Home > General > Pancolp.com


bricat View Public Profile Send a private message to bricat Find all posts by bricat #9 04-12-08, 08:44 blueshuki Newbie Join Date: Dec 2008 Posts: 9 Re: pop NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Press the OK button to close that box and continue. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\risumega.dll -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yedibufo.dll.tmp (Trojan.Vundo) -> Delete on reboot. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Now you should Set a New Restore Point to prevent possible reinfection from an old one. http://www.pancolp.com/

It will return when ComboFix is done. Page 1 of 2 1 2 > Thread Tools Search this Thread Display Modes #1 03-12-08, 13:58 blueshuki Newbie Join Date: Dec 2008 Posts: 9 pop ups That may cause it to stall* FOR OTHER USERS,DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER __________________ PLEASE CONSIDER GIVING A DONATION

Posts: 5,264 OS: XP Hello again Do NOT attach logs to your post, simply copy/paste them into your reply. ======= Download ATF-Cleaner by Atribune to your desktop. C:\WINDOWS\system32\hunuwini.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. If you have Opera installed: Click Opera at the top and choose: Select All Click the Empty Selected button. HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

is your router firewall set up? C:\System Volume Information\_restore{705F393B-7BA4-487A-8373-6B62B26D1958}\RP495\A0048280.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sopulora.dll (Trojan.Vundo.H) -> Delete on reboot. Javascript Disabled Detected You currently have javascript disabled.

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll O9 - Extra button: 參考資&#26009 ; - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet Many of the finds have likely been quarantined. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click the Remove or Change/Remove button.

C:\WINDOWS\system32\fokakabe.dll (Trojan.Vundo.H) -> Delete on reboot. KeyKey 2008-11-14 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-14 11:28 --------- d-----w c:\program files\英文看&#25 171;測驗系&#3211 3;V1.53 2008-11-04 07:06 --------- d-----w c:\program files\Google 2008-11-03 08:02 --------- d--h--w c:\program files\InstallShield Installation C:\Documents and Settings\Administrator\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully. scanning hidden autostart entries ...

My AntiVir squeels before a page loads with the following info... Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Tech Posts: 5,264 OS: XP Carry on with the rest of the instructions. __________________ Member of ASAP since 2007 Member of UNITE since 2008 If we have helped you in anyway, please Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the c:\WINDOWS\system32\fugikubu.dll (Trojan.Vundo) -> Delete on reboot. Accept that some days you are the pigeon and some days the statue. Password Register FAQ / Help Calendar Today's Posts Search Search Forums Show Threads Show Posts Tag Search Advanced Search Go to Page...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. Do this:1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fokakabe.dll (Trojan.Vundo.H) -> Delete on reboot.

We only require a report from it. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives Scan Mail Bases Click OK and, under Messenger Vegas View Public Profile Send a private message to Vegas Visit Vegas's homepage!

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab Once the scan is complete, it will display if your system has been infected. C:\WINDOWS\system32\ofizekit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully. Posts: 5,264 OS: XP Hello and welcome to TSF Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Select the Windows platform from the dropdown menu. button.

pancolp.com hijacker Started by troy152 , Dec 16 2008 05:03 AM Please log in to reply 13 replies to this topic #1 troy152 troy152 Members 8 posts OFFLINE Local time:02:58 C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pezivuja.dll.tmp (Trojan.Vundo) -> Delete on reboot. Find all posts by Vegas #5 04-12-08, 09:00 bricat Global Moderator Join Date: Jun 2003 Location: belfast Posts: 34,622 Re: pop ups (pancolp.com, pantomi.com, precata.com) Rerun HJT,and

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Diese Domain kaufen. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo!

Read this page To prevent yourself against re-infection.You can delete all used tools and programs. (You can keep MBAM) Back to top Back to Am I infected? HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. ComboFix 08-12-11.04 - Owner 2008-12-11 21:22:39.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.166 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt * Created a Completion time: 2008-12-10 22:18:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-11 03:17:43 Pre-Run: 9,172,054,016 bytes free Post-Run: 20,028,960,768 bytes free 212 --- E O F --- 2008-11-12 01:18:21 I ran DDS again...txt

FireFox -: Profile - c:\documents and settings\Inge\Application Data\Mozilla\Firefox\Profiles\i74wv7hc.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://tw.yahoo.com/ . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 C:\WINDOWS\system32\enasuvof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center\SOUND.WAV (Rogue.Multiple) -> Quarantined and deleted successfully. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

sorry for making you confused. ---------------------------- sorry, I forgot to logout. C:\System Volume Information\_restore{705F393B-7BA4-487A-8373-6B62B26D1958}\RP495\A0048281.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. ComboFix may reboot your machine.