Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What shouldnt be on here [RESOLVED]

Started by Mosquiton , Dec 22 2005 06:59 PM

  • This topic is locked This topic is locked

#1
Mosquiton
Posted 22 December 2005 - 06:59 PM

Mosquiton

    New Member

  • Member
  • Pip
  • 9 posts
I had/have winhound still floating around I believe, and problems with winfixer popups, anything else on here that I don't know about? Thanks for any help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:54:33 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\winfast.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: awvvw - awvvw.dll (file missing)
O20 - Winlogon Notify: ssqrs - ssqrs.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
greyknight17
Posted 26 December 2005 - 09:07 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ).

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O20 - Winlogon Notify: awvvw - awvvw.dll (file missing)
O20 - Winlogon Notify: ssqrs - ssqrs.dll (file missing)

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\WINDOWS\winfast.exe
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\wvvwa.*
C:\WINDOWS\system32\srqss.*

If you get a PendingOperations message, just close it and restart your computer manually.

Restart your computer. Download VirtumundoBeGone http://secured2k.hom...mundoBeGone.exe and save it on your desktop. Then boot into Safe Mode and run VirtumundoBeGone. Post the log created here.

Post a new HijackThis log and the Ewido log you saved earlier.
  • 0

#3
Mosquiton
Posted 28 December 2005 - 01:51 PM

Mosquiton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Im having trouble getting cleanup and virtumundobegone to appear after downloading and installing them to desktop, they arent showing up when i safeboot
  • 0

#4
greyknight17
Posted 28 December 2005 - 03:40 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you see your account login in Safe Mode? If not, then it's not listed there in that accounts desktop. You have to go to c:\documents and settings\your_username\Desktop\ to find it...
  • 0

#5
Mosquiton
Posted 28 December 2005 - 06:15 PM

Mosquiton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here we go I did everything you asked.
HJT LOG:

C:\Program Files\QuickTime\qttask.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido Log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:50:23 PM, 12/28/2005
+ Report-Checksum: E4DF519A

+ Scan result:

:mozilla.22:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.36:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.37:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.39:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.41:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.99:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.115:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.12:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.21:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.75:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.84:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.85:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.111:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.112:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.115:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\2igqfbyu.default\cookiesnew.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\softnyx\GunboundWC\GunBound.gme -> Backdoor.Agobot.agh : Cleaned with backup


::Report End

VBG Log:

[12/28/2005, 18:05:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\USER\Desktop\VirtumundoBeGone.exe" )
[12/28/2005, 18:05:35] - Detected System Information:
[12/28/2005, 18:05:35] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2005, 18:05:35] - Current Username: USER (Admin)
[12/28/2005, 18:05:35] - Windows is in NORMAL mode.
[12/28/2005, 18:05:35] - Searching for Browser Helper Objects:
[12/28/2005, 18:05:35] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/28/2005, 18:05:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2005, 18:05:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/28/2005, 18:05:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/28/2005, 18:05:35] - BHO 2: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[12/28/2005, 18:05:35] - ALERT: Found ATLDistrib Object!
[12/28/2005, 18:05:35] - BHO 3: {A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
[12/28/2005, 18:05:35] - Finished Searching Browser Helper Objects
[12/28/2005, 18:05:35] - *** Detected ATLDistrib Object
[12/28/2005, 18:05:35] - Trying to remove ATLDistrib Object...
[12/28/2005, 18:05:36] - Terminating Process: IEXPLORE.EXE
[12/28/2005, 18:05:36] - Terminating Process: RUNDLL32.EXE
[12/28/2005, 18:05:36] - Disabling Automatic Shell Restart
[12/28/2005, 18:05:36] - Terminating Process: EXPLORER.EXE
[12/28/2005, 18:05:37] - Suspending the NT Session Manager System Service
[12/28/2005, 18:05:37] - Terminating Windows NT Logon/Logoff Manager
[12/28/2005, 18:05:37] - Re-enabling Automatic Shell Restart
[12/28/2005, 18:05:37] - File to disable: C:\WINDOWS\system32\sstts.dll
[12/28/2005, 18:05:37] - Renaming C:\WINDOWS\system32\sstts.dll -> C:\WINDOWS\system32\sstts.dll.vir
[12/28/2005, 18:05:37] - File successfully renamed!
[12/28/2005, 18:05:37] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[12/28/2005, 18:05:37] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[12/28/2005, 18:05:37] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[12/28/2005, 18:05:37] - Deleting ATLEvents/MSEvents Registry entries
[12/28/2005, 18:05:37] - Removing HKLM\...\Winlogon\Notify\sstts
[12/28/2005, 18:05:37] - Searching for Browser Helper Objects:
[12/28/2005, 18:05:37] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/28/2005, 18:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2005, 18:05:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/28/2005, 18:05:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/28/2005, 18:05:37] - BHO 2: {A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
[12/28/2005, 18:05:37] - Finished Searching Browser Helper Objects
[12/28/2005, 18:05:37] - Finishing up...
[12/28/2005, 18:05:37] - A restart is needed.
[12/28/2005, 18:05:53] - Attempting to Restart via STOP error (Blue Screen!)

:tazz:
  • 0

#6
greyknight17
Posted 29 December 2005 - 08:04 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Check and fix these in HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
greyknight17
Posted 13 January 2006 - 09:33 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP