Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Almost Cleaned Computer (?)


  • This topic is locked This topic is locked
6 replies to this topic

#1 krajewskil

krajewskil

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 15 May 2007 - 12:17 PM

Hello,

Originally, neither IE, control panel, or any explorer window was coming up. After going through the prep guide and cleaning out a few things I knew were wrong, it's behaving better. I just want to make sure there isn't anything slipping through the cracks so I won't have to go through this again anytime soon. Thanks for the help.

--LJK


Logfile of HijackThis v1.99.1
Scan saved at 1:43:55 PM, on 5/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Documents and Settings\jan\Desktop\HijackThis.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3D1EBD7C-DD41-4814-88C3-C6D337506881} - c:\winnt\system32\fahafah.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [nfmzboqbi] C:\WINNT\qkfgw.exe
O4 - HKLM\..\Run: [xfczwcki] C:\WINNT\wslbspv.exe
O4 - HKLM\..\Run: [oyolrjudbbh] C:\WINNT\System32\wivupv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IEFilter] C:\Documents and Settings\jan\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179167472093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179167767875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D0C4783-8B24-4126-936A-7305583A56B5}: NameServer = 151.199.0.39,199.45.32.43
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 15 May 2007 - 12:40 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum krajewskil :thumbsup:

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {3D1EBD7C-DD41-4814-88C3-C6D337506881} - c:\winnt\system32\fahafah.dll (file missing)
O4 - HKLM\..\Run: [nfmzboqbi] C:\WINNT\qkfgw.exe
O4 - HKLM\..\Run: [xfczwcki] C:\WINNT\wslbspv.exe
O4 - HKLM\..\Run: [oyolrjudbbh] C:\WINNT\System32\wivupv.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -


Find and delete if present:
C:\WINNT\qkfgw.exe
C:\WINNT\wslbspv.exe
C:\WINNT\System32\wivupv.exe

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#3 krajewskil

krajewskil
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 18 May 2007 - 12:39 PM

Tasks completed. Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:04 PM, on 5/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Documents and Settings\jan\Desktop\HijackThis.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IEFilter] C:\Documents and Settings\jan\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179167472093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179167767875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D0C4783-8B24-4126-936A-7305583A56B5}: NameServer = 151.199.0.39,199.45.32.43
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:30:19 PM 5/18/2007

+ Scan result:



C:\WINNT\SYSTEM32\whryyf.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\msfaol.dll -> Adware.ClientMan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\msiaih.dll -> Adware.Ipend : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\JAN -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\JAN\data_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\JAN\data_excludes_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\JAN\ebateswebsavingsdr1data.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\merchants.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata1.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\ApplicationData\updates.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications\cmpck.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\Applications\mercj400.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Html -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Images -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\MTemp -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\MTemp\logfile.txt -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Temp -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\WebSavingsfromEbates\WebSavings_README.txt -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\Medisoft\Bin\NDCPHX.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.6:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.9:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.84:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.85:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.13:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.66:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.14:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.34:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.35:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.36:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m8js8ty8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.55:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.74:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.20:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\8p0xff9j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#4 krajewskil

krajewskil
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 18 May 2007 - 12:41 PM

I almost forgot-- The computer seems to be working well.

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 18 May 2007 - 01:12 PM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*********************

Your log is clean :thumbsup:
If all's ok,please do the following:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#6 krajewskil

krajewskil
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 23 May 2007 - 03:36 PM

Sorry, I haven't had a chance to wrap this up yet. Everything appears to be working alright, though. If there is anything else with this computer (related to this thread, of course), can I drop you a PM? I think we can call this closed. Thanks again for your help.
--LJK

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 23 May 2007 - 06:10 PM

You're welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users