Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URGENT! Pls check my HijackThis logfiles

Started by blintrell , Mar 06 2006 07:28 PM

  • Please log in to reply

#1
blintrell
Posted 06 March 2006 - 07:28 PM

blintrell

    New Member

  • Member
  • Pip
  • 8 posts
Hi!
Can u experts check out my HijackThis logfiles
When I open IE it gets redirected to http://www.necessaryupdates.com/
Even if I change the default page setting. It still goes to this URL.
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 09:05:03, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Visio\Visio32.exe
C:\Documents and Settings\Mazran\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O1 - Hosts: 203.115.210.221 www.easy248sports.com
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp3871.tmp
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141617744937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D0C8634-6E30-4020-9CD5-CBF9CD64A333}: NameServer = 4.2.2.2,192.228.128.20,202.187.202.199,192.228.128.11,161.142.2.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E86992-2A9F-4A4B-A42A-E2570580A70B}: NameServer = 4.2.2.2
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Edited by blintrell, 06 March 2006 - 08:02 PM.

  • 0

Advertisements

#2
loophole
Posted 06 March 2006 - 10:29 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi blintrell :tazz:

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


Please download ewido security suite it is a free version of the program.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido

Hijack fixes

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab

Now close all windows other than HiJackThis, then click Fix Checked


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
.

Smitrem

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with a new Hijack log in your next reply.



Ewido

Now open Ewido
:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot

please post back with how things went as well as a new Hijack log the Ewido log and the smitfiles.txt

Thanks :)

Edited by loophole, 06 March 2006 - 10:30 PM.

  • 0

#3
blintrell
Posted 07 March 2006 - 12:53 AM

blintrell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is my new HIJACKTHIS logfiles. Please check them out. I have used KillBox, and smitRem and ewido.
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:29, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mazran\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O1 - Hosts: 203.115.210.221 www.easy248sports.com
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141617744937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D0C8634-6E30-4020-9CD5-CBF9CD64A333}: NameServer = 4.2.2.2,192.228.128.20,202.187.202.199,192.228.128.11,161.142.2.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E86992-2A9F-4A4B-A42A-E2570580A70B}: NameServer = 4.2.2.2
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:22:24, 07/03/2006
+ Report-Checksum: 94B884F7

+ Scan result:

HKU\S-1-5-21-3907707769-972670786-3454122357-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
C:\WINDOWS\system32\ginuerep.dll -> Not-A-Virus.Hoax.Win32.Renos.bs : Cleaned with backup
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\6FQFMXUN\jar[1].jar/Counter.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\6FQFMXUN\jar[1].jar/VerifierBug.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\USER\Cookies\user@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\USER\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\USER\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\USER\Cookies\user@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Mazran\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Mazran\Application Data\Mozilla\Firefox\Profiles\9k5w9rny.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\System Volume Information\_restore{0BE4FF7C-8739-4FAB-B3E7-A3B1E00FF087}\RP685\A0091623.exe -> Backdoor.Robobot.al : Cleaned with backup
C:\System Volume Information\_restore{0BE4FF7C-8739-4FAB-B3E7-A3B1E00FF087}\RP715\A0092525.tlb -> Downloader.Zlob.hw : Cleaned with backup
C:\System Volume Information\_restore{0BE4FF7C-8739-4FAB-B3E7-A3B1E00FF087}\RP715\A0092533.tlb -> Downloader.Zlob.hw : Cleaned with backup
C:\System Volume Information\_restore{0BE4FF7C-8739-4FAB-B3E7-A3B1E00FF087}\RP715\A0092534.exe -> Downloader.Zlob.hw : Cleaned with backup
C:\System Volume Information\_restore{0BE4FF7C-8739-4FAB-B3E7-A3B1E00FF087}\RP715\A0092535.exe -> Downloader.Zlob.hw : Cleaned with backup
C:\!KillBox\hp3871.tmp -> Downloader.Zlob.ht : Cleaned with backup


::Report End

--------------------------------------------------------------------------------------------------------------------


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 03/07/2006
The current time is: 10:51:35.35

Running from
C:\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
logfiles


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 928 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :tazz:

Edited by blintrell, 07 March 2006 - 03:26 AM.

  • 0

#4
loophole
Posted 07 March 2006 - 04:58 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Looks much better :tazz:

Did you add this O1 - Hosts: 203.115.210.221 www.easy248sports.com

And do you have anything to do with Malaysia

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP