Im Going Nucking Futs , PLZ Help ME

  1. 27-01-2006  #51
    thepHaZeD1
    thepHaZeD1 is offline Full Member

    Re: Im Going Nucking Futs , PLZ Help ME

    im still infected with Registery Cleaner

    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:00 AM, on 1/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\[eX]MIRC\mirc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HiJackThis!\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/?.redir=ymmapi...cldefstat=Def1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: POPStopperIE.CToolbar - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
    O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\System32\inrh95
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [ZICORN] C:\WINDOWS\System32\ZICORN
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iwocqr.exe reg_run
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [POP-Stopper-IE] "C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  2. 27-01-2006  #52
    VopThis
    VopThis is offline Senior Member (Canada)
    Looking much better except for one notable malware item.



    Something appears to be protecting and/or recreating the following malware line (once fixed):
    O4 - HKLM\..\Run: [WINSYNC] C:\WINDOWS\System32\iwocqr.exe reg_run

    HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

    Scan unknown files for viruses/malware
    Please go to this website and submit the following files (copy and paste each full file PATH) for possible Viruses/Trojans detection analysis and immediate feedback:
    http://virusscan.jotti.org/

    Submit these files (or use Start>Search to locate FULL File Path):

    C:\WINDOWS\System32\inrh95
    C:\WINDOWS\System32\ZICORN

    Let us know what the results were for the file(s).





    Please do an online scan (scan only tool) with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.






    Please provide the latest Ewido scan (to verify it is now clean).
  3. 01-02-2006  #53
    thepHaZeD1
    thepHaZeD1 is offline Full Member
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:25:58 PM, 1/31/2006
    + Report-Checksum: 2AB15F07

    + Scan result:

    :mozilla.19:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\h9zgeuc2.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.136:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Hailey\Application Data\Mozilla\Firefox\Profiles\rtudrad9.xxBlu3xxEye zxx\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@data3.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Hailey\Cookies\hailey@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


    ::Report End



    sorry it took so long got really busy that kaspersky cleaner wouldnt work when i

    tried it so i just ran ewido
  4. 01-02-2006  #54
    VopThis
    VopThis is offline Senior Member (Canada)
    Post your latest HJT log - things may have changed and infection agent 'winsync' is probably still around.



    What could you determine about:

    C:\WINDOWS\System32\inrh95
    C:\WINDOWS\System32\ZICORN

    as requested in my last post (might be interfering with Kaspersky and protecting 'winsync).



    Try disabling your current antivirus tool before trying to run Kaspersky.
  5. 01-02-2006  #55
    HJThis
    HJThis is offline Senior Member
    Hello,thepHaZeD1

    Yes a new logfile would be a big help & may i ask
    why you have not updated to SP2 ????

    HGD
  6. 02-02-2006  #56
    thepHaZeD1
    thepHaZeD1 is offline Full Member
    i ran a check for those 2 files and it said they arent infected...

    and i couldve sworn sp2 was in my last update but i guess it wasnt..ill get it fixed

    here my hjt log..

    Logfile of HijackThis v1.99.1
    Scan saved at 5:59:13 PM, on 2/1/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\[eX]MIRC\mirc.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HiJackThis!\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/?.redir=ymmapi...cldefstat=Def1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: POPStopperIE.CToolbar - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
    O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\System32\inrh95
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [ZICORN] C:\WINDOWS\System32\ZICORN
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iwocqr.exe reg_run
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [POP-Stopper-IE] "C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  7. 03-02-2006  #57
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,

    I would not put SP2 on your computer until all infection is cleaned.


    Please download hoster from the link below.

    http://www.funkytoad.com/download/hoster.zip

    Open Hoster.exe.

    Then click on "Restore Original Hosts"

    Close program when complete.

    NEXT


    Please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults.

    Note: if you have immunized with Spybot this takes those off. You will have to re-immunize with Spybot. If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both of those afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

    Reboot.


    Not sure if you have done this before, to many posts to go back thru but I need you to run Ewido from safe mode and post the log.

    reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

    This is still showing:

    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iwocqr.exe reg_run
    Last edited by Neal; 03-02-2006 at 04:08 PM.
+ Reply to Thread
Page 6 of 6 FirstFirst 1 2 3 4 5 6
« help me, somebody, just rescue my computer | Spyware Problems! HijackThis Log »

Similar Threads