« previous next »
Pages: [1]

Author Topic: cleaning up  (Read 995 times)

Offline ximsocool

  • Newbie
  • *
  • Posts: 37
  • Karma: +0/-0
    • View Profile
cleaning up
« on: December 15, 2005, 02:02:22 PM »
after realizing my computer has been starting to run pretty slowly and that ive got spyware and worms and all that fun stuff, ive been trying to clean the best that i can, here is my HJT report, can you make any suggestions to hlep me clean up even more?

Logfile of HijackThis v1.99.1
Scan saved at 1:59:15 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1108172731\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {FF2DF5BF-7F83-36B0-6D18-AD66A3ECFF3C} - InpriseMon.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JAguAr] StartCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TRPT] hyandex.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATLIEHELPER] StartCpl.exe
O4 - HKCU\..\Run: [_ctcp] hyandex.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [syspanel] prgsys0984.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF15A5A-1205-428D-A158-C7A09621C255}: NameServer = 85.255.115.62,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9710687-BFF2-4B78-8445-DF55B3541F3B}: NameServer = 85.255.115.62,85.255.112.10
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cleaning up
« Reply #1 on: December 15, 2005, 08:26:53 PM »
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Can you disable SpywareGuard please, we don't need it interfering with any fixes we try
Open SpywareGuard>>Click on Options>>Uncheck the 3 options under General protection options
Click Save Settings
Then click FILE>>Exit
OK the prompt
Keep this disable until we have you clean please

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it.  Click Next, then Install, then make sure "Run fixit" is checked and click Finish.  The fix will begin; follow the prompts.  You will be asked to reboot your computer; please do so.  Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts.  Afterwards, HijackThis will launch.  Please click Scan, and check the following items:

R3 - URLSearchHook: (no name) - {FF2DF5BF-7F83-36B0-6D18-AD66A3ECFF3C} - InpriseMon.dll (file missing)

O4 - HKLM\..\Run: [JAguAr] StartCpl.exe
O4 - HKLM\..\Run: [TRPT] hyandex.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile

O4 - HKCU\..\Run: [ATLIEHELPER] StartCpl.exe
O4 - HKCU\..\Run: [_ctcp] hyandex.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [syspanel] prgsys0984.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF15A5A-1205-428D-A158-C7A09621C255}: NameServer = 85.255.115.62,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9710687-BFF2-4B78-8445-DF55B3541F3B}: NameServer = 85.255.115.62,85.255.112.10
Click Fix Checked.  Close HijackThis, and click OK to proceed.

Reboot your computer again

Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

NOTE: If you have problems with your Internet connection after running the fix
Please go to Start -> Control Panel, and choose Network Connections.  Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.  Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.  Click OK twice, and restart your computer.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ximsocool

  • Newbie
  • *
  • Posts: 37
  • Karma: +0/-0
    • View Profile
cleaning up
« Reply #2 on: December 20, 2005, 11:08:39 PM »
alright, i was away for a couple of days, i know people have been using this computer too so hopefully they didnt [censored] it up.. i just did what your last message said..  and i cant find Cfixwareoutreport.txt.. here is the new HJT log though.. P.S. no printer
if i need i will just write it on a piece of paper..

Logfile of HijackThis v1.99.1
Scan saved at 11:06:38 PM, on 12/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\AOL\1108172731\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [dmzqo.exe] C:\WINDOWS\system32\dmzqo.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe



nm, sorry here is the other logfile


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please
 
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\oqzmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSICW.EXE
C:\WINDOWS\SYSTEM32\DMZQO.EXE
 
»»»»» Misc files
 
»»»»» Checking for older varients covered by the Rem3 tool
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cleaning up
« Reply #3 on: December 21, 2005, 01:22:12 AM »
A bit more cleanup

No Need to write these instructions
You can open up Notepad
START>>RUN>>type in notepad
Hit OK

Copy and paste the rest of these instructions to that notepad file and save it too your desktop for reference

Afterwards
Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [dmzqo.exe] C:\WINDOWS\system32\dmzqo.exe

I would fix the next one too, not malicious, but somewhat of a resource hog, recommended to only start it manually
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Safe mode

Find and delete these files

C:\WINDOWS\SYSTEM32\CSICW.EXE
C:\WINDOWS\SYSTEM32\DMZQO.EXE

Afterwards
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: Well Ewido is running, don't open any other windows, let it do it's job

Reboot back to Normal mode

Post back a fresh hijackthis log and the whole report from Ewido's
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ximsocool

  • Newbie
  • *
  • Posts: 37
  • Karma: +0/-0
    • View Profile
cleaning up
« Reply #4 on: December 22, 2005, 09:58:05 PM »
Logfile of HijackThis v1.99.1
Scan saved at 9:57:42 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\AOL\1108172731\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108172731\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe






ewidos>

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         5:21:19 AM, 12/22/2005
 + Report-Checksum:      F30ADDD4

 + Scan result:

   [184] VM_00FC0000 -> Downloader.Agent.uj : Error during cleaning
   [208] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning
   [252] VM_00CF0000 -> Downloader.Agent.uj : Error during cleaning
   [264] VM_00C20000 -> Downloader.Agent.uj : Error during cleaning
   [408] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning
   [476] VM_00850000 -> Downloader.Agent.uj : Error during cleaning
   [520] VM_00EA0000 -> Downloader.Agent.uj : Error during cleaning
   [728] VM_00BB0000 -> Downloader.Agent.uj : Error during cleaning
   [832] VM_008F0000 -> Downloader.Agent.uj : Error during cleaning
   C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\9hw46x7x.default\Cache\9C933101d01 -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\dad@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Matt\Cookies\matt@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Nate\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\Nate\Cookies\nate@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Nate\Cookies\nate@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Nate\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.193:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.194:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.195:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dvbg97ly.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Nick\Cookies\nick@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP223\A0067926.exe -> Spyware.MyWebSearch : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP223\A0067927.exe -> Spyware.MyWebSearch : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP223\A0067928.exe -> Spyware.MyWebSearch : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP223\A0067930.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP224\A0068087.exe -> Hijacker.Small : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP227\A0068291.exe -> Trojan.Favadd.an : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP227\A0068292.exe -> Hijacker.Small : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP227\A0068293.exe -> Trojan.Qhost.df : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP227\A0068294.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP227\A0068295.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP228\A0068341.exe -> Trojan.DNSChanger.aw : Cleaned with backup
   C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP228\A0068353.exe -> Downloader.Small : Cleaned with backup


::Report End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cleaning up
« Reply #5 on: December 22, 2005, 10:27:40 PM »
Download F-Secure's BlackLight from HERE and save it to your Desktop.

Locate and double click blbeta.exe to run it - you will need to accept the license agreement.

Click the Scan button to start and then Next when it has finished scanning.(this scan won't take too long)

Let Blacklite rename the malicious files it finds any
If prompted, don't rename wbemtest.exe which is legitimate

The tool will ask if you want to reboot (restart), choose Yes.

A text file, fsbl-date/time, will be saved to your Desktop, copy and paste this into your next post.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cleaning up
« Reply #6 on: May 28, 2006, 01:33:23 AM »
As the original poster has not returned, this topic is now locked
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »