|
|
|
I have loads of pop ups
|
|
|
charm1
Suspended due to non-functional email address
|
24. March 2006 @ 06:57 |
Link to this message
|
I have scaned my computer many times and taken all the steps advised on this site however i still have loads of pop ups and my ie keeps shuting down i have done a hijackthis and here is my log file
Logfile of HijackThis v1.99.1
Scan saved at 16:53:47, on 24/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\sys09141339863.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {791CF5A8-210C-2D1B-B8B7-180BBFA0AB99} - (no file)
O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\System32\icda0wpw5.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [6E6C6F7376787374] A5A3A6AAADAFAA.exe
O4 - HKLM\..\Run: [avast! Kerio Update] C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys09141339863] C:\WINDOWS\sys09141339863.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\System32\icda0wpw5.dll
O23 - Service: avast! for Kerio - Unknown owner - C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
hope somebody can help thank you in advance
lozie
|
|
Advertisement
|
|
|
|
|
TheReturn
Suspended due to non-functional email address
|
24. March 2006 @ 07:09 |
Link to this message
|
THE RETURN
Specialist in mod, hack, crack, download, copy, install, fix, repair game consoles and computers.
Click on the picture below to get files, guides and tutorials for Xbox.
|
|
TheReturn
Suspended due to non-functional email address
|
24. March 2006 @ 07:11 |
Link to this message
|
|
try to clean it up to see if pops up are gone.
THE RETURN
Specialist in mod, hack, crack, download, copy, install, fix, repair game consoles and computers.
Click on the picture below to get files, guides and tutorials for Xbox.
|
Senior Member
|
24. March 2006 @ 08:22 |
Link to this message
|
@TheReturn: There is more that needs to be cleaned than just that one trojan...
@charm1: Hi, you got some infections, follow these cleaning instructions.
Cleaning instructions:
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/
Download BFU.zip -> http://www.merijn.org/files/bfu.zip
Unzip it to your desktop.
Run bfu.exe ja click the web button (bluegreen button in the up-rigth corner)
Copy the following line to the Download script-window :
http://metallica.geekstogo.com/alcanshorty.bfu
Press Execute-button.
Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {791CF5A8-210C-2D1B-B8B7-180BBFA0AB99} - (no file)
O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\System32\icda0wpw5.dll
O4 - HKLM\..\Run: [6E6C6F7376787374] A5A3A6AAADAFAA.exe
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys09141339863] C:\WINDOWS\sys09141339863.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\System32\icda0wpw5.dll
Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)
Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.
Delete these files if found:
C:\WINDOWS\System32\-->icda0wpw5.dll<--
C:\WINDOWS\System32\-->slk8x2peu.exe<--
C:\WINDOWS\-->sys09141339863.exe<--
Use the Windows "search" function (make sure that you search from hidden files and folders and from system folders too)
Search for this and delete if found: A5A3A6AAADAFAA.exe
Empty the Recycle Bin
Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.
Scan yor computer with Ewido and save the log file.
Restart your computer normally.
Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 24. March 2006 @ 08:31
|
|
charm1
Suspended due to non-functional email address
|
24. March 2006 @ 10:39 |
Link to this message
|
thank you very very much for your help and the pop ups seem to be gone here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 20:31:22, on 24/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast! Kerio Update] C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! for Kerio - Unknown owner - C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
and my Ewido's log
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 20:27:58, 24/03/2006
+ Report-Checksum: 348D9E7C
+ Scan result:
HKU\S-1-5-21-842925246-287218729-1417001333-500\Software\Surfairy -> Adware.Surfairy : Cleaned with backup
C:\Documents and Settings\charmaine\Cookies\charmaine@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\charmaine\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\charmaine\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\WіnSxS\javaw.exe -> Downloader.PurityScan.by : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc3.exe -> Downloader.VB.yv : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc4.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc5.dll -> Hijacker.Agent.ac : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc6.exe -> Downloader.VB.ri : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP1\A0000216.EXE -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004222.exe -> Dialer.PluginAccess : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004239.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004240.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004241.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004246.exe -> Downloader.VB.yn : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004248.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004250.exe -> Downloader.Adload.aa : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004255.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004256.exe -> Downloader.Small.ckj : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004258.exe -> Downloader.Adload.x : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004272.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004327.exe -> Downloader.Small.coe : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004333.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004334.dll -> Logger.Goldun.hp : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004363.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004368.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004370.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004373.exe -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP2\A0000292.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP2\A0000294.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP39\A0004719.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004863.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004911.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004972.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004982.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004983.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004989.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004990.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP42\A0006015.dll -> Adware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP43\A0008091.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008196.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008197.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008198.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008200.exe -> Hijacker.VB.lv : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008201.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008207.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008208.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\country.exe -> Logger.Goldun.hp : Cleaned with backup
C:\WINDOWS\kl1.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\ms05986314133.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\oamxkpbk.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\ogyftgni.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\system32\barseek.dll -> Proxy.Small.du : Cleaned with backup
C:\WINDOWS\system32\h0j4la1q1d.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lzcx.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\NewExplorer.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\WINDOWS\system32\ooglfage.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\zopenssld.sys -> Logger.Goldun.hp : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.w : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\win32068631413392006.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win3207631413398.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win3208314133986.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\аѕsembly\nοtepad.exe -> Adware.PurityScan : Cleaned with backup
::Report End
|
Senior Member
|
24. March 2006 @ 10:50 |
Link to this message
|
Ok good, you seem to be clean now.
But to be sure, download Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe
Run a scan with it and post its log to here (log is created to your desktop, named fsbl********.txt)
Do NOT rename anything yet.
Your windows is outdated!
Go to here and install all important updates -> http://windowsupdate.microsoft.com
You also had a keylogger on your computer so I suggest that you change all your online passwords.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 24. March 2006 @ 10:56
|
|
Advertisement
|
|
|
|
TheReturn
Suspended due to non-functional email address
|
24. March 2006 @ 11:13 |
Link to this message
|
|
Cheers
THE RETURN
Specialist in mod, hack, crack, download, copy, install, fix, repair game consoles and computers.
Click on the picture below to get files, guides and tutorials for Xbox.
|
|
