Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Clicker.fr & More


  • This topic is locked This topic is locked
6 replies to this topic

#1 Tony3

Tony3

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 07 July 2006 - 08:10 PM

I can get rid of this. Please help!!!

Here are my logs.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:56:15 PM 7/7/2006

+ Scan result:



C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033976.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033977.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033978.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033979.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033980.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033981.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033982.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033983.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033984.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033985.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033986.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033987.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033988.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033989.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033990.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033991.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033992.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033993.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033994.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033995.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033996.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033997.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033998.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033999.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034000.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034001.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034002.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034003.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034004.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034005.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034006.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034007.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034008.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034009.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034010.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034011.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034012.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034013.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034014.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034015.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034016.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034017.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034018.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034019.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034020.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034021.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034022.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034023.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034024.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034025.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034026.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034027.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034028.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034029.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034030.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034031.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034032.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034033.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034034.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034035.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034036.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034037.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034038.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034039.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034040.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034041.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034042.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034043.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034044.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034045.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034046.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034047.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034048.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034049.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034050.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034051.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034052.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034053.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034054.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0034055.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033453.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033780.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033786.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033803.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033817.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033865.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033880.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033897.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033908.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033923.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033934.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033951.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033964.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP630\A0034069.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP630\A0034082.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP630\A0034102.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csavf.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cstuu.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[1900] VM_00900000 -> Downloader.Agent.uj : Error during cleaning.
[3108] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
[3120] VM_00940000 -> Downloader.Agent.uj : Error during cleaning.
[3124] VM_00890000 -> Downloader.Agent.uj : Error during cleaning.
[3168] VM_00960000 -> Downloader.Agent.uj : Error during cleaning.
[3172] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
[3204] VM_008D0000 -> Downloader.Agent.uj : Error during cleaning.
[3288] VM_00960000 -> Downloader.Agent.uj : Error during cleaning.
[3328] VM_00390000 -> Downloader.Agent.uj : Error during cleaning.
[3536] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning.
[3740] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
[3744] VM_008B0000 -> Downloader.Agent.uj : Error during cleaning.
[3748] VM_00920000 -> Downloader.Agent.uj : Error during cleaning.
[3784] VM_00920000 -> Downloader.Agent.uj : Error during cleaning.
[3864] VM_00880000 -> Downloader.Agent.uj : Error during cleaning.
[3868] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
[400] VM_00D70000 -> Downloader.Agent.uj : Error during cleaning.
[428] VM_00B20000 -> Downloader.Agent.uj : Error during cleaning.
C:\Documents and Settings\Kelly\Cookies\kelly@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wflouldzwkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wgl4wgajglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wglywgcjwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjl4uic5wbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjlighdzkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjlooiajsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjmiendpckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjnygjdjokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@e-2dj6wjnywpdpwhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033458.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033684.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033708.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033794.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033815.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hbirz.exe.tcf -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033690.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP626\A0033791.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033809.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033822.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033870.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP627\A0033889.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033902.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033913.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033928.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP628\A0033943.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033957.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP629\A0033970.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP630\A0034076.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP630\A0034093.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1CBCE26-E56D-4764-ABCD-4AC48396B86A}\RP631\A0034109.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{00BBC19A-5F37-41CB-9B9E-4EECEE7FE379}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CF4D4DE2-BF48-4522-BF64-4EE2D1554171}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:57:24 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\lexpps.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kelly\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [DCC_send] systemdll.exe
O4 - HKLM\..\Run: [bnui] xwiz.exe
O4 - HKLM\..\Run: [keybdll] ATLIEHELPER.exe
O4 - HKLM\..\Run: [JAguAr] ssweeper.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [hbirz.exe] C:\WINDOWS\system32\hbirz.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [qwe] ftbar.exe
O4 - HKCU\..\Run: [SAPSTR] TorontoMail.exe
O4 - HKCU\..\Run: [NsCplTray] MsNetHelper.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100639736003
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28130667-6E09-4166-9387-32D64003568C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7F205B-10E1-4088-AC3F-C7669F4E9713}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57E70C9-4D11-4F5B-82E7-56C12852212C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{28130667-6E09-4166-9387-32D64003568C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:46 PM

Posted 08 July 2006 - 06:51 AM

Hello there,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [DCC_send] systemdll.exe
O4 - HKLM\..\Run: [bnui] xwiz.exe
O4 - HKLM\..\Run: [keybdll] ATLIEHELPER.exe
O4 - HKLM\..\Run: [JAguAr] ssweeper.exe
O4 - HKLM\..\Run: [hbirz.exe] C:\WINDOWS\system32\hbirz.exe
O4 - HKCU\..\Run: [qwe] ftbar.exe
O4 - HKCU\..\Run: [SAPSTR] TorontoMail.exe
O4 - HKCU\..\Run: [NsCplTray] MsNetHelper.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28130667-6E09-4166-9387-32D64003568C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7F205B-10E1-4088-AC3F-C7669F4E9713}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57E70C9-4D11-4F5B-82E7-56C12852212C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{28130667-6E09-4166-9387-32D64003568C}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

David

#3 Tony3

Tony3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 July 2006 - 10:49 PM

Thanks for the reply. Sorry it took so long to get back on. Been gone. Here are the new logs.

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmlkj.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

Search by size and names...
* csr.exe C:\WINDOWS\System32\CSMZH.EXE

Misc files

Checking for older varients covered by the Rem3 tool


Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSMZH.EXE 51,273 2006-07-02
C:\WINDOWS\SYSTEM32\DMLKJ.EXE 44,057 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{A8604596-E8FE-4D0E-A7DD-DF04E3AA07E7}.exe
{503B6793-9894-4153-B5C0-0BFE3D426F66}.exe
{96F4E605-049F-4407-A109-422ACB53368D}.exe
{98A8C286-B89E-4729-AD75-7FC06C79BF23}.exe
{9D992548-206E-4F39-BA49-FD675EEF59D3}.exe
{23AFC41C-5055-437F-AA85-AF2026D7AD5F}.exe



Logfile of HijackThis v1.99.1
Scan saved at 11:47:07 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Documents and Settings\Kelly\Desktop\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100639736003
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:46 PM

Posted 17 July 2006 - 03:08 AM

Hey Tony3,
Looks like we just have some leftovers to delete.

* Download KillBox from here
- Click killbox.exe.
- Select the option "Delete on reboot".
- Click the button: All Files (!important!)
- Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\SYSTEM32\CSMZH.EXE
C:\WINDOWS\SYSTEM32\DMLKJ.EXE
C:\WINDOWS\SYSTEM32\{A8604596-E8FE-4D0E-A7DD-DF04E3AA07E7}.exe
C:\WINDOWS\SYSTEM32\{503B6793-9894-4153-B5C0-0BFE3D426F66}.exe
C:\WINDOWS\SYSTEM32\{96F4E605-049F-4407-A109-422ACB53368D}.exe
C:\WINDOWS\SYSTEM32\{98A8C286-B89E-4729-AD75-7FC06C79BF23}.exe
C:\WINDOWS\SYSTEM32\{9D992548-206E-4F39-BA49-FD675EEF59D3}.exe
C:\WINDOWS\SYSTEM32\{23AFC41C-5055-437F-AA85-AF2026D7AD5F}.exe


- Open 'file' in the killboxmenu on top and choose Paste from clipboard
- Then press the button that looks like a red circle with a white X in it.
- Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
- If you don't get that message, reboot manually.
- Your computer should reboot now.

Ignore the errors you'll get after reboot, that's normal, they will be gone after performing next steps..

* Your Java is out of date and the older versions are being exploited by malware. It is the likely cause of your infection, so we need to get it patched up as soon as possible.
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
As with all malware like this, it never comes alone and there are probably infected files left on your computer. Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply, along with a new Hijackthis log.
David
p.s. Also let me know how the computer is running.

#5 Tony3

Tony3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 17 July 2006 - 08:13 PM

Here it is :

Logfile of HijackThis v1.99.1
Scan saved at 8:49:11 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\My Documents\trojan fixes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100639736003
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Incident Status Location

Virus:Trj/Ruins.MB Disinfected C:\!KillBox\csmzh.exe
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{23AFC41C-5055-437F-AA85-AF2026D7AD5F}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{23AFC41C-5055-437F-AA85-AF2026D7AD5F}.exe[KillAndCleanUpdate.exe]
Adware:Adware/QuickWeb Not disinfected C:\!KillBox\{96F4E605-049F-4407-A109-422ACB53368D}.exe
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{9D992548-206E-4F39-BA49-FD675EEF59D3}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{9D992548-206E-4F39-BA49-FD675EEF59D3}.exe[KillAndCleanUpdate.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{A8604596-E8FE-4D0E-A7DD-DF04E3AA07E7}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\!KillBox\{A8604596-E8FE-4D0E-A7DD-DF04E3AA07E7}.exe[KillAndCleanUpdate.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@questionmarket[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@statse.webtrendslive[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Kelly\Cookies\kelly@tucows[1].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Kelly\Desktop\backups\backup-20060716-233803-837.inf


Thanks for all your help. The computer seems to be working much better.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:46 PM

Posted 18 July 2006 - 02:36 AM

Hey Tony3,

Please empty this folder:
C:\!KillBox

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle basin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please delete this file:
C:\Documents and Settings\Kelly\Desktop\backups\backup-20060716-233803-837.inf

Reboot and let me know how the computer is running.
David

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:46 PM

Posted 11 August 2006 - 01:10 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users