Give us the precise names of the viruses/trojans/things. Your antivirus logs should say. Paste it in here. If you can pin down the site that the infection might've come from, send me a PM or paste it here in non-clickable form, for example: hXXp://www.mechbgon(DOT)com 2) If you want to go forward with the fight against the malware, follow all the instructions on this page. My advice would also include removing AVG Free Edition and installing a 30-day trial version of Kaspersky AntiVirus 7, then going through all the settings and maxing out everything, including the heuristics, and then updating and doing a full scan, including the rootkit scan. 3) If you want to go backward, then use System Restore to "go back in time" to before the attack. 4) If you want to do what is absolutely guaranteed to work, back up your data safely, then make a DBAN CD-ROM, unplug all drives except your boot drive, DBAN it, then reinstall Windows while taking security precautions (scroll halfway down that page). After finishing, absolutely do not run any infectable filetypes from your old files. DO scan them with a bunch of online virus scanners to try to reduce the chance there's bad things left in them. just wanted to say thanks for your reply im reading stuff now. i have actually removed the AV program i was using when i got infected. here is a list of all the programs i use whenever i think i have a problem. Antivir AVG Claimwin symantec corp av adaware se (used to use newest one but annoying processes made me go back) regscrubxp rogueremover spyware terminator wise disk cleaner wise registry cleaner a2 anti dialer a2 free a2 hijackfree spybot search and destroy free window registry repair crap cleaner ok thats my list of programs i run weekly. maybe im a clean freak haha. in response to you. 1. ill try and list everything i can find in any log files. some of them i cant read. as posted in beginning of this thread these are the things i know popped up. sysmngt.exe remacc radmin r_server.exe c:/windows/system32 trojan horse instsvc.exe c/windows/sysmngt msn something.exe in system32 folder i think 2. intersting advice to remove avg run tiral program and scan everything. ill prob try this maybe not tonight though. great idea. -and reading everything on that site and finding all and more free scanner programs i know there are a few more i ran that i didnt list like cwshredder and avast tool and stuff 3. system restore on my computers are always turned off instantly. is this bad i dont know ive never had a problem. i usually reformat if i really run into a problem. 4. alittle confused on that dban thing ill reread it. i have my harddrives partitioned and only 2 sections might be at risk if at all anymore. -due to all my cleaning of the computer with all above mentioned programs nothing shows up as infected or issues anymore. but im still left with my 3 broken things. thanks for respodning ill try and track more stuff down.

still no one can offer any help. noticed a third issue. 1. title bars on all folders are missing the words the aka abilty to actually change stuff i think called title bar here is a pick there are 4 things circled in red to show what my known problems ARE. 2. start button wont do anything. when clicked it changes color and does nothing. hitting the windows buttomon keyboard does nothing either 3. that little >> thing at bottom right of screen on taskbar quciklaunch doesnt work either even though there are programs hidden there. looking for some advice or at least where better to post this question and problem. -again this happened because i was hit wiht 2 diff types of virus/trojan/things which i believe to be fully removed.

bumping this to make others aware of new GAIM. also. why does this program use sooo much ram compared to all other chat programs i use. file sharing and stuff still isnt just as good as AIM. i use old aim 5.5 something with deadaim. havent tried new one yet

gahh this didnt work first try. i found another similiar file which i just ran and gonna reboot. so again summary of my issue. i had some bugs affect my system and i cleaned them all out. during this process whether the bugs did it or me cleaning out my system with several programs my start button on computer and keyboard does nothing. also the arrow sign thing on my quicktasks on the bottom taskbar. i click on them they change color thats it. nothing else happens cant seem to find much online either ive been checking

But i did find this. on lockergnome Copy the lines below into a file named 'IEReg.bat' and double click it to run it. This will reregister some DLLs for IE and the operating system. Restart for effect. -------------------------------- regsvr32 comcat.dll /s regsvr32 shdoc401.dll /s regsvr32 shdoc401.dll /i /s regsvr32 asctrls.ocx /s regsvr32 oleaut32.dll /s regsvr32 shdocvw.dll /I /s regsvr32 shdocvw.dll /s regsvr32 browseui.dll /s regsvr32 browseui.dll /I /s regsvr32 msrating.dll /s regsvr32 mlang.dll /s regsvr32 hlink.dll /s regsvr32 mshtmled.dll /s regsvr32 urlmon.dll /s regsvr32 plugin.ocx /s regsvr32 sendmail.dll /s regsvr32 scrobj.dll /s regsvr32 mmefxe.ocx /s regsvr32 corpol.dll /s regsvr32 jscript.dll /s regsvr32 msxml.dll /s regsvr32 imgutil.dll /s regsvr32 thumbvw.dll /s regsvr32 cryptext.dll /s regsvr32 rsabase.dll /s regsvr32 inseng.dll /s regsvr32 iesetup.dll /i /s regsvr32 cryptdlg.dll /s regsvr32 actxprxy.dll /s regsvr32 dispex.dll /s regsvr32 occache.dll /s regsvr32 occache.dll /i /s regsvr32 iepeers.dll /s regsvr32 urlmon.dll /i /s regsvr32 cdfview.dll /s regsvr32 webcheck.dll /s regsvr32 mobsync.dll /s regsvr32 pngfilt.dll /s regsvr32 licmgr10.dll /s regsvr32 icmfilter.dll /s regsvr32 hhctrl.ocx /s regsvr32 inetcfg.dll /s regsvr32 tdc.ocx /s regsvr32 MSR2C.DLL /s regsvr32 msident.dll /s regsvr32 msieftp.dll /s regsvr32 xmsconf.ocx /s regsvr32 ils.dll /s regsvr32 msoeacct.dll /s regsvr32 inetcomm.dll /s regsvr32 msdxm.ocx /s regsvr32 dxmasf.dll /s regsvr32 l3codecx.ax /s regsvr32 acelpdec.ax /s regsvr32 mpg4ds32.ax /s regsvr32 voxmsdec.ax /s regsvr32 danim.dll /s regsvr32 Daxctle.ocx /s regsvr32 lmrt.dll /s regsvr32 datime.dll /s regsvr32 dxtrans.dll /s regsvr32 dxtmsft.dll /s regsvr32 WEBPOST.DLL /s regsvr32 WPWIZDLL.DLL /s regsvr32 POSTWPP.DLL /s regsvr32 CRSWPP.DLL /s regsvr32 FTPWPP.DLL /s regsvr32 FPWPP.DLL /s regsvr32 wshom.ocx /s regsvr32 wshext.dll /s regsvr32 vbscript.dll /s regsvr32 scrrun.dll mstinit.exe /setup /s regsvr32 msnsspc.dll /SspcCreateSspiReg /s regsvr32 msapsspc.dll /SspcCreateSspiReg /s exit -------------------------------- -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect

thanks a ton gonna check this out now. humm that link isnt good. seems that thread is deleted or moved somewhere gonna see if i can find it

atleast your from NY and NY is kewl. from nyc here. 50views and only you respoonding bAH

yea tried this for the heck of it. didnt work.

anyone got any ideas lots of peeps reading or at least point me in some direction to read more about

hi all. last night i got hit with some kinda virus worn spyware thing and my AV picked it up right away so i went into safemode and cleaned everything up ran all my cleaning programs and believe the issue to be gone. the issue was called. sysmngt.exe remacc radmin r_server.exe c:/windows/system32 trojan horse instsvc.exe c/windows/sysmngt edit. just noticed the **** thing also shared the folder that the original problem file was found in a key g e n. i think. so the program made that folder shared on my network and full access to those files i just noticed that deleted it all. i rebooted into xp like normal and for some reason 3 things ive noticed so far have changed or stopped working. start menu doesnt do anything now. whether it be clicking it or hitting key on keyboard. it just blinks when clicked. i use quicklaunch and for some reason the extra programs that dont fit on the line that little >> thingy doesnt work. it doesnt show me my extra programs to use. and lastly humm think i forgot lastly. maybe only 2 issues. looking for any help.

is it also a good idea or not a good idea to run 1-4 runs of ultradefrag at once since it takes up so little resources it wouldnt bottle your computer up but it might be really ill advised to run it on all harddrives at once right? since you have the option too unlike built in windows xp defrag can only do one thing at a time i also just realised ive been using an older version 1.54 and just found the new one 1.64 i think edit. just wanted to mention its taking over 3 hours so far maybe more to do a consolidate on my data drive of 200+gbs. its still only at 28 percent its using like 5mb total of ram it says and like no CPU. WTF why cant it use 100cpu and finish the job already

thanks for a quick response. any other details you could add or mention? ill run consolidate on all drives. and then just do auto for now on optimum not sure what that is but ill look right now. i do update uninstall reinstall small programs often trying new stuff out ya know. always looking for free or opensource programs which get updated a lot and are easy to use

so i installed ultimate defrag. i like it so far. not sure if its fast or slow or whatever but its clearly impressive with its features. ive used diskeeper and perfectdisk in past but dont remmeber much about them. my question is. with ultimatedefrag (UD) how often and what settings to you recommend i read the pdf help file and got some advice but wanted it from real people. pictures of your settings would be great as well. i did an Auto scan on all my drives before and then did consolidate on Cdrive and it took a while for sure only like 15mins but thats long for so how often do i defrag and what setting is best for me. i play some games and no important files on C drive persay that i need to speedup id just like to keep used files on faster section of hdd if possible since that makes sense about being faster seek and read times and stuff compared to if they were stuck in the inside ring or so. ill stop blabbing here but any help would be great. i enabled respect high performance on conslidate and folder/file name but not fully sure what that does. recency settings seems default for some reason has oldest data most outer track. (doesnt this not make sense shouldnt it be inner?) anyways hope to see some feedback from UD users thansk.

hello everyone i did a new RVMUpdatePack2.0.3.cab and made a cd with nlite using settings i knew did not give me any issues i then made a test cd and used vmware to install it and no errors or problems detected "Last_Session__2006.02.25_14.47.17_.ini" so next step was to intergrate my drivers for my main system "Last_Session.ini" using nlite i got this error http://img104.imageshack.us/my.php?image=untitled0ne.jpg now the only thing i did was unclick load previous settings i believe that is what its called... i then unclicked all the checked boxes in the steps of what to do and clicked intergrate drivers and make iso then went ahead and did so that error came up.... but nlite still finished... i then clicked ok... and nlite shutdown i havent tested this cd that i made but i first wanted to let you guys know what i did and hope for some advice as to what went wrong i did some searching for the "R6025 -pure virtual function call" issue and several pages came up but none seemed to give answers or help -thanks ok i just went back to the cd i made in ref one upthere i then made a test cd and used vmware to install it and no errors or problems detected "Last_Session__2006.02.25_14.47.17_.ini" did step 2 again but i included previous settings (last time i unclicked it) and everything worked fine "Last_Session.ini" no errors and made the cd... test it on extra hdd within next day or so hoping for the best Last_Session__2006.02.25_14.47.17_.ini Last_Session.ini Last_Session.ini